- Release Notes
- Install or Upgrade
- SEM Installation and Upgrade Guide
- SEM deployment examples
- Prepare to install SEM
- Install and deploy SEM
- Complete the installation
- Install the SEM Agent
- Upgrade SEM
- Upgrade the SEM components
- Log in to SEM
- Get help after you install SEM
- Get Started
- SEM Getting Started Guide
- Get started with SolarWinds Security Event Manager
- Log in to the SEM Console
- Determine which logs to monitor with SEM
- Install and configure SEM
- Configure your devices to send events to SEM
- Verify that events are being sent to SEM
- Configure a SEM agent
- Add a syslog device to SEM
- Navigate the SEM Console
- Beyond Getting Started with SEM
- SEM Getting Started: Additional Resources
- Administer
- SEM Administrator Guide
- SEM introduction
- SEM components
- Log in to SEM
- License your SEM deployment
- Configure the settings and services
- About the console settings
- Start and stop the SEM appliance and agent
- Enable log forwarding
- Manage the SEM licenses
- Download the debug logs
- Set the date, time, and time zone on your SEM VM
- Configure LDAP for SEM
- Configure the Email Active Response connector
- Enable SEM to receive SNMP traps
- Send SNMP traps from SEM to other applications
- Collect Windows Filtering Platform (WFP) events
- Monitor SEM from NPM and the Orion Web Console using SNMP
- Create a custom log in banner
- Configure the Kube API reader connection settings
- Set the maximum email attachment size
- Enable Dark Mode
- (Optional) Set up SFTP connections to external systems
- (Optional) Set up SMB file sharing to a Windows server
- SEM Console
- SEM Dashboard
- Manage SEM users
- Collect event data from systems and devices
- About SEM Manager and agent communications
- Get started adding systems and devices to SEM
- Configure SEM Agents after the installation
- Create connector profiles to manage and monitor SEM agents
- Create a new connector profile
- Add syslog and agent nodes to SEM
- Update the SEM agents
- Set up a separate syslog server for use with SEM
- Manage the monitored nodes
- Edit a connector profile
- Edit an Active Response connector profile
- Update the SEM agents manually
- Update the SEM connectors automatically
- Add and remove agents from connector profiles
- Configure Windows domain controller connectors
- Verify USB Defender is installed on a SEM agent
- Install a node-level SEM agent running in Kubernetes as DaemonSet
- Enable additional connectors to add extra log sources to SEM
- Configure a firewall connector on SEM Manager
- Verify the alias value associated with the connector
- Export the SEM node information
- Manage the SEM system resources
- Secure your SEM deployment
- Create and manage tags
- Collect and normalize event data using SEM connectors
- Monitor firewalls, proxy servers, domain controllers, and more
- Monitor firewalls for unauthorized access
- Monitor proxy servers for suspicious URL access
- Monitor antivirus software for viruses that are not cleaned
- Enable Windows file auditing for use with SEM
- Configure the Windows Audit Policy for use with SEM
- Configure the USB Defender local policy connector in SEM
- Monitor Microsoft SQL databases for changes to tables and schemas
- Monitor Windows domain controllers for brute force hacking attempts
- Track Cisco buildup and teardown events
- Monitor Windows files, directories, and registry settings using FIM connectors
- Start a FIM driver
- Add a FIM connector to a node
- Create a FIM connector configuration
- Configure a FIM connector from a template
- Edit a FIM connector configuration
- Create FIM file and directory inclusions
- Create FIM file and directory exclusions
- Create FIM registry inclusions
- Create FIM registry exclusions
- FIM advanced connector settings
- Configure user defined groups
- View live and historical events
- Live Events view
- Analyze historical data
- Set the live and historical event limits
- Configure the occurrence settings
- Edit the expressions
- About the event types
- Create rules that respond to security events
- Get started building custom rule expressions in SEM
- About SEM rules
- Create a new rule
- Configure the occurrence settings
- Edit the expressions
- Create a rule from a rules template
- Create a rule from a filter
- Test, enable, and disable rules in SEM
- Import and export SEM rules
- Create email templates for use with SEM rules
- Example SEM rules
- Create and enable a SEM rule to identify port scanning traffic
- Create and enable the Known Spyware Site traffic rule
- Create a SEM rule to track when viruses are not cleaned
- Create and enable a critical logon failures rule
- Create and enable a change management rule
- Select an event response from an existing rule
- Add the Send Email Message action to a rule created from a template
- Use the Send Email Message action in SEM rule creation
- Create response actions for network and system events
- About SEM response actions
- Use computer-based active responses in SEM
- Use the Append Text to File active response in SEM
- Configure an active response connector on a SEM agent
- Use the Block IP active response in SEM
- Configure the Detach USB Device active response in SEM
- Configure the Disable Networking active response in SEM
- Configure the Kill Process active response in SEM
- Create regulatory and compliance reports
- About the CMC
- Troubleshoot your SEM deployment
- Glossary
- SEM connectors
About SEM licensing
Licensing a Security Event Manager deployment is based on two license types:
-
Universal license (SEM)
-
Workstation Edition license (SWE)
A Universal license (SEM) includes the number of universal nodes. Universal nodes include non-agent devices, such as switches, routers, and firewalls, and systems running either a Windows Server or Unix operating system. For example, a SEM deployment with a SEM150 subscription can add 150 universal nodes.
A Workstation Edition license (SWE) includes the number of workstation nodes. Workstation nodes include desktop systems that run Windows for Workstations and the SEM Agent. For example, a SEM deployment with a SWE250 subscription can add 250 Windows workstation nodes.
Contact SolarWinds Sales for a license type that supports the number of nodes you want to monitor in your deployment.