- Release Notes
- Install or Upgrade
- SEM Installation and Upgrade Guide
- SEM deployment examples
- Prepare to install SEM
- Install and deploy SEM
- Complete the installation
- Install the SEM Agent
- Upgrade SEM
- Upgrade the SEM components
- Log in to SEM
- Get help after you install SEM
- Get Started
- SEM Getting Started Guide
- Get started with SolarWinds Security Event Manager
- Log in to the SEM Console
- Determine which logs to monitor with SEM
- Install and configure SEM
- Configure your devices to send events to SEM
- Verify that events are being sent to SEM
- Configure a SEM agent
- Add a syslog device to SEM
- Navigate the SEM Console
- Beyond Getting Started with SEM
- SEM Getting Started: Additional Resources
- Administer
- SEM Administrator Guide
- SEM introduction
- SEM components
- Log in to SEM
- License your SEM deployment
- Configure the settings and services
- About the console settings
- Start and stop the SEM appliance and agent
- Enable log forwarding
- Manage the SEM licenses
- Download the debug logs
- Set the date, time, and time zone on your SEM VM
- Configure LDAP for SEM
- Configure the Email Active Response connector
- Enable SEM to receive SNMP traps
- Send SNMP traps from SEM to other applications
- Collect Windows Filtering Platform (WFP) events
- Monitor SEM from NPM and the Orion Web Console using SNMP
- Create a custom log in banner
- Configure the Kube API reader connection settings
- Set the maximum email attachment size
- Enable Dark Mode
- (Optional) Set up SFTP connections to external systems
- (Optional) Set up SMB file sharing to a Windows server
- SEM Console
- SEM Dashboard
- Manage SEM users
- Collect event data from systems and devices
- About SEM Manager and agent communications
- Get started adding systems and devices to SEM
- Configure SEM Agents after the installation
- Create connector profiles to manage and monitor SEM agents
- Create a new connector profile
- Add syslog and agent nodes to SEM
- Update the SEM agents
- Set up a separate syslog server for use with SEM
- Manage the monitored nodes
- Edit a connector profile
- Edit an Active Response connector profile
- Update the SEM agents manually
- Update the SEM connectors automatically
- Add and remove agents from connector profiles
- Configure Windows domain controller connectors
- Verify USB Defender is installed on a SEM agent
- Install a node-level SEM agent running in Kubernetes as DaemonSet
- Enable additional connectors to add extra log sources to SEM
- Configure a firewall connector on SEM Manager
- Verify the alias value associated with the connector
- Export the SEM node information
- Manage the SEM system resources
- Secure your SEM deployment
- Create and manage tags
- Collect and normalize event data using SEM connectors
- Monitor firewalls, proxy servers, domain controllers, and more
- Monitor firewalls for unauthorized access
- Monitor proxy servers for suspicious URL access
- Monitor antivirus software for viruses that are not cleaned
- Enable Windows file auditing for use with SEM
- Configure the Windows Audit Policy for use with SEM
- Configure the USB Defender local policy connector in SEM
- Monitor Microsoft SQL databases for changes to tables and schemas
- Monitor Windows domain controllers for brute force hacking attempts
- Track Cisco buildup and teardown events
- Monitor Windows files, directories, and registry settings using FIM connectors
- Start a FIM driver
- Add a FIM connector to a node
- Create a FIM connector configuration
- Configure a FIM connector from a template
- Edit a FIM connector configuration
- Create FIM file and directory inclusions
- Create FIM file and directory exclusions
- Create FIM registry inclusions
- Create FIM registry exclusions
- FIM advanced connector settings
- Configure user defined groups
- View live and historical events
- Live Events view
- Analyze historical data
- Set the live and historical event limits
- Configure the occurrence settings
- Edit the expressions
- About the event types
- Create rules that respond to security events
- Get started building custom rule expressions in SEM
- About SEM rules
- Create a new rule
- Configure the occurrence settings
- Edit the expressions
- Create a rule from a rules template
- Create a rule from a filter
- Test, enable, and disable rules in SEM
- Import and export SEM rules
- Create email templates for use with SEM rules
- Example SEM rules
- Create and enable a SEM rule to identify port scanning traffic
- Create and enable the Known Spyware Site traffic rule
- Create a SEM rule to track when viruses are not cleaned
- Create and enable a critical logon failures rule
- Create and enable a change management rule
- Select an event response from an existing rule
- Add the Send Email Message action to a rule created from a template
- Use the Send Email Message action in SEM rule creation
- Create response actions for network and system events
- About SEM response actions
- Use computer-based active responses in SEM
- Use the Append Text to File active response in SEM
- Configure an active response connector on a SEM agent
- Use the Block IP active response in SEM
- Configure the Detach USB Device active response in SEM
- Configure the Disable Networking active response in SEM
- Configure the Kill Process active response in SEM
- Create regulatory and compliance reports
- About the CMC
- Troubleshoot your SEM deployment
- Glossary
- SEM connectors
Collect event data from systems and devices
This section describes how to configure SEM to collect event data from systems, devices, and applications in your IT environment. SEM can receive events sent by SEM agents, syslog, and SNMP.
SEM can correlate SNMP traps from devices and applications that have a corresponding connector. To configure SEM to receive SNMP traps, turn on the SNMP Trap Logging Service. See Enable SEM to receive SNMP traps for details.