 |
|
SolarWinds SEM
Thousands of resource-constrained IT and security pros rely on SolarWinds® Security Event Manager (SEM) for affordable and efficient threat detection, automated incident analysis and response, and compliance reporting for their IT infrastructure. Our SIEM solution combines log management, threat detection, normalization and correlation, forwarding, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence, and active response in a virtual appliance that’s easy to deploy, manage, and use. We’ve designed our SIEM to provide the functionality you need without the complexity