SolarWinds Security Event Manager Reviews

The tool would see all the events and be able to judge on its own which event was not a big deal. It also gives you insights, email alerts and app directory changes. 

The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out.

The product should  improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way.

I have been using the product for ten years. 

It's good. I haven't had an issue ever with stability. 

I think the solution scales well.

The solution is easy to deploy. 

We have had ROI with the use of the tool. 

I would rate the solution an eight out of ten. It's a good tool for what it costs.

SolarWinds Security Event Manager is used for retrieving events and suspicious activities.

We are only studying the solution.

SolarWinds Security Event Manager has been generally working well.

I have been using SolarWinds Security Event Manager for a couple of months.

SolarWinds Security Event Manager is stable.

The scalability of SolarWinds Security Event Manager is good.

We might increase our usage of the solution in the future.

I have contacted the support from SolarWinds Security Event Manager and they are good.

The deployment of the solution took a couple of weeks.

The company had to use a third party for the implementation of the solution.

I have seen an ROI by using this solution.

The price of SolarWinds Security Event Manager is reasonable.

We have more than one person who does the maintenance of the solution.

I rate SolarWinds Security Event Manager a seven out of ten.

The initial setup is very straightforward and simple. 

It can scale quite well. 

The File Integrity Monitoring is great. In FIM, if you want to know who has changed a file, when that file was changed, et cetera, you have that visibility. You can make the reports from the console directly. That is out of the box. The report is there for you to use. The customization for the reports and alerts is also very easy. It helps maintain compliance and security. You also can easily analyze the logs as needed. 

This is a stable product.

It supports high availability, which is very helpful. 

It captures all of the requirements clients tend to need. It has everything. 

We'd like more customization capabilities. We need to post events on the end of the devices. Sometimes, the event does not respond. There seems to be a compatibility issue at play. For the customized UX, if you post events, there are compatibility problems. The OEM needs to work on that part.

I've been using the solution for six years. 

The solution is stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

Scaling is easy. You just have to add VMs. 

The support is good. Previously, the support was not good. However, they've improved it over the last two years.

2020 there was an attack on SolarWinds software. They had trouble then. Now, it is stable and the support is very, very good. They have expanded their offices all over the world. I am located in India. They have a branch here so we can deal with local people.

The installation is very easy. Even if you are non-technical, it's not an issue to get everything up and running. 

You only need maybe two people to monitor and manage it once it is deployed. However, if the environment is quite large, you may need more. 

If a person prefers to pay for a subscription, the cloud deployment is the way to go. However, they can also choose to go on-premises and have a perpetual license. I can't speak to the exact costs, as I am on the technical side. 

We compared the solution to QRadar.

We are partners. 

This can be deployed both on the cloud and on-premises. 

I'd rate the solution nine out of ten. 

We are using SolarWinds Security Event Manager for event analysis.

The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace.

I have been using SolarWinds Security Event Manager for approximately six years.

The performance and stability of SolarWinds Security Event Manager are good.

The scalability of SolarWinds Security Event Manager is good. 

We have approximately 500 users using this solution in my organization.

We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them.

The vendor did the setup of SolarWinds Security Event Manager.

We used an integrator for the implementation of SolarWinds Security Event Manager.

I would recommend SolarWinds Security Event Manager to others.

I rate SolarWinds Security Event Manager a seven out of ten.

We use SolarWinds as a kind of SIEM solution, so I don't have other additional security needs. Lately, we've been exploring other solutions. We are a Managed Security Services Provider, and we have nine people predominantly working on that solution. We also have team members who work on multiple solutions.

Lately, all of the solutions continue to improve, so I believe SolarWinds will also improve. But all the solutions need to have the same features, so I don't see any specific feature that needs to be more user-friendly. There is no unique element that makes SolarWinds better than the others.

SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.

We've been using SolarWinds for three years.

SolarWinds' stability is fine. I don't think we've had any software issues.

There are some scalability issues with SolarWinds. For example, whether it will be on-prem or on the cloud, there are several things we have to leave with the integrators. Many solutions are integrated. SolarWinds is not convenient enough to meet our current needs and it requires an upgrade, but I'm also thinking about some others. I believe that Azure is doing well as a cloud tool right now.

We're not happy with SolarWinds' support.

Whether SolarWinds is easy to set up depends on what you're doing. Before a technician did the implementation, someone had been tweaking and operating. However, the tool does not support many things or have much to offer.

Licensing cost it's an issue with SolarWinds. 

