Documentation forSecurity Event Manager

SEM security checklists: Ensure that only authorized users can access SEM

Complete the following tasks to help prevent unauthorized users from accessing SEM.

General security tasks

Read the Security Event Manager Appliance Security and Data Protection blog post on THWACK.


Secure the SEM manager and the SEM consoles

Run the activate command from the CMC command line.

Run this command to export the SSL certificate that ensures secure communications between the SEM desktop console and the SEM manager.

See Run the activate command to secure SEM and configure network settings for steps.

Set the minimum password requirements for local SEM user accounts.

See Set the global password policy for SEM users for steps.

Restrict the filters that Monitor role users can access.

See "Specify the filters that users assigned the Monitor role can use on the SEM Console for steps.


Secure the CMC command-line interface

Change the default CMC password.

See Change the SEM CMC password for steps.

Restrict SSH access to the CMC command-line interface.

(Optional) This procedure blacklists everyone from logging in to the CMC interface except those users who connect from an explicitly allowed IP address or host name.

See Restrict SSH access to the SEM CMC interface for steps.


Secure the SEM reports application

Secure the SEM reports application.

See Restrict access to the SEM reports application for steps.

Enable transport layer security (TLS) between the SEM reports application and the SEM database.

From 2020.4 TLS is enabled by default.

From 2022.2 TLS cannot be disabled.

(Optional) The Transport Layer Security (TLS) option introduces an extra level of security for data transfers between a SEM database and the Reports application.

See Enable transport layer security (TLS) in the SEM reports application for steps.