Documentation forSecurity Event Manager

SEM connector categories

The following table describes the various categories of network security products that can be connected to SEM.

The Description column describes how the connectors (sensors and actors) typically work with each type of product or device. The Use with columns indicate if each product type requires Manager connectors, Agent connectors, or both.

See SEM connectors for a full list of connectors. If the connector for your product is not listed, submit a feature request.
Category Description Use with
Managers Agents

Anti-Virus

This category lets you configure sensors for use with common anti-virus products. These products protect against, isolate, and remove viruses, worms, and Trojan programs from computer systems.

To configure an anti-virus connector, the anti-virus software must be currently installed on the Agent computer.

Some anti-virus connectors can also be run on the Manager by remotely logging from an Anti-Virus server.

Due to software conflicts, SolarWinds recommends running only one brand of anti-virus software per computer.

Application Switch

This category lets you configure sensors for use with application switches. Application-Layer switches transmit and monitor data at the application layer.

Database

This category lets you configure sensors for use with database auditing products. These products monitor databases for potential database intrusions, changes, and database system events.

File Transfer and Sharing

This category lets you configure sensors for use with file transfer and file sharing products. These products are used to share files over the local network and the Internet. Monitoring these products provides information about what files are transferred, by whom, and system events.

Firewalls

This category lets you configure sensors and actors for use with applications and devices used to protect and isolate networks from other networks and the Internet.

Firewall sensors connect to, read, and retrieve firewall logs. Most firewalls also have an active response connector. These connectors configure actors that interface with routers and firewalls to perform block commands. Actors can perform active responses either via telnet or a serial or console cable. Normally, you will configure these connectors on the Manager.

To configure a firewall connector, the firewall product must already be installed on the Agent computer, or it must be remotely logging to an Agent or Manager. Normally, you will configure these connectors on the Manager.

You must also configure each firewall’s data gathering and active response capabilities separately. For example, configuring a firewall’s data gathering capabilities does not configure the firewall’s active response settings.

Identity and Access Management

This category lets you configure sensors for use with identity access, identity management, and other single-sign on connectors. These products provide authentication and single-sign on capabilities, account management, and other user access features. Monitoring these products provides information about authentication and management of accounts.

IDS and IPS

This category lets you configure sensors and actors for use with network-based and host-based intrusion detection systems. These products provide information about potential threats on the network or host, and can be used to raise alarms about possible intrusions, misconfigurations, or network issues.

Generally, network-based IDS and IPS connectors are configured to log remotely, while host-based IDS and IPS systems log locally on an Agent system. Some network-based IPS systems provide the capability to perform an active response via their actor connector, allowing you to block an IP address at the IPS device.

Manager

This category lets you configure sensors for use with the Manager and other Appliances. These connectors monitor for conditions on the Manager that may be informational or display potential problems with the appliances.

Network Management

This category lets you configure sensors for use with network management connectors. These connectors monitor for different types of network activity from users on the network, such as workstation-level process and application monitoring. Generally, these systems are configured to log remotely from a central monitoring server.

Network Services

This category lets you configure sensors for use with different network services. These connectors monitor service-level activity for different network services, including DNS and DHCP. Most network services are configured to log locally on an Agent's system. However, some are configured to log remotely.

Operating Systems

This category lets you configure sensors for use with utilities in the Microsoft Windows operating system that monitor system events.

This category includes a Windows Active Response connector. This connector configures an actor that enables Windows active response capabilities on Agents using Windows operating systems. This allows SEM to perform operating system-level responses, such as rebooting computers, shutting down computers, disabling networking, and disabling accounts.

To configure an operating system connector, the operating system software must already be installed on the Agent computer.

If you perform the remote Agent installation, the Windows NT/2000/XP Event Application Logs and System Logs connectors are configured by default.

Proxy Servers and Content Filters

This category lets you configure sensors for use with different content monitoring connectors. These connectors monitor user network activity for such activities as web surfing, IM/chat, and file downloads, and events related to administering the monitoring systems themselves. Generally, these connectors are configured to log remotely from the monitoring system.

Routers/Switch

This category lets you configure sensors, and in some cases actors, for use with different routers and switches. These connectors monitor activity from routers and switches such as connected/disconnected devices, misconfigurations or system problems/events, detailed access-list information, and other related messages. Some routers/switches have the capability to configure an actor connector to block an IP address at the device. Generally, these connectors are configured to log remotely from the router/switch.

System Scan Reporters

This category lets you configure sensors for use with different asset scanning connectors, such as vulnerability scanners. These connectors provide information about potential vulnerabilities, exposures, and misconfigurations with different devices on the network. Generally, these connectors create events in the 'Asset' categories in the event tree.

System Connectors

This category lets you configure the Manager with an external notification system, so SEM can transmit event messages to SEM users via email or pager.

VPN and Remote Access

This category lets you configure sensors and actors for use with Virtual Private Network (VPN) server products that provide secure remote access to networks. Normally, you will configure these connectors on the Manager.

Web Server

This category lets you configure sensors for use with Web server products. To configure a web server connector, the web server software must already be installed on the Agent or Manager computer.