I rate SolarWinds six out of 10. Comparing SolarWinds with Azure, it seems like Azure can do much more, so we are considering switching to Azure. If you are thinking of adopting SolarWinds, I would suggest considering what your business needs. Every business has different requirements. For example, if you're an IoT guy, you don't need tools that will help you with your IT environment. If you're in the manufacturing or oil and gas industry, you have a combination of IT and IoT, so then you'll go for something that fits those needs. 

Our primary use case is analyzing log files from any kind of source which is IT related. We use the product in our company on a daily basis and also integrate it for others. There are four people in our company using this software, and it's part of their daily routine to check everything. We are consultans and a reseller of the solution. 

The most valuable feature of the solution is intuitivity of navigation; it's easy to build rules and actions which are based on the logs and event types we collect with the software.

Some things on the roadmap could be improved but I understand they're working on those issues. The main area that would mean a big improvement for me would be for the product to include multiple dashboards. I would love to see a multi-page dashboard where you could see information side-by-side; to slice through the dashboard to see specific topics. For example, one network dashboard, one active directory dashboard, one VMware dashboard, etc.

That feature is something they could include in the next release - the ability for a report to flip to different technologies. And it would be nice if there were some pretty configured templates for the dashboard so that you don't have to fill all the data in. For example, a template for active directory or KPIs, or a template for VMware KPIs.

We've been using the solution for about one year.

It's a very stable solution. 

Scalability is a plus with this software. 

Technical support is good, they've even helped us during the night because they're in a different time zone.

The setup process and determining all the log files from all the different systems is quite easy. However, to get all the information out of the log files and create rules and access based on the log files, means that it's sensible to hire consultants. The simple setup of the virtual machine takes about two hours and after that it really depends on the number of log files and the number of devices. You're looking at about half a day and you have pretty much installed everything. 

The setup cost is not as expensive as Splunk or many other competitors. Cost is dependent on the size of the company.

I would advise people to make themselves familiar with the SolarWinds work community which has all the users' comments and where you can get the newest topics about everything connected to the software. It makes sense to peek around there. There is also SolarWinds SCM online training which is a big help when getting started with the software.

The product fills all our requirements but there is always room for improvement and so I would rate this product a nine out of 10. 

We work with and resell all of the SolarWinds products, and SolarWinds LEM is one of the solutions that I have experience with.

This solution is used in conjunction with others to find the root cause of problems when a user is not able to access an application.

This tool is simple to use.

The reporting and alerting capabilities are really nice.

The Heat Map is a very good feature that is related to Wi-Fi and helps to monitor access points.

It takes a long time to perform a root cause analysis.

I would like to have a more customizable dashboard.

I have been working with SolarWinds LEM for four years.

We have had no issues with stability.

This is a scalable solution. We have deployed it both in Windows and Linux environments.

I have contacted SolarWinds technical support six or seven times and I think that the support is very good. The only problem is that when the system goes down, the diagnostics might take a long time.

For example, in a large environment, we had a situation where the application was down for one or two days. Normally, at most, it will take three or four hours for a large environment. In a small environment, the time that it will be unavailable due to diagnostics is about an hour and a half.

The initial setup is totally straightforward. It takes a maximum of two hours to deploy.

I would rate this solution an eight out of ten.

We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

The most valuable feature is the reporting. The log conversion for generating reports is good.

The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

There is no information provided in terms of security.

The licensing model is poor, which in turn affects the scalability.

There is no correlation made between log entries, so no threat information is presented.

The performance degrades when there is a lot of traffic.

We have been using SolarWinds LEM for three years.

The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

It is a straightforward implementation. The deployment takes about two hours before everything is running.

Licenses can only be purchased in blocks of fifty at a time.

I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

I would rate this solution a five out of ten.

Our installation is on-premises at the moment. We are a consultant group so we implement multiple solutions for different customers using a variety of different products. Some clients are in the Cloud, some on a WAN network and some are on-premises. SolarWinds LEM is one of the products we use for certain purposes and often recommend.  

I'm very technical. I work as a network and security technical architect. At the same time, I also own the company, so I'm the director. I still remain very technically involved with the solutions and the architecture for solutions, based on networks and security. SolarWinds is one of the products that I use, amongst many others to fit the needs of our customers which includes their budget, size, and industry.  

I like the graphical user interface because it is very user-friendly. I like the fact that SolarWinds is a hybrid solution so you can use it across many platforms.  

I think the product can use some improvement on the reporting side. The reporting could be easier and more robust. I also think the NetFlow Analyzer component can be improved substantially in the way it is integrated with SolarWinds and with Orion. In my opinion, you are not able to drill down enough into traffic flows. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment.  

I think that incorporating a security management platform would also be good. This would be a solution like a dashboard or control panel where you can just snap-in modules. A global dashboard where you can snap in all the different types of solutions or the different types of services and products that you will leverage would be a great step forward in ease-of-use by making integration easier.  

