SolarWinds Security Event Manager (SEM) Buyer Guide

SolarWinds Security Event Manager (SEM) Buyer Guide

Thinking about purchasing SolarWinds Security Event Manager (SEM)? Our buyer guide was crafted from our vetted user reviews to give you insights into how the product performs for its current customers. Find out where SolarWinds Security Event Manager (SEM) excels and discover potential pitfalls before you buy.

Highlight the Right Reviews

Throughout the guide below, there are links directly to reviews. Select the reviewers most relevant to you, and those links will be highlighted in blue.






Log and Event Management

Log Management

Users generally praise SolarWinds Security Event Manager (SEM)’s log management capabilities. They appreciate the tool’s efficiency in collecting and analyzing logs from various network devices and servers. The ability to centralize log collection and generate reports based on the gathered data is highlighted as a significant advantage. Users find the log parsing and visualization features to be user-friendly and effective in tracking and identifying security events. While some users mention minor issues like compatibility concerns with certain connectors and the need for a better UI for log searching, overall, SEM is recognized for its strong performance in log management tasks. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“PROS: Log collection; User-friendly and Easy dashboards; Queries seeped (according to our size); log data parsing is good. if you upgrade some systems, most likely SEM will recognize it.”Supervisor in Information Technology, Banking, 201-500 employees

“PROS: Logging network devices and servers; Searching Historical Events; Notifications and custom rules.”Employee in Information Technology, Higher Education, 501-1000 employees

“PROS: Make sense of syslog entries from a variety of sources; Track USB device usage; Track login attempts, successes and failures. SEM does exactly what it’s supposed to do, and then some.”Director in Information Technology, Individual & Family Services, 201-500 employees

Event Collection and Correlation

Users consistently highlight SolarWinds Security Event Manager (SEM)’s event collection and correlation as key strengths of the platform. They appreciate the tool’s ability to centralize log collection, normalize logs effectively, and provide automated threat detection and response. Additionally, users find SEM’s correlation engine useful in identifying and triggering on various security events, enhancing their overall security posture. While some users mention minor challenges with reporting speed and file integrity monitoring, the general sentiment leans towards positive experiences with SEM’s event collection and correlation functionalities. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“Reduce time spent in troubleshooting network events.; Provide a higher visibility into relevant events as a result of its categorizing and filtering options.; Enhance monitoring tools by creating custom alerts and notifications based on syslog events.”Employee in Information Technology, Transportation/Trucking/Railroad, 5001-10,000 employees

“Well suited for triggering on well-defined events, such as logon failure. The correlation engine is especially useful in triggering on dissimilar events. Overall, it captures all of the events, and using the filters to locate the events is the best application.”Professional in Engineering, Information Services, 51-200 employees

“The Solarwinds SEM will get your logs collected and analyzable, especially for Windows servers or workstations, it can be a good solution. Alerting and reporting need to be done manually, but once you have it set up the way you want, it will work solidly.”Analyst in Information Technology, Information Technology & Services, 1001-5000 employees

Log Parsing and Normalization

Users across reviews generally praise SolarWinds Security Event Manager (SEM) for its efficient log parsing and normalization capabilities. They appreciate how SEM simplifies the process of collecting and organizing log data, making it user-friendly and effective for various network sizes. Additionally, the ability of SEM to normalize events out of the box is highlighted as a strong point, enhancing operational efficiency and aiding in audit and compliance tasks. However, some users have pointed out minor drawbacks such as limited device support for less common devices and the need for improvements in tracing log events back to their sources. Despite these minor concerns, the overall consensus is positive regarding SEM’s log parsing and normalization features. (Source Reviews: 1, 2, 3, 4)

“Log data parsing is good. if you upgrade some systems, most likely SEM will recognize it.”Supervisor in Information Technology, Banking, 201-500 employees

“Visualization: the UI is slick and easy to follow. Filtering and Sorting: narrowing down logs is powerful. Windows event log parsing.”Supervisor in Engineering, Mining & Metals, 201-500 employees

“Having options for all kinds of data to easily be ingested and have the events normalized out of the box is great.”Engineer in Information Technology, Defense & Space, 10,001+ employees

“The Solarwinds SEM helps various IT departments such as server and network to work together using normalized common events. This increases operational efficiency.”Analyst in Information Technology, Information Technology & Services, 1001-5000 employees

