Documentation forSecurity Event Manager

SEM tuning and periodic maintenance tasks

SolarWinds recommends you complete the tasks in this topic to ensure SEM performs optimally as your network changes.

Complete the following tasks to ensure that SEM uses processor and memory resources efficiently.

Review your rule configurations

Review your rules periodically to ensure that they are not triggering too frequently. This can be caused by:

  • Low threshold settings: consider increasing the threshold for rules that trigger due to network traffic.
  • Broadly-defined conditions: define rules to apply only to specific user names, IP addresses, or systems. Consider whether a different set of rules with different conditions could serve two distinct areas of your environment.
  • Rules using event groups instead of a single event or subset of events: rules that detect authentication or network traffic may trigger on additional events, but may only apply to a subset of those events.