I've been using SolarWinds LEM since its inception, so that would be for close to 10 years.  

This product is quite stable and I don't have any issues with it on that level. I think one other thing that could be improved is that the Syslog Server should be integrated as a system startup service. Right now you have to bring it up and take it down manually. This isn't entirely a stability issue but it might be an improvement. It would be valuable especially in the security environment.  

I think that the scalability of the solution is good enough. I don't think there are any issues with that.  

I have not actually had to use technical support very much. I can not even count more than five instances in the span of 10 years where I had to call in with an issue. As I have not really had the need to actually go that route much, it is hard to give constructive feedback in that regard. But it may say something positive about the quality of the product.  

The initial setup is pretty straight forward. In the standalone small business solution, we are using Microsoft SQL Express which is already integrated with the solution. I think they could make it easier to move from the Express version to the SQL Server version to give the user more flexibility.  

As far as pricing, we always want it to be less expensive or more cost-effective as a consumer, especially when you take into consideration that SolarWinds has got a very broad spectrum of services that can be integrated easily but need to be licensed separately. I think they can come up with a way of putting bundles together which would encourage customers to use a wider array of their products and it could be a better way of increasing sales. People would show a lot more interest in a package deal instead of having to buy the products separately. Bundling might reduce instances where customers look at other solutions for comparisons. For example, I've got some clients that use the Web Help Desk solution, and some users that use the NetFlow Analyzer and SolarWinds. If these solutions could be bundled together in a more cost-effective package when they are purchased together, I'm sure that SolarWinds would realize a lot more sales of peripheral products and increase their total market share.  

The renewals are currently priced so attractively that they are much cheaper and more cost-effective than when you buy a solution brand new. This helps retain clients over time. My comments on cost mainly refer to the initial purchase of solutions where you are deploying a product and purchasing it for the first-time.  

On a scale from one to ten where one is the worst and ten is the best, I would rate SolarWinds LEM as somewhere between eight and ten, so let's say nine. To make it a ten they would have to make improvements in pricing, reporting, and product integration. These facets of the solution are not so bad now but they can be improved.  

The advice I would give people considering network event management would be to go with the product that appeals to me the most. The advice that I would like to give would be to go with NPM (Network Performance Monitor) which is a different, more sophisticated SolarWinds product. As far as I'm concerned, that is a product that can challenge any competing product out there on the market. If anyone is looking to do any type of network performance monitoring at a high level, I would definitely recommend Network Performance Monitor Orion — the Orion version of the product of SolarWinds is the one to go for. As far as NetFlow Analyzer, I like it and it fits some company's needs very well, but I've used better products. That is why I mention making improvements in its feature set.  

From a security perspective, which is a lot of work that I do, the Syslog Server needs to be completely integrated as a system service. That is one of my biggest wishes for the improvement of the LEM product at the moment because the product itself is a good product. The only trouble is that when server engineers work on the servers and they perform some type of updates to get the operating systems back on par, or need to do something with security updates and so on, the servers get stopped. When the servers are rebooted, the Syslog Server does not automatically restart. That is a major problem, especially from an auditing perspective.  

I use this solution to examine our logs and the logs of our customers

We have experience with on-premises deployments.

The most valuable feature of this solution is the visibility into both attempted and failed logins.

The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues.

The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data.

I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.

This is a stable solution. I have seen issues, but they have been related to the platform, and not to the product itself. We use this solution on a daily basis.

I don't think that this solution would do well for very large organizations. For smaller organizations, it should be good.

We have approximately three hundred users. The users are a mixture of programmers, system engineers, database administrators, and others in our IT company. 

When we were doing the scoping we left room to grow, I don't expect that we will be expanding our usage anytime soon.

I have used IBM QRadar. It is a SIEM solution, but it can do what LEM can do.

The initial setup of this solution is straightforward.

The length of deployment depends on how big the infrastructure is. Most of the deployments take less than a week, but some go beyond that. In my experience, it all depends on how many boxes you have and how many we are taking logs from. Some people will give you a whole list, while others will choose only specific things. You have to give people something that is unique to their environment.

One person is enough for the deployment.

I take care of the implementation and deployment of this solution.

We did not evaluate other options before choosing this solution. Some of the customers have their preference and will ask for something else, so that is what we will do for them.

My advice for anybody who is considering this solution is to really review their expectations. I know that some people who do not review their expectations are upset after the implementation because they feel that they are getting less than what they bargained for.

People also have to consider the system resources, and what they will be on the physical box or on a VM. If the proper resources are not assigned then it will impact the solution.

This is a good solution but there is no perfect system.

I would rate this solution a nine out of ten.