Monitoring and Alerts

Network Monitoring

Users generally praise SolarWinds Security Event Manager (SEM)’s capabilities in logging network activities and monitoring network devices. The software is commended for its effectiveness in tracking changes, identifying issues, and ensuring compliance with insurance requirements. Users appreciate the ability to receive email notifications for critical events, allowing for prompt action and enhanced security measures. SEM’s feature set, including the ability to monitor network accounts, detect suspicious logins, and track changes made to network switches, receives positive feedback from users across various industries. The platform’s role in providing visibility into network activity, addressing regulatory needs, and detecting rogue devices is highlighted as a valuable asset for network administrators. Additionally, SEM’s robust search capabilities, filtering options, and categorization of events contribute to efficient troubleshooting and proactive monitoring of network events. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“SEM is well suited for smaller companies looking to log events and usage. We really use it a lot to see what network accounts are changed and who changed them and who is logging into what servers and when they are doing it.”Engineer in Information Technology, Higher Education, 1001-5000 employees

“SolarWinds Security Event Manager is used to collect logs from firewalls, routers, switches, wireless controllers, NPS servers, and Domain Controllers. We then use this data to analyze and generate required reports on any incidents. Having all the info in one location makes analyzing events far simpler.”Engineer in Information Technology, Computer Networking, 1001-5000 employees

“SEM is a good software to collect all the events and be a platform to have a view of the whole network status, instead of connecting to each server, find a clue from thousands of events.”Administrator in Information Technology, Electrical & Electronic Manufacturing, 51-200 employees

Server Monitoring

Reviewers have expressed a range of opinions regarding SolarWinds Security Event Manager (SEM)’s server monitoring capabilities. Some users find SEM’s server monitoring to be robust and effective, particularly for tracking login attempts and identifying vulnerabilities in real-time across Windows and Linux servers. However, others have highlighted areas for improvement, such as the need for more user-friendly support, timely customer service, and better customization options for creating individualized rules. Despite differing views, SEM’s server monitoring functionality remains a key aspect of its overall performance as reported by users. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)

“We have a deployment of SolarWinds SEM that monitors our Windows and Linux servers currently for login attempts across the whole organization. This allows us to see any possible vulnerabilities in real-time.”Employee in Information Technology, Plastics, 201-500 employees

“The Solarwinds SEM will get your logs collected and analyzable, especially for Windows servers or workstations, it can be a good solution. Alerting and reporting need to be done manually, but once you have it set up the way you want, it will work solidly.”Analyst in Information Technology, Information Technology & Services, 1001-5000 employees

“We use SEM to collect and analyze events from servers and routers. We can find the issues, like incorrect user logon and most port visit on router from SEM reports.”Administrator in Information Technology, Electrical & Electronic Manufacturing, 51-200 employees

Alert Management

Users generally praise SolarWinds Security Event Manager (SEM) for its robust alert management capabilities. They appreciate the ease of setting up alerts and receiving notifications for critical events. While some users find the interface and reporting features lacking, the consensus remains positive regarding SEM’s ability to effectively manage alerts and keep users informed about potential security risks. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“Notifications for events logged which we have alerts set for. Ease of use. We have been able to get alerts about unknown risks before they could get out of hand.”Engineer in Information Technology, Insurance, 11-50 employees

“Reduce time spent in troubleshooting network events. Provide a higher visibility into relevant events as a result of its categorizing and filtering options. Enhance monitoring tools by creating custom alerts and notifications based on syslog events.”Employee in Information Technology, Transportation/Trucking/Railroad, 5001-10,000 employees

“The email alert features with SolarWinds will send a large number of emails if the number of alerts email. The duplication of email alerting needs to be reduced.”Analyst in Information Technology, Information Technology & Services, 1001-5000 employees

Configuration and Management

Device Management

Users generally appreciate SolarWinds Security Event Manager (SEM)’s ability to manage logs from various network devices and servers efficiently. The software’s device management capabilities are highlighted for their effectiveness in tracking changes, identifying issues, and ensuring compliance with insurance requirements. Users find SEM particularly useful for monitoring and analyzing events from devices such as switches, routers, firewalls, and servers. The ability to receive email notifications for critical events is a feature that users value for staying informed about network activities. Additionally, SEM’s capability to centralize log collection and provide insights into network activity is praised for its contribution to enhancing security and operational efficiency. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“We use SEM to collect and analyze events from servers and routers. We can find the issues, like incorrect user logon and most port visit on router from SEM reports.”Administrator in Information Technology, Electrical & Electronic Manufacturing, 51-200 employees

“It is being used by the outsider IT company who does Level2 and Level3 support. We use it to audit network device logs with it (Palo Alto Firewalls and Juniper switches). Also we use it to audit Active Directory logons. It is easier to keep these logs in a single place.”Engineer in Information Technology, Food & Beverages, 51-200 employees

