SolarWinds Security Event Manager Reviews

The primary use case is for privilege account monitoring. It's monitoring admin accounts for things such as who logged in, where they logged in from, what time they logged in, and from what devices they used Remote desktop, with the privileged accounts.

It's a good tool to do troubleshooting, you can see extensive Info about Kerberos User Auth tickets or Windows Kerberos Machine Auth tickets, which can alert you to say , failing Kerberos Authentications due to incorrect NTP (Network time).

We're able to do a bit more in terms of forensic analysis.

I am able to correlate  the S.A.M. Service Applications Monitoring in SolarWinds ORION Platform.

I can trace back several things including the performance at a certain date and time. 

It's extremely easy to deploy.

The LEM 6.6, if it's a Windows host, you use the 64-bit or 32-bit installer, and  install it. Immediately, you'll start seeing Windows SYSTEM, SECURITY and Application Logs from the host where you deployed the Agent. So, this makes the deployment very easy to install.

On a daily basis, it's good for PKI monitoring.

It's very good for troubleshooting, and data monitoring. It gives you an advanced warning with your backups. If you have no monitoring tool in place, SolarWinds SIEM is a good place to start and very inexpensive.

They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.?

They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.

SolarWinds LEM is a product that I have been using for approximately a year and a half.

Very stable. It seems backend database is PostgreSQL and needs no maintanence.

Not very scalable in my opinion. That's why I'm investigating new SIEM replacement.

good. can be hit or miss sometimes, but sometime you get some good tech support over there.

With this company, there was no real SIEM and no real use cases before I deployed it. Because of that, I can develop the use cases the educate the management on what they need in terms of SIS security monitoring.

Very easy setup.

in-house.

very good.

Easy setup, very cheap and licensing cost is very fair and easy to understand

There was no time. Just read several reports from Gartner, IT Central etc. I did try ManageEngine , but it was a product which was already in Test phase implemented by my predeccesor

n/a

We use SolarWinds as a kind of SIEM solution, so I don't have other additional security needs. Lately, we've been exploring other solutions. We are a Managed Security Services Provider, and we have nine people predominantly working on that solution. We also have team members who work on multiple solutions.

Lately, all of the solutions continue to improve, so I believe SolarWinds will also improve. But all the solutions need to have the same features, so I don't see any specific feature that needs to be more user-friendly. There is no unique element that makes SolarWinds better than the others.

SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.

We've been using SolarWinds for three years.

SolarWinds' stability is fine. I don't think we've had any software issues.

There are some scalability issues with SolarWinds. For example, whether it will be on-prem or on the cloud, there are several things we have to leave with the integrators. Many solutions are integrated. SolarWinds is not convenient enough to meet our current needs and it requires an upgrade, but I'm also thinking about some others. I believe that Azure is doing well as a cloud tool right now.

We're not happy with SolarWinds' support.

Whether SolarWinds is easy to set up depends on what you're doing. Before a technician did the implementation, someone had been tweaking and operating. However, the tool does not support many things or have much to offer.

Licensing cost it's an issue with SolarWinds. 

I rate SolarWinds six out of 10. Comparing SolarWinds with Azure, it seems like Azure can do much more, so we are considering switching to Azure. If you are thinking of adopting SolarWinds, I would suggest considering what your business needs. Every business has different requirements. For example, if you're an IoT guy, you don't need tools that will help you with your IT environment. If you're in the manufacturing or oil and gas industry, you have a combination of IT and IoT, so then you'll go for something that fits those needs. 

We are using this solution for the purpose of security monitoring. It performs network behavior monitoring, log monitoring, and disaster recovery monitoring.  

The most valuable feature of this solution is the log monitoring.

The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else.

Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product.

The gadgets in SolarWinds should all be in one place.

There should be a default template because as it is now, the user has to create one for each and everything.

SolarWinds is a big brand, and they will adapt as necessary. 

Our monitoring team has between fifteen and twenty users.

We do not have any new infrastructure, so we do not need to increase usage at this time.

Technical support for this solution is good. We have had no problems with them.

Prior to this solution, we were using AlienVault and IBM QRadar. I have also used Nagios, which is faster than SolarWinds LEM regarding alerts.

I would not say that the initial setup is straightforward or complex. It is a bit of both. I would say it's forty percent straightforward and sixty percent complex.

Deployment time depends on the size of the infrastructure, the number of services that are going to be monitored, and the types of services.

This is one of the good products in this market. People are always looking for easy-to-use products, and don't want to invest time on learning new or complex things.

This is a solution that I recommend, although there are a lot of products that are better.

I would rate this solution a seven out of ten.

The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use.

It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk.

I imagine we will have to develop our own reports soon, this seems to be more cumbersome.

For five months now.

Not really.

Not yet.

Not yet.

Good. There can be lag times on responses.

Eight on a scale of 10.

Splunk. The pricing was too high and you need a PhD on customizing the reports.

Setup was straightforward. We were able to use the default reports and window displays.

We did it ourselves.

The pricing was low, around 30K so ROI is less than one year. Splunk was elevating into the 100K arena.

Licensing is on devices, so if you have many, then this may be high. The storage can be an issue as well, we already had a SAN setup, but this is true for any SIEM.

Splunk and Oracle Audit Vault. We almost picked Oracle, because it pulls in the databases in a quick manner.

Don't over think the situation. We went with the one which had a better user presentation because we have managers using it as well. Splunk is nicer if you have a bunch of technical people wanting to play with it.

We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

The most valuable feature is the reporting. The log conversion for generating reports is good.

The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

There is no information provided in terms of security.

The licensing model is poor, which in turn affects the scalability.

There is no correlation made between log entries, so no threat information is presented.

The performance degrades when there is a lot of traffic.

We have been using SolarWinds LEM for three years.

The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

It is a straightforward implementation. The deployment takes about two hours before everything is running.

Licenses can only be purchased in blocks of fifty at a time.

I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

I would rate this solution a five out of ten.

We are using SolarWinds Security Event Manager for event analysis.

The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace.

I have been using SolarWinds Security Event Manager for approximately six years.

The performance and stability of SolarWinds Security Event Manager are good.

The scalability of SolarWinds Security Event Manager is good. 

We have approximately 500 users using this solution in my organization.

We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them.

The vendor did the setup of SolarWinds Security Event Manager.

We used an integrator for the implementation of SolarWinds Security Event Manager.

I would recommend SolarWinds Security Event Manager to others.

I rate SolarWinds Security Event Manager a seven out of ten.