We changed our name from IT Central Station: Here's why

SolarWinds Security Event Manager  OverviewUNIXBusinessApplication

SolarWinds Security Event Manager is #16 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give SolarWinds Security Event Manager an average rating of 6 out of 10. SolarWinds Security Event Manager is most commonly compared to Splunk: SolarWinds Security Event Manager vs Splunk. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is SolarWinds Security Event Manager ?

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds Security Event Manager was previously known as SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager.

SolarWinds Security Event Manager Buyer's Guide

Download the SolarWinds Security Event Manager Buyer's Guide including reviews and more. Updated: January 2022

SolarWinds Security Event Manager Customers

NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.

SolarWinds Security Event Manager Video

SolarWinds Security Event Manager Pricing Advice

What users are saying about SolarWinds Security Event Manager pricing:
  • "It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."
  • "Licenses can only be purchased in blocks of fifty at a time."
  • SolarWinds Security Event Manager Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    ISO at a manufacturing company with 1,001-5,000 employees
    Real User
    Top 20
    Provides in-depth monitoring capabilities and an easy way to set up dashboards
    Pros and Cons
    • "It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
    • "Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."

    What is our primary use case?

    I basically use it to look at the logs that are coming in, analyze those logs, and get recommendations of where we have problems.

    What is most valuable?

    It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. 

    It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects.

    What needs improvement?

    Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch.

    They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month.

    For how long have I used the solution?

    I have been using SolarWinds LEM for a year and a half.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It is scalable. Altogether, we have about five actual users. I got myself as the administrator, and then there are a couple of people who do the monitoring. I have got 2,000 systems listed on it.

    In terms of a team, I would say you need at least three people for what I am doing. I am using the key research logs and pulling data from these logs. For one person, it takes a lot of time to do what I am doing right now.

    How are customer service and technical support?

    I am very satisfied with their technical support.

    Which solution did I use previously and why did I switch?

    I had another system, but I wasn't happy with it and its service and support. We just let it go.

    How was the initial setup?

    The initial setup is straightforward. The actual initial installation is not a problem. The problems come when you do your upgrades with it.

    It took about a week to set it up and get all little things going in the way I wanted to. To make sure that correct data logs are going in, I tweaked some of the rules and filters and the domain across the net with individual systems.

    What about the implementation team?

    We originally started out with the seller, but when we did the first upgrade, it didn't go the way it should. From that point, I set it up from scratch and did the upgrade. At that time, it was version 6.6.

    What's my experience with pricing, setup cost, and licensing?

    It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap.

    What other advice do I have?

    I would recommend SolarWinds LEM. We plan to continue using it. We have already put in the Orion platform system and brought it into play. We are next looking at the server access management. That probably would be the next step to implement.

    I would rate SolarWinds LEM a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Kumar Mahadevan
    IT Infrastructure Analyst at AG Group
    Real User
    Top 5Leaderboard
    Easy to install and will tell you such things as Failing MS SQL Server backups (Full, Diff or Transactional) etc
    Pros and Cons
    • "It's extremely easy to deploy."
    • "It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."

    What is our primary use case?

    The primary use case is for privilege account monitoring. It's monitoring admin accounts for things such as who logged in, where they logged in from, what time they logged in, and from what devices they used Remote desktop, with the privileged accounts.

    It's a good tool to do troubleshooting, you can see extensive Info about Kerberos User Auth tickets or Windows Kerberos Machine Auth tickets, which can alert you to say , failing Kerberos Authentications due to incorrect NTP (Network time).

    How has it helped my organization?

    We're able to do a bit more in terms of forensic analysis.

    I am able to correlate  the S.A.M. Service Applications Monitoring in SolarWinds ORION Platform.

    I can trace back several things including the performance at a certain date and time. 

    What is most valuable?

    It's extremely easy to deploy.

    The LEM 6.6, if it's a Windows host, you use the 64-bit or 32-bit installer, and  install it. Immediately, you'll start seeing Windows SYSTEM, SECURITY and Application Logs from the host where you deployed the Agent. So, this makes the deployment very easy to install.

    On a daily basis, it's good for PKI monitoring.

    It's very good for troubleshooting, and data monitoring. It gives you an advanced warning with your backups. If you have no monitoring tool in place, SolarWinds SIEM is a good place to start and very inexpensive.

    What needs improvement?

    They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.?

    They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.

    For how long have I used the solution?

    SolarWinds LEM is a product that I have been using for approximately a year and a half.

    What do I think about the stability of the solution?

    Very stable. It seems backend database is PostgreSQL and needs no maintanence.

    What do I think about the scalability of the solution?

    Not very scalable in my opinion. That's why I'm investigating new SIEM replacement.

    How are customer service and technical support?

    good. can be hit or miss sometimes, but sometime you get some good tech support over there.

    Which solution did I use previously and why did I switch?

    With this company, there was no real SIEM and no real use cases before I deployed it. Because of that, I can develop the use cases the educate the management on what they need in terms of SIS security monitoring.

    How was the initial setup?

    Very easy setup.

    What about the implementation team?

    in-house.

    What was our ROI?

    very good.

