Documentation forSecurity Event Manager

Review the SEM security checklists

Complete the following tasks to help prevent unauthorized users from accessing SEM.

General security tasks

Review the Security Event Manager Product Forum on THWACK for the latest product information.

Configure the subject alternative name (SAN) for the IP address or FQDN/hostname in the SEM Console. The SAN name enables the SEM Manager to detect the SEM agent properly and issue a certificate.

See Enable the security settings for instructions.

 

Secure the SEM manager and the SEM consoles

Run the activate command from the CMC command line.

This command exports the SSL certificate to provide secure communications between the SEM desktop console and the SEM manager.

See Run the activate command for instructions.

Set the minimum password requirements for the local SEM user accounts.

See Set the global password policy for SEM users for instructions.

Restrict the filters that monitor role users can access.

See Specify the filters that users assigned the Monitor role can use on the SEM Console for instructions.

 

Secure the CMC command-line interface

Change the default CMC password.

See Change the SEM CMC password for instructions.

(Optional) Restrict SSH access to the CMC command line interface.

This procedure blacklists all users from logging in to the CMC interface except those users who connect from an explicitly allowed IP address or host name.

See Restrict SSH access to the SEM CMC interface for instructions.