“SolarWinds SEM is used in our operational technology infrastructure to collect and analyze logs from critical systems, those that are part of or manage the infrastructure, and also systems themselves such as the control system(s).”Supervisor in Engineering, Mining & Metals, 201-500 employees

Configuration and System Changes

Users generally praise SolarWinds Security Event Manager (SEM)’s capabilities in logging configuration changes and system events. The platform is commended for its ability to track changes in network accounts, active directory environments, and servers, providing valuable insights into account modifications, logins, and server alterations. Users appreciate the immediate email notifications for any account-related activities, enabling them to stay informed even during off-hours. Additionally, SEM’s feature to categorize events and set up actions based on predefined templates is highlighted as a valuable asset for managing configuration changes effectively. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)

“We use SEM to Centralize log collection for my domain controllers, file servers, NPS servers, and Firewalls. Using SEM we are able to have all logs in one place and use that data to generate necessary reports.”Engineer in Information Technology, Education Management, 1001-5000 employees

“SEM is great in my environment for monitoring Windows Event Logs to view any changes in Active Directory such as adding users to administrators and domain admins groups. Also for auditing configuration changes on Cisco devices, it is very useful.”Engineer in Information Technology, Media Production, 501-1000 employees

“SolarWinds Security Event Manager is well-suited for small- to mid-sized organizations that cannot afford a large Information Technology team or department. SolarWinds Security Event Manager has robust reporting and logging capabilities, but significant time must be spent up front to ensure proper configuration.”C-Level Executive in Information Technology, Government Administration, 51-200 employees

Centralized Management and Analysis

Users consistently highlight SolarWinds Security Event Manager (SEM)’s centralized log management and analysis as a key strength of the platform. They appreciate the ease of having all log data in one central location, enabling efficient issue resolution and proactive monitoring. The ability to search, filter, and analyze logs across the network enhances troubleshooting efforts and facilitates collaboration among different teams. Additionally, the integrated compliance reporting tools further streamline security operations and ensure regulatory adherence. (Source Reviews: 1, 2, 3, 4, 5, 6)

“It has given our helpdesk and ops team more capabilities with less training and access. It gives a lot more insight to what the users are doing now that they are working from home. Allows for a central tool that works with our other SolarWinds products to give a better view of our entire ecosystem of computers.”Administrator in Information Technology, Insurance, 201-500 employees

“Having log data in one central location has a huge benefit. For example, troubleshooting an issue on a network can now be done by multiple teams where everyone with access to SEM can search the log repository. The live filtering and historical search capabilities make it easy to get the necessary evidence and the time stamp of what the issue is and when it started.”Engineer in Information Technology, Information Services, 10,001+ employees

“Able to keep our systems with a higher uptime, due to being able to resolve issues faster. Able to be alerted on key issues, making us more proactive. Able to research issues more easily in one central location.”Analyst in Information Technology, Telecommunications, 1001-5000 employees

UI and Customization

Dashboard and UI Features

Users generally praise SolarWinds Security Event Manager (SEM)’s dashboard and user interface features for their ease of use and customization options. The consensus among reviewers is that the dashboard provides a comprehensive view of security events and logs, allowing for efficient monitoring and analysis. While some users appreciate the intuitive layout and customizable event filters, others express concerns about the UI performance issues, especially when handling a large volume of data. Additionally, there are mixed opinions regarding the compatibility of SEM’s connectors and the overall user-friendliness of the interface. Despite some drawbacks, many users find SEM’s dashboard and UI features to be valuable assets in managing security events and maintaining compliance. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“The ‘out-of-the-box setup was easy and hit the floor running with minimal configuration when paired with SolarWinds Network Performance Monitor or Server and Application Monitor.”Engineer in Information Technology, Financial Services, 5001-10,000 employees

“The interface itself has a lot to be desired. The product has been built over the top of other products and you can tell.”Engineer in Information Technology, Design, 51-200 employees

“Visualization: the UI is slick and easy to follow.; Filtering and Sorting: narrowing down logs is powerful.; Windows event log parsing.”Supervisor in Engineering, Mining & Metals, 201-500 employees

Custom Rules and Filters

User opinions on SolarWinds Security Event Manager (SEM)’s custom rules and filters functionality are diverse. While some users appreciate the ability to create custom filters and rules tailored to their specific needs, others find the process cumbersome and lacking in contextual guidance. The platform’s customizable event filters and rules are highlighted as a positive aspect by some, offering ease of configuration and enhancing the overall user experience. However, there are also concerns raised about the complexity of building custom rules for individual purposes and the need for more user-friendly support resources. Despite these mixed sentiments, the custom rules and filters feature remains a notable aspect of SEM, providing users with the flexibility to tailor their monitoring and alerting strategies to suit their unique requirements. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“Developing a monitoring approach which is entirely custom and not bound to a particular regulatory framework is cumbersome due to the limited assistance with filter and rule construction.”Consultant in Information Technology, Information Technology and Services, 1-10 employees

