Documentation forSecurity Event Manager

SEM Console

Dashboard

Access the SEM Dashboard (formerly SEM Ops Center) to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display log data in a variety of tables and graphs based on filters within your Events viewer. Upon initial login, the SEM Dashboard appears by default. Learn more here.

Live and Historical Events

Live and Historical Events provides instant access to live event monitoring and filtering as well as historical record archives for in-depth analysis and troubleshooting. Within the console view, you can quickly switch between real-time event streaming and historical log views based on user-defined date and time parameters. In addition to live and historical keyword search options, all established SEM Monitor filters are accessible on the SEM Console Filters pane. Learn more here.

Rules

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process). Learn more .

Nodes

Through the HTML5-based node management feature, you can add agent nodes, configure connectors and connector profiles, and then monitor activity on the SEM Console. Upon node and connector configuration, click the Events tab to view your network activity, and then create and apply filters to tailor your log feed to view event logs vital to maintaining the health of your network environment. Learn more here.

Configuration

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process). Learn more here.

User-defined groups and email templates

From the Groups tab, create user-defined groups to organize related elements for use with rules and filters. Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced from multiple rules and filters. Learn more here.

You can use email templates to customize your email notifications when triggered as responses in your custom rules. An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is filled in from the original event that caused the rule to fire. Learn more here.