Documentation forSecurity Event Manager

Table of Contents

SEM 2021.2 Release Notes
SEM 2020.4.1 Release Notes
SEM 2020.4 Release Notes
SEM 2020.2.2 Release Notes
SEM 2020.2.1 Release Notes
SEM 2020.2 Release Notes
SEM 2019.4.1 Release Notes
SEM 2019.4 Release Notes
SEM 6.7.2 Release Notes
SEM 6.7.1 Release Notes
SEM 6.7 Release Notes
LEM 6.6 Release Notes
LEM 6.5 Release Notes
SEM Install or Upgrade Guide
Title
copyright
SEM installation overview
How SEM works
Audit reports
Integration with SolarWinds products
SEM components in a typical deployment
Overview
About the SEM Manager component
About the SEM Agent
About network devices
About the SEM reports application
SEM deployment examples
Simple deployment example
Complex deployment example with multiple syslog servers
Choose a licensing method for your SEM deployment
About SEM licensing
Licensing an evaluation version of SEM
SEM system requirements
SEM pre-installation checklist
Install SEM on the hypervisor and the cloud
Install SEM on Microsoft Hyper-V
Install SEM on VMware vSphere
Deploy SEM to Microsoft Azure
SEM sizing
Azure virtual machine size overview
Azure storage sizing overview
Managed disks
Recommended VM size and storage for SEM
Recommended disk size
Recommended machine size
Configure networking
Deploy SEM via Azure CLI 2.0
Install Azure CLI 2.0 on Microsoft Windows
Create and manage storage accounts, resource groups, and locations
Get the storage access key
Prepare to deploy VHD disks
Boot diagnostics
Deploy from PowerShell (Windows)
Deploy from Bash (Linux)
Deploy SEM to Amazon Web Services
Install SEM Agents to protect servers, domain controllers, and workstations
Deploying the SEM Agent
SEM Agent pre-installation checklist: Prepare to deploy SEM Agents
Install the SEM Agent on Linux or Unix
Install the SEM Agent on macOS
Install the SEM Agent on Windows
Run the SEM Remote Agent Installer for large Windows deployments
Run the SEM Local Agent Installer for large Windows deployments
Verify the SEM Agent connection
Install the SEM reports application
SEM Upgrade Guide: Prepare to upgrade
Determine your upgrade path to the latest version of SEM
Best practices for SEM upgrades
Upgrade SEM: complete steps
Upgrade the virtual appliances
Mount the ISO image on Microsoft Hyper-V or VMware vShpere
Upgrade to SEM 6.4 or later using an ISO
Upgrade to SEM 6.4 or later across a network share
Upgrade the connectors
Upgrade the consoles
Upgrade the reports console
Upgrade the agents
Adjust your Global Automatic Updates setting
SEM Getting Started Guide
Title
copyright
Get started with SolarWinds Security Event Manager
Determine which logs to monitor in SEM
Install and configure SEM
Configure your devices to send events to SEM
Verify that events are being sent to SEM
Configure an agent in SEM
The SEM console
SEM Administrator Guide
Title
copyright
SEM setup, configuration, and maintenance
Log in to SEM
Log in to the SEM console
Log in to the SEM CMC command line interface
Set up a new SEM installation
SEM setup wizard
Run the activate command to secure SEM and configure network settings
Configure SEM settings and services
SEM Event console settings
Start and stop SEM components
Enable log forwarding
Download debug logs
Set the date, time, and time zone on your SEM VM
Manage SEM licenses
Configure LDAP for SEM
Configure Active Directory and SEM to work with SEM rules and filters
Configure the Email Active Response connector in SEM
Enable SEM to receive SNMP traps by turning on the SNMP Trap Logging Service
Send SNMP traps from SEM to other applications by turning on the SNMP Request Service
Collect Windows Filtering Platform (WFP) events in SEM
Monitor SEM from NPM and the Orion Web Console using SNMP
Create a custom login banner
Manage SEM system resources
View system resources
Allocate CPU and memory resources to the SEM VM
Manage SEM data storage
View a disk usage event
SEM tuning and periodic maintenance tasks
Secure SEM
Security settings
SEM security checklist: Ensure that only authorized users can access SEM
Restrict SSH access to the SEM CMC interface
Restrict access to the SEM reports application
Enable TLS in the SEM reports application
The SEM console
The SEM Dashboard
Available SEM widgets
Edit the SEM dashboard
Add dashboard widgets
Edit dashboard widgets
Create a KPI widget
Create a time-series widget
Create a nodes table widget
Manage users in SEM
Add SEM users
View system privileges associated with a role
Set the global password policy for SEM users
Set up Active Directory authentication in SEM
Set up single sign-on in SEM
Change the SEM CMC password
Monitor role users and filters
Send event data to SEM via Agents, syslog, and SNMP
Get started adding systems and devices to SEM
Configure SEM Agents after they are installed
Create connector profiles to manage and monitor SEM Agents
Create a new connector profile
Create a connector profile from a template
Create a connector profile from an agent
Clone a connector profile
