Documentation forSecurity Event Manager

Get started with SolarWinds Security Event Manager (SEM)

SolarWinds Security Event Manager (formerly Log & Event Manager), is a security information and event management (SIEM) virtual appliance that adds value to existing security products and increases efficiencies in administering, managing, and monitoring security policies and safeguards on your network.

SEM provides access to log data for forensic and troubleshooting purposes, and tools to help you manage log data. SEM leverages collected logs, analyzes them in real time, and notifies you of a problem before it causes further damage.

For example, advanced persistent threats can come from a combination of network events such as software installations, authentication events, and inbound and outbound network traffic. Log files contain all information about these events. The SEM correlation engine identifies advanced threat activity, and then notifies you of any anomalies.

Who should use this guide?

This guide is for SolarWinds customers or prospects who have purchased or want to evaluate SolarWinds SEM.

If you are interested in evaluating SolarWinds SEM, you can download the product, fully-functional for 30 days. After the evaluation period, you can convert your evaluation license to a production license by obtaining and applying a license key.

The purpose of this guide is to familiarize you with commonly used features of SolarWinds SEM that will allow you to begin detecting suspicious activity, mitigate security threats, achieve auditable compliance, and maintain continuous security.


Checklist to get started with SolarWinds SEM

Complete the following tasks to get started with SolarWinds SEM:

Determine which logs to monitor in SEM

Before you begin, decide which logs you want to monitor. If you monitor too many logs, working on the SEM Console can be overwhelming.

Install, configure and log in to the SEM Console.

These procedures guide you in installing SEM.

Configure the audit policy on your device to send events to SEM

Only events that you have designated to be sent to SEM are visible on the SEM Console.

Verify that events are being sent to SEM

Learn how to use the SEM Contego Management Console (CMC) to verify that syslog event data is being sent to SEM.

Configure an agent in SEM

Learn how to add your first Microsoft Windows computer to SEM.

Add a syslog device to SEM

Learn how to add a Cisco® Adaptive Security Appliance (ASA) firewall to SEM.

Navigate the SEM Console

After SEM is receiving log data, use the SEM Console to search, view, and filter the data.


Next Up: Determine which logs to monitor