Thousands of resource-constrained IT and security pros rely on SolarWinds® Security Event Manager (formerly Log & Event Manager), a powerful on-premises tool for affordable and efficient
threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure. This all-in-one SIEM combines log management, threat detection, normalization and correlation, forwarding, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence, and active response in a virtual appliance that’s easy to deploy, manage, and use. This SIEM was designed to provide the functionality you need without the complexity and cost of most other enterprise SIEM solutions.
- Scalable and Easy Collection of Network Device, and Machine Logs
Security Event Manager collects and catalogs log and event data in real time from anywhere data is generated across your network.
- Real-Time, In-Memory Event Correlation
By processing log data before it is written to the database, Security Event Manager can deliver true real-time log and event correlation, helping you to immediately troubleshoot and investigate security breaches and other critical issues.
- Log Forwarding
Security Event Manager forwards raw log data with syslog protocols (RFC3164 and RFC 5244) to other applications for further analysis.
- Log Export to CSV
Export event log data to CSV and perform operations like attaching important data to helpdesk tickets, share data with external vendors and contractors, upload event log data to other tools for further analysis, archive logs, and more.
- Threat Intelligence Feed
Leverage an out-of-the-box feed of known bad IPs to identify malicious activity. The feed regularly updates from a collection of research sources and automatically tags events as they enter the appliance. From there, you can quickly run searches or reports to view the suspect activity, or create rules to perform automatic actions.
- Advanced IT Search for Event Forensic Analysis
Security Event Manager’s advanced ad hoc IT search capability makes it easy to discover issues using a drag-and-drop interface that tracks events instantly. You can even save common searches for easy future reference.
- Log Data Compression and Retention
Security Event Manager stores terabytes of log data at a high compression rate for compliance reporting, compiling, and off-loading, reducing external storage requirements.
- Enhanced, Real-Time File Integrity Monitoring
Embedded File Integrity Monitoring (FIM) is designed to deliver broader compliance support and deeper security intelligence for insider threats, zero-day malware, and other advanced attacks. Leverage enhanced filter capabilities for finer tuning and significantly reduce the noise associated with lower priority file changes, increasing productivity and efficiency.
- Built-in Active Response
Security Event Manager can help you to immediately respond to security, operational, and policy-driven events using automated active responses that take action, such as quarantining infected machines, blocking IP addresses, killing processes, and adjusting Active Directory® settings.
- USB Detection and Prevention
Security Event Manager can help prevent endpoint data loss, and protect sensitive data with real-time notifications when USB devices connect, the ability to automatically block their usage,
and built-in reporting to audit USB usage.
- User Activity Monitoring
Improve situational awareness by gaining insight into critical user activities. Learn when privileged accounts are being used, how they are being used, and from where.
- Out-of-the-Box Security and Compliance Reporting Templates
Security Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 report templates and a console that lets you customize reports for your organization’s specific compliance needs.
- Ease-of-Use and Deployment
Security Event Manager was built to be quick and simple to deploy. You can be up and auditing logs in no time using our virtual appliance deployment model, web-based console, and intuitive interface.