Documentation forSecurity Event Manager

Beyond Getting Started with SEM

At this point, you have configured at least one network device and system to send logs to SEM. This section provides you links to sections of the SEM Administrator Guide, knowledge base articles, and videos to explore.

Product documentation

The following table provides links to sections of the SEM Administrator Guide.

See To Learn About

Filters and filter categories

This topic introduces filters and briefly describes the default filters included with SEM. Filters capture events and alerts that take place on your network.
nDepth search The nDepth search engine can locate any event data that passes through a particular SEM Manager instance. You can use nDepth to conduct custom searches, investigate your search results with a graphical tools, investigate event data in other explorers, and take action on your findings.
SEM rules

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM Manager to take action.

A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).

SEM active responses An active response (also called an event response) in SEM is an action that SEM takes in response to suspicious activity or an attack. Active response actions include the Block IP active response, the Disable Networking active response, the Log off User active response, the Kill Process active response, the Detach USB Device active response, and so on.

The SEM reports application converts SEM database data into information that can be used to troubleshoot and identify network problems. Run reports on your Log & Event Manager database to view events and trends and make informed decisions about your network activity.

You can run over 200 standard and industry-specific reports that can help you make informed decisions about your network security.

SEM users

Access to SEM data requires a user account. Even basic access, such as receiving notifications sent by SEM through email or text message, requires a user account.

To restrict user access to sensitive data, user accounts need to be assigned to a SEM role. There are six SEM role types: Administrator, Auditor, Monitor, Contact, Guest, and Reports.

Training and community resources

Follow the links below to explore SEM training opportunities.