SolarWinds Security Event Manager Reviews

The initial setup is very straightforward and simple. 

It can scale quite well. 

The File Integrity Monitoring is great. In FIM, if you want to know who has changed a file, when that file was changed, et cetera, you have that visibility. You can make the reports from the console directly. That is out of the box. The report is there for you to use. The customization for the reports and alerts is also very easy. It helps maintain compliance and security. You also can easily analyze the logs as needed. 

This is a stable product.

It supports high availability, which is very helpful. 

It captures all of the requirements clients tend to need. It has everything. 

We'd like more customization capabilities. We need to post events on the end of the devices. Sometimes, the event does not respond. There seems to be a compatibility issue at play. For the customized UX, if you post events, there are compatibility problems. The OEM needs to work on that part.

I've been using the solution for six years. 

The solution is stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

Scaling is easy. You just have to add VMs. 

The support is good. Previously, the support was not good. However, they've improved it over the last two years.

2020 there was an attack on SolarWinds software. They had trouble then. Now, it is stable and the support is very, very good. They have expanded their offices all over the world. I am located in India. They have a branch here so we can deal with local people.

The installation is very easy. Even if you are non-technical, it's not an issue to get everything up and running. 

You only need maybe two people to monitor and manage it once it is deployed. However, if the environment is quite large, you may need more. 

If a person prefers to pay for a subscription, the cloud deployment is the way to go. However, they can also choose to go on-premises and have a perpetual license. I can't speak to the exact costs, as I am on the technical side. 

We compared the solution to QRadar.

We are partners. 

This can be deployed both on the cloud and on-premises. 

I'd rate the solution nine out of ten. 

We primarily use the solution for monitoring the network.

The NTA & NPM are the most valuable features of the solution.

The solution is very user-friendly.

We're currently looking for an application monitoring solution and maybe a DHCP management module. It would be ideal if the solution could add these in its next release.

The solution should offer better support and better SLAs.

The solution is very stable.

Scalability is fairly simple if you have the right licenses in place

The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow.

We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before.

The initial setup was straightforward. The deployment took about two weeks. You only need two people for both deployment and maintenance.

We handled the implementation ourselves in house.

It gives the business visibility as to what is down so that the turnaround time for fixes is much less.

We do a yearly license renewal.

We are using the on-premises deployment solution.

It is a good solution to work with and it's very easy to use. I would only ensure that the organization that decides to implement the solution has the internal capability to manage it. If not, then I would ensure that direct support or an SLA is in place to help handle any issues or troubleshoot problems. 

I would rate the solution nine out of ten.

SolarWinds Security Event Manager is used for retrieving events and suspicious activities.

We are only studying the solution.

SolarWinds Security Event Manager has been generally working well.

I have been using SolarWinds Security Event Manager for a couple of months.

SolarWinds Security Event Manager is stable.

The scalability of SolarWinds Security Event Manager is good.

We might increase our usage of the solution in the future.

I have contacted the support from SolarWinds Security Event Manager and they are good.

The deployment of the solution took a couple of weeks.

The company had to use a third party for the implementation of the solution.

I have seen an ROI by using this solution.

The price of SolarWinds Security Event Manager is reasonable.

We have more than one person who does the maintenance of the solution.

I rate SolarWinds Security Event Manager a seven out of ten.

I basically use it to look at the logs that are coming in, analyze those logs, and get recommendations of where we have problems.

It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. 

It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects.

Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch.

They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month.

I have been using SolarWinds LEM for a year and a half.

It is stable.

It is scalable. Altogether, we have about five actual users. I got myself as the administrator, and then there are a couple of people who do the monitoring. I have got 2,000 systems listed on it.

In terms of a team, I would say you need at least three people for what I am doing. I am using the key research logs and pulling data from these logs. For one person, it takes a lot of time to do what I am doing right now.

I am very satisfied with their technical support.

I had another system, but I wasn't happy with it and its service and support. We just let it go.

The initial setup is straightforward. The actual initial installation is not a problem. The problems come when you do your upgrades with it.

It took about a week to set it up and get all little things going in the way I wanted to. To make sure that correct data logs are going in, I tweaked some of the rules and filters and the domain across the net with individual systems.