    What's my experience with pricing, setup cost, and licensing?

    Easy setup, very cheap and licensing cost is very fair and easy to understand

    Which other solutions did I evaluate?

    There was no time. Just read several reports from Gartner, IT Central etc. I did try ManageEngine , but it was a product which was already in Test phase implemented by my predeccesor

    What other advice do I have?

    n/a

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Learn what your peers think about SolarWinds Security Event Manager . Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    564,599 professionals have used our research since 2012.
    Consultant at a tech company with 51-200 employees
    Reseller
    Top 10
    Assists greatly with analyzing log files from any IT related source
    Pros and Cons
    • "It's easy to build rules and actions based on the logs and event types we collect with the software."
    • "There are no multiple dashboards which would allow you to see information side-by-side."

    What is our primary use case?

    Our primary use case is analyzing log files from any kind of source which is IT related. We use the product in our company on a daily basis and also integrate it for others. There are four people in our company using this software, and it's part of their daily routine to check everything. We are consultans and a reseller of the solution. 

    What is most valuable?

    The most valuable feature of the solution is intuitivity of navigation; it's easy to build rules and actions which are based on the logs and event types we collect with the software.

    What needs improvement?

    Some things on the roadmap could be improved but I understand they're working on those issues. The main area that would mean a big improvement for me would be for the product to include multiple dashboards. I would love to see a multi-page dashboard where you could see information side-by-side; to slice through the dashboard to see specific topics. For example, one network dashboard, one active directory dashboard, one VMware dashboard, etc.

    That feature is something they could include in the next release - the ability for a report to flip to different technologies. And it would be nice if there were some pretty configured templates for the dashboard so that you don't have to fill all the data in. For example, a template for active directory or KPIs, or a template for VMware KPIs.

    For how long have I used the solution?

    We've been using the solution for about one year.

    What do I think about the stability of the solution?

    It's a very stable solution. 

    What do I think about the scalability of the solution?

    Scalability is a plus with this software. 

    How are customer service and technical support?

    Technical support is good, they've even helped us during the night because they're in a different time zone.

    How was the initial setup?

    The setup process and determining all the log files from all the different systems is quite easy. However, to get all the information out of the log files and create rules and access based on the log files, means that it's sensible to hire consultants. The simple setup of the virtual machine takes about two hours and after that it really depends on the number of log files and the number of devices. You're looking at about half a day and you have pretty much installed everything. 

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is not as expensive as Splunk or many other competitors. Cost is dependent on the size of the company.

    What other advice do I have?

    I would advise people to make themselves familiar with the SolarWinds work community which has all the users' comments and where you can get the newest topics about everything connected to the software. It makes sense to peek around there. There is also SolarWinds SCM online training which is a big help when getting started with the software.

    The product fills all our requirements but there is always room for improvement and so I would rate this product a nine out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Program Manager at a computer software company with 5,001-10,000 employees
    Real User
    Top 20
    Stable but needs better correlation and automation
    Pros and Cons
    • "SolarWinds' stability is fine. I don't think we've had any software issues."
    • "SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."

    What is our primary use case?

    We use SolarWinds as a kind of SIEM solution, so I don't have other additional security needs. Lately, we've been exploring other solutions. We are a Managed Security Services Provider, and we have nine people predominantly working on that solution. We also have team members who work on multiple solutions.

    What is most valuable?

    Lately, all of the solutions continue to improve, so I believe SolarWinds will also improve. But all the solutions need to have the same features, so I don't see any specific feature that needs to be more user-friendly. There is no unique element that makes SolarWinds better than the others.

    What needs improvement?

    SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.

    For how long have I used the solution?

    We've been using SolarWinds for three years.

    What do I think about the stability of the solution?

    SolarWinds' stability is fine. I don't think we've had any software issues.

    What do I think about the scalability of the solution?

    There are some scalability issues with SolarWinds. For example, whether it will be on-prem or on the cloud, there are several things we have to leave with the integrators. Many solutions are integrated. SolarWinds is not convenient enough to meet our current needs and it requires an upgrade, but I'm also thinking about some others. I believe that Azure is doing well as a cloud tool right now.

    How are customer service and support?

    We're not happy with SolarWinds' support.

    How was the initial setup?

    Whether SolarWinds is easy to set up depends on what you're doing. Before a technician did the implementation, someone had been tweaking and operating. However, the tool does not support many things or have much to offer.

    What's my experience with pricing, setup cost, and licensing?

    Licensing cost it's an issue with SolarWinds. 

    What other advice do I have?

    I rate SolarWinds six out of 10. Comparing SolarWinds with Azure, it seems like Azure can do much more, so we are considering switching to Azure. If you are thinking of adopting SolarWinds, I would suggest considering what your business needs. Every business has different requirements. For example, if you're an IoT guy, you don't need tools that will help you with your IT environment. If you're in the manufacturing or oil and gas industry, you have a combination of IT and IoT, so then you'll go for something that fits those needs. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Keith Galleros
    Information Security Analyst at Detecon Al Saudia Co. Ltd.
    Real User
    Top 5Leaderboard
    Good log collection and reporting, but it provides no security information and the licensing model needs to be changed
    Pros and Cons
    • "The most valuable feature is the reporting."
    • "There is no correlation made between log entries, so no threat information is presented."

