The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.
I think the customization area in the tool can be considered as an area of concern where improvements are required In the future, I want to see the tool have better customization abilities with some third-party vendors. For the on-premise version of the tool, the UI should be improved.
Enterprise Cloud Infrastructure Engineer at Safaricom
Real User
Top 5
May 24, 2024
We have automated threat detection in the Alliance Security, Antoinette. However, if these features could be further enhanced, it would simplify my work, potentially allowing me to allocate more time to address complex issues. While we possess a robust automated web detection system, I have encountered some use cases where it does not perform as expected. The only issue is the licensing cost, which is a bit higher. Scaling is very easy as long as we have additional resources and the infrastructure can accommodate the resources we commit to scaling. We may need to purchase additional licenses for configurations.
One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain. Standardizing the monitoring configuration is difficult, and there can be some drift between monitoring targets in terms of the monitoring thresholds. It is quite a lot of work to ensure that everything is set up according to a specific baseline.
System and Network Administrator at El Sadat City Language School
Real User
Sep 25, 2023
The installation proved to be significantly challenging. The inconvenience lies in the fact that SolarWinds is not VirtualBox-friendly and installation can be cumbersome. Figuring out the login credentials added another layer of complexity. The price is a big issue. The hardware requirements are demanding and expensive, adding to the overall high cost. Compatibility issues were a significant headache, as it didn't seamlessly integrate with many other software applications. Testing and figuring out the software's functionality took several months, especially considering the variety of software in use. It has limitations in terms of compatibility with certain security systems and solutions, being somewhat restricted in its adaptability.
Learn what your peers think about SolarWinds Security Event Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture.
Technical Operations & Management Professional at RMC Enterprises
Real User
Dec 1, 2021
It is a very technical program. They can simplify it so that it isn't so hard to deal with. You can be notified of various things, but you have to configure them. That's the downside. You got to work with it and configure it.
Program Manager at a computer software company with 5,001-10,000 employees
Real User
Oct 6, 2021
SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.
ISO at a manufacturing company with 1,001-5,000 employees
Real User
Oct 8, 2020
Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month.
They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.? They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.
Consultant at a computer software company with 11-50 employees
Real User
Feb 24, 2020
Some things on the roadmap could be improved but I understand they're working on those issues. The main area that would mean a big improvement for me would be for the product to include multiple dashboards. I would love to see a multi-page dashboard where you could see information side-by-side; to slice through the dashboard to see specific topics. For example, one network dashboard, one active directory dashboard, one VMware dashboard, etc. That feature is something they could include in the next release - the ability for a report to flip to different technologies. And it would be nice if there were some pretty configured templates for the dashboard so that you don't have to fill all the data in. For example, a template for active directory or KPIs, or a template for VMware KPIs.
Information Security Analyst at Detecon Al Saudia Co. Ltd.
Real User
Jan 26, 2020
The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system. There is no information provided in terms of security. The licensing model is poor, which in turn affects the scalability. There is no correlation made between log entries, so no threat information is presented. The performance degrades when there is a lot of traffic.
Director, Technical Architect at Archer Information Technology
Real User
Dec 23, 2019
I think the product can use some improvement on the reporting side. The reporting could be easier and more robust. I also think the NetFlow Analyzer component can be improved substantially in the way it is integrated with SolarWinds and with Orion. In my opinion, you are not able to drill down enough into traffic flows. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment. I think that incorporating a security management platform would also be good. This would be a solution like a dashboard or control panel where you can just snap-in modules. A global dashboard where you can snap in all the different types of solutions or the different types of services and products that you will leverage would be a great step forward in ease-of-use by making integration easier.
Solutions Engineer at a tech services company with 11-50 employees
Real User
Sep 15, 2019
The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues. The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data. I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.
Communications and Networks Engineer at a transportation company with 1,001-5,000 employees
Real User
Sep 3, 2019
We're currently looking for an application monitoring solution and maybe a DHCP management module. It would be ideal if the solution could add these in its next release. The solution should offer better support and better SLAs.