We originally started out with the seller, but when we did the first upgrade, it didn't go the way it should. From that point, I set it up from scratch and did the upgrade. At that time, it was version 6.6.

It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap.

I would recommend SolarWinds LEM. We plan to continue using it. We have already put in the Orion platform system and brought it into play. We are next looking at the server access management. That probably would be the next step to implement.

I would rate SolarWinds LEM a ten out of ten.

We have a hyper requirement to maintain logs of access and changes, so this solution logs everything.

The most valuable feature is the ease of use for the end user. 

It can be difficult for users who are inexperienced with the solution. 

It is managed by our tech support team that is in-house, so we do not need their tech support help. 

My advice to users of this solution is to make sure that you know what it is you are looking for, and what it is you are trying to log. Otherwise, it will be difficult to manage.

I use this solution to examine our logs and the logs of our customers

We have experience with on-premises deployments.

The most valuable feature of this solution is the visibility into both attempted and failed logins.

The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues.

The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data.

I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.

This is a stable solution. I have seen issues, but they have been related to the platform, and not to the product itself. We use this solution on a daily basis.

I don't think that this solution would do well for very large organizations. For smaller organizations, it should be good.

We have approximately three hundred users. The users are a mixture of programmers, system engineers, database administrators, and others in our IT company. 

When we were doing the scoping we left room to grow, I don't expect that we will be expanding our usage anytime soon.

I have used IBM QRadar. It is a SIEM solution, but it can do what LEM can do.

The initial setup of this solution is straightforward.

The length of deployment depends on how big the infrastructure is. Most of the deployments take less than a week, but some go beyond that. In my experience, it all depends on how many boxes you have and how many we are taking logs from. Some people will give you a whole list, while others will choose only specific things. You have to give people something that is unique to their environment.

One person is enough for the deployment.

I take care of the implementation and deployment of this solution.

We did not evaluate other options before choosing this solution. Some of the customers have their preference and will ask for something else, so that is what we will do for them.

My advice for anybody who is considering this solution is to really review their expectations. I know that some people who do not review their expectations are upset after the implementation because they feel that they are getting less than what they bargained for.

People also have to consider the system resources, and what they will be on the physical box or on a VM. If the proper resources are not assigned then it will impact the solution.

This is a good solution but there is no perfect system.

I would rate this solution a nine out of ten.

We were suffering from a lack of visibility into our logs, so we implemented SolarWinds LEM. After building a few rules and alerts, we were notified when events happened before our end users notified us. Many times we were able to fix an issue before a call to the helpdesk was made.

• Alerting
• Searching

The solution was a little slow when running some larger queries. After upgrading our SAN many of the problems disappeared.

Tech support was always on top of things. I usually got a response within a couple hours of opening a ticket and once on the phone, they took time to answer my questions.

We needed a product but didn’t have one. We found it when it was still Trigeo, and followed it to SolarWinds.

The initial setup was very easy to start getting logs to the solution. It took some time to understand what data to get and what was important.

We did the implementation. My advice, understand what you want in the system and after letting it collect some data, swing back and make sure you have everything setup that you need. Give it some time, and learn it to get the most use out of it.

It’s a great product, but like other SIEM software solutions, you only get out what you put into it.

We work with and resell all of the SolarWinds products, and SolarWinds LEM is one of the solutions that I have experience with.

This solution is used in conjunction with others to find the root cause of problems when a user is not able to access an application.

This tool is simple to use.

The reporting and alerting capabilities are really nice.

The Heat Map is a very good feature that is related to Wi-Fi and helps to monitor access points.

It takes a long time to perform a root cause analysis.

I would like to have a more customizable dashboard.

I have been working with SolarWinds LEM for four years.

We have had no issues with stability.

This is a scalable solution. We have deployed it both in Windows and Linux environments.

I have contacted SolarWinds technical support six or seven times and I think that the support is very good. The only problem is that when the system goes down, the diagnostics might take a long time.

For example, in a large environment, we had a situation where the application was down for one or two days. Normally, at most, it will take three or four hours for a large environment. In a small environment, the time that it will be unavailable due to diagnostics is about an hour and a half.

The initial setup is totally straightforward. It takes a maximum of two hours to deploy.

I would rate this solution an eight out of ten.