    What is our primary use case?

    We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

    How has it helped my organization?

    SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

    What is most valuable?

    The most valuable feature is the reporting. The log conversion for generating reports is good.

    What needs improvement?

    The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

    There is no information provided in terms of security.

    The licensing model is poor, which in turn affects the scalability.

    There is no correlation made between log entries, so no threat information is presented.

    The performance degrades when there is a lot of traffic.

    For how long have I used the solution?

    We have been using SolarWinds LEM for three years.

    What do I think about the stability of the solution?

    The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

    What do I think about the scalability of the solution?

    The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

    How are customer service and technical support?

    There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

    How was the initial setup?

    It is a straightforward implementation. The deployment takes about two hours before everything is running.

    What's my experience with pricing, setup cost, and licensing?

    Licenses can only be purchased in blocks of fifty at a time.

    What other advice do I have?

    I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

    I would rate this solution a five out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Rick McClure
    Technical Operations & Management Professional at RMC Enterprises
    Real User
    Top 20
    Identifies things that you didn't know were going on in your network, but it needs to be simplified
    Pros and Cons
    • "Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
    • "It is a very technical program. They can simplify it so that it isn't so hard to deal with."

    What is our primary use case?

    Its use case is to identify and help prevent and block known spyware or ransomware sites. Ransomware sites typically have bad IPs or domain names.

    In terms of the version, I have had our clients log in and update the version a few times.

    What is most valuable?

    Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network.

    What needs improvement?

    It is a very technical program. They can simplify it so that it isn't so hard to deal with. 

    You can be notified of various things, but you have to configure them. That's the downside. You got to work with it and configure it.

    For how long have I used the solution?

    I have been using this solution for a couple of years. When we first started, it was flash-based, and now, it is not flash-based.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Its scalability is good now. Initially, we had some trouble with defining some of the hard drive things with ESXi.

    How are customer service and support?

    When you get them on the phone, they're good. It could sometimes be tough to connect with them. Sometimes, you find someone who is probably a technician, but you need an engineer.

    How was the initial setup?

    It is fairly complex, but once we have it installed and running, there is not much need to look at anything. Initially, when you set it up, it'll take a technician about a week to get things running close to right. It also depends on the time he has to sit down and do it.

    What was our ROI?

    It will identify things in your network that you just didn't know were going on. It will certainly open your eyes to other things that you might need.

    What other advice do I have?

    Dot your i's and cross your t's. If you're looking for something specific, then you better specify that when you talk to the sales engineers and the engineers. Always talk to an engineer after you talk to the sales guys, just to confirm that what they said is true and accurate.

    For non-Windows or non-Linux devices, they may not have a connector. So, that's where you need to go and ask somebody if it will support your device.

    I would rate it a seven out of 10. The only reason for that is some of the complexity of the rules.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Senior Technical Engineer at a tech vendor with 51-200 employees
    Real User
    Top 5
    Easy to use with good reporting and alerting functionality

    What is our primary use case?

    We work with and resell all of the SolarWinds products, and SolarWinds LEM is one of the solutions that I have experience with. This solution is used in conjunction with others to find the root cause of problems when a user is not able to access an application.

    What is most valuable?

    This tool is simple to use. The reporting and alerting capabilities are really nice. The Heat Map is a very good feature that is related to Wi-Fi and helps to monitor access points.

    What needs improvement?

    It takes a long time to perform a root cause analysis. I would like to have a more customizable dashboard.

    For how long have I used the solution?

    I have been working with SolarWinds LEM for four years.

    What do I think about the stability of the solution?

    What is our primary use case?

    We work with and resell all of the SolarWinds products, and SolarWinds LEM is one of the solutions that I have experience with.

    This solution is used in conjunction with others to find the root cause of problems when a user is not able to access an application.

    What is most valuable?

    This tool is simple to use.

    The reporting and alerting capabilities are really nice.

    The Heat Map is a very good feature that is related to Wi-Fi and helps to monitor access points.

    What needs improvement?

    It takes a long time to perform a root cause analysis.

    I would like to have a more customizable dashboard.

    For how long have I used the solution?

    I have been working with SolarWinds LEM for four years.

    What do I think about the stability of the solution?

    We have had no issues with stability.

    What do I think about the scalability of the solution?

    This is a scalable solution. We have deployed it both in Windows and Linux environments.

    How are customer service and technical support?

    I have contacted SolarWinds technical support six or seven times and I think that the support is very good. The only problem is that when the system goes down, the diagnostics might take a long time.

    For example, in a large environment, we had a situation where the application was down for one or two days. Normally, at most, it will take three or four hours for a large environment. In a small environment, the time that it will be unavailable due to diagnostics is about an hour and a half.

    How was the initial setup?

    The initial setup is totally straightforward. It takes a maximum of two hours to deploy.

    What other advice do I have?

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Buyer's Guide
    Download our free SolarWinds Security Event Manager Report and get advice and tips from experienced pros sharing their opinions.