Edit a connector profile
Add syslog and Agent nodes to SEM
Update SEM Agents
Set up a separate syslog server for use with SEM
Node management
Edit node connectors
Update SEM agents manually
Update SEM connectors automatically
Add and remove agents from connector profiles
Configure the Email Active Response Connector
Configure Windows domain controller connectors
Verify USB Defender is installed on a SEM agent
Enable additional connectors to add extra log sources to SEM
Configure a firewall connector on a SEM Manager
Verify that the correct alias value is associated with the connector
SEM connectors: Normalize events sent from specific products on your network
Configure SEM connectors for Agent and non-Agent devices
Apply a SEM connector update package
SEM connector categories
Configure SEM to monitor firewalls, proxy servers, domain controllers, and more
Configure SEM to monitor firewalls for unauthorized access
Create and enable a SEM rule to identify port scanning traffic
Enable the Threat Intelligence feed
Configure SEM to monitor proxy servers for suspicious URL access
Configure a proxy server connector on a SEM Manager
Create and enable the Known Spyware Site traffic rule
Configure SEM to monitor antivirus software for viruses that are not cleaned
Configure the antivirus connector on the SEM Manager
Create a SEM rule to track when viruses are not cleaned
Configure FIM connectors to monitor Windows files, directories, and registry settings
Start a FIM driver
Add a FIM connector to a node
Create a FIM connector configuration
Configure a FIM connector from a template
Edit a FIM connector configuration
Create FIM file and directory inclusions
Create FIM file and directory exclusions
Create FIM registry inclusions
Create FIM registry exclusions
FIM advanced connector settings
Enable Windows file auditing for use with SEM
Configure Windows Audit Policy for use with SEM
Configure the USB Defender local policy connector in SEM
Configure SEM to monitor Microsoft SQL databases for changes to tables and schema
Configure SEM to monitor Windows domain controllers for brute force hacking attempts
Configure SEM to track Cisco buildup and teardown events
Configure groups in SEM
About SEM groups
Import user-defined group elements
Export user-defined group elements
Configure Directory Service Groups in SEM
SEM Event Views: Live and Historical
Live Events
About SEM filters and filter categories
Create filters with the SEM Events Console
Compare values with operators
Example filter: View network traffic from specific computers
Example filter: Create a filter for all activity in a connector profile
Use the ToolAlias field in SEM rules and filters to capture traffic from a specific device
Filter and export event logs
Historical Events
Search queries
Create a search query
Save a search query
Schedule a search query
Manage and load saved search queries
Export historical search results
Set live and historical event limits
SEM rules: Automate how SEM responds to events
Get started building custom rule expressions in SEM
About SEM rules
Create email templates for use with SEM rules
Create a new rule
Create a rule from a rules template
Create a rule from a filter
Example SEM rules
Create and enable a SEM rule to identify port scanning traffic
Create and enable the Known Spyware Site traffic rule
Create and enable SEM rule to track when viruses are not cleaned
Create and enable a critical logon failures rule
Create and enable a change management rule
Select an event response from an existing rule
Add the Send Email Message action to a rule
Test, enable, and disable rules in SEM
SEM response actions: Respond to network and system events in SEM
About SEM response actions
Use Computer-based active responses in SEM
Use the Append Text to File active response in SEM
Configure an active response connector on a SEM agent
Use the Block IP active response in SEM
Configure the Detach USB Device active response in SEM
Configure the Disable Networking active response in SEM
Configure the Kill Process active response in SEM
SEM reports: Create reports for regulatory and compliance purposes
About SEM reports
Set up the SEM reports application
The SEM reports application interface
Find, filter, and group SEM reports
Search SEM reports for specific text
Categorize and display SEM reports by group
Run a SEM report on-demand or schedule a SEM report to run later
Create a custom SEM report
Use the Select Expert tool to create a more focused SEM report
Manage reports: Open, print, and more
Default reports included with SEM
The SEM command-line interface: Using the CMC
About the CMC command line in SEM
CMC main menu
CMC appliance menu
CMC manager menu
CMC nDepth menu
CMC service menu
SEM troubleshooting
Troubleshoot alerts in the SEM console
Troubleshoot SEM Agents and network devices
Troubleshoot network device logging or syslog device logging in SEM
Troubleshoot the SEM reports application
Glossary of SEM terms
List of SEM connectors