“PROS: Customizable event filters; Awesome user interface; Easy to configure connectors.”Engineer in Information Technology, Computer Networking, 1001-5000 employees

“PROS: Easy to utilize–the rules are straightforward and pre-configured. You just have to customize them to fit your environment.”Analyst in Information Technology, Telecommunications, 1001-5000 employees

“CONS: How to build custom [Source] for individual purposes (e.g. rules for Admin users on critical systems, log on, log off, brute force, scanning); Customer support should be timely and available; Videos to onboarding systems should be made ( e.g, websites, servers, wireless access point, active directories, firewalls, Domain controls, etc); Hard to achieve unwanted logs; Updates for SEM users should be made available (New features and usability); No user-friendly support; No health check of the SEM by Solarwinds; Support needs to improve; Videos to be sent to users on how to create custom rules to fit individual purposes; Training on each feature of the SEM tool should be made available in a specific location on SolarWinds website; Best practice videos and use cases should be made available.”Analyst in Information Technology, Health, Wellness and Fitness, 10,001+ employees

User and Performance Monitoring

Account and User Activity Monitoring

Users consistently praise SolarWinds Security Event Manager (SEM)’s robust account and user activity monitoring capabilities. They appreciate the detailed logging of account changes, such as renames, deletions, and creations, along with the ability to track login attempts, successes, and failures. The feature that stands out is the immediate email notifications for any account-related events, enabling quick response and investigation, even during off-hours. Additionally, users find SEM valuable for monitoring server activities, identifying potential vulnerabilities, and ensuring compliance with security protocols. The platform’s ability to pinpoint the source of account lockouts and unauthorized access has been particularly beneficial for users, allowing for prompt resolution of security incidents. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

“We use SEM (formally LEM) to log changes that are made in our switching environment and who made them. SEM also logs all changes in our active directory environment. We log any and all account changes such as account renames, account deletions, account creations, and again who made those changes.”Engineer in Information Technology, Higher Education, 1001-5000 employees

“It is very helpful to know who is logging into, updating, changing VLANs, changing passwords on our network switches; Our insurance company really likes that we are using SEM to log events on our servers and switches.”Engineer in Information Technology, Higher Education, 1001-5000 employees

“I’d give it a 0 if that was an option. Sometimes, on the rare occasion that the SSO isn’t broken, we can actually log in to this and click around for 30 minutes and finally find some logs that point us in the right direction for tracking down what’s locking out an AD account. Other than that, it’s useless.”Engineer in Information Technology, Construction, 1001-5000 employees

Performance and Efficiency Tools

Users consistently highlight SolarWinds Security Event Manager (SEM)’s performance and efficiency tools as a key strength, emphasizing its ability to reduce time spent on troubleshooting and enhance overall system performance. The tool’s capacity to streamline processes and provide valuable insights into network operations is widely appreciated by reviewers, showcasing its effectiveness in optimizing operational efficiency and minimizing downtime. Additionally, users find that SEM’s performance and efficiency tools offer a robust solution for meeting security compliance requirements with minimal manpower, underscoring its value in maintaining a secure and well-managed network environment. (Source Reviews: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10)

“SolarWinds SEM is a great cost/performance balance. It scales well and doesn’t require a lot of babysitting. If you’re not familiar with what you’re looking for it can seem daunting. It allows us to see in real-time events as they happen, saving us time.”Employee in Information Technology, Plastics, 201-500 employees

“Saving resource because of stable alerts and reports; Good helping for audits and regulations; Good integration with other systems like Active Directory, Exchange …etc; nothing negative impact for overall.”Supervisor in Information Technology, Banking, 201-500 employees

“Our organization has significantly reduced the time spent to gather log data across multiple network and security segments. Our organization gained better visibility and control of the network/systems/storage and security log data.”Engineer in Information Technology, Information Services, 10,001+ employees

About the Author

TrustRadius Product Guides are created by synthesizing user reviews to identify commonly discussed topics. These guides highlight common use cases, frequently used features, and more. While this is a beta feature, it is our mission is to provide you with the best information possible to make confident and trusted technology decisions. If you feel something is missing or incorrect, please let us know.

Sign up to receive more buyer resources and tips.