IT Consultant at a consultancy with 5,001-10,000 employees
Real User
Aug 12, 2019
The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else. Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product. The gadgets in SolarWinds should all be in one place. There should be a default template because as it is now, the user has to create one for each and everything.
SolarWinds Security Event Manager is recognized for its ease of use, offering efficient log monitoring and a user-friendly interface. The tool supports a range of monitoring functions and provides strong security capabilities across platform configurations.Designed for comprehensive log analysis and security event monitoring, SolarWinds Security Event Manager provides robust reporting, timely alerts, and supports file integrity monitoring. Entities use it to ensure compliance, monitor network...
The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.
I think the customization area in the tool can be considered as an area of concern where improvements are required In the future, I want to see the tool have better customization abilities with some third-party vendors. For the on-premise version of the tool, the UI should be improved.
We have automated threat detection in the Alliance Security, Antoinette. However, if these features could be further enhanced, it would simplify my work, potentially allowing me to allocate more time to address complex issues. While we possess a robust automated web detection system, I have encountered some use cases where it does not perform as expected. The only issue is the licensing cost, which is a bit higher. Scaling is very easy as long as we have additional resources and the infrastructure can accommodate the resources we commit to scaling. We may need to purchase additional licenses for configurations.
One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain. Standardizing the monitoring configuration is difficult, and there can be some drift between monitoring targets in terms of the monitoring thresholds. It is quite a lot of work to ensure that everything is set up according to a specific baseline.
The installation proved to be significantly challenging. The inconvenience lies in the fact that SolarWinds is not VirtualBox-friendly and installation can be cumbersome. Figuring out the login credentials added another layer of complexity. The price is a big issue. The hardware requirements are demanding and expensive, adding to the overall high cost. Compatibility issues were a significant headache, as it didn't seamlessly integrate with many other software applications. Testing and figuring out the software's functionality took several months, especially considering the variety of software in use. It has limitations in terms of compatibility with certain security systems and solutions, being somewhat restricted in its adaptability.
The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way.
The only issue is the pricetag. SolarWinds is a costly solution.
I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture.
It is a very technical program. They can simplify it so that it isn't so hard to deal with. You can be notified of various things, but you have to configure them. That's the downside. You got to work with it and configure it.
SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.
Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month.
They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.? They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.
Some things on the roadmap could be improved but I understand they're working on those issues. The main area that would mean a big improvement for me would be for the product to include multiple dashboards. I would love to see a multi-page dashboard where you could see information side-by-side; to slice through the dashboard to see specific topics. For example, one network dashboard, one active directory dashboard, one VMware dashboard, etc. That feature is something they could include in the next release - the ability for a report to flip to different technologies. And it would be nice if there were some pretty configured templates for the dashboard so that you don't have to fill all the data in. For example, a template for active directory or KPIs, or a template for VMware KPIs.
It takes a long time to perform a root cause analysis. I would like to have a more customizable dashboard.
The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system. There is no information provided in terms of security. The licensing model is poor, which in turn affects the scalability. There is no correlation made between log entries, so no threat information is presented. The performance degrades when there is a lot of traffic.
I think the product can use some improvement on the reporting side. The reporting could be easier and more robust. I also think the NetFlow Analyzer component can be improved substantially in the way it is integrated with SolarWinds and with Orion. In my opinion, you are not able to drill down enough into traffic flows. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment. I think that incorporating a security management platform would also be good. This would be a solution like a dashboard or control panel where you can just snap-in modules. A global dashboard where you can snap in all the different types of solutions or the different types of services and products that you will leverage would be a great step forward in ease-of-use by making integration easier.
The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues. The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data. I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.
We're currently looking for an application monitoring solution and maybe a DHCP management module. It would be ideal if the solution could add these in its next release. The solution should offer better support and better SLAs.
The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else. Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product. The gadgets in SolarWinds should all be in one place. There should be a default template because as it is now, the user has to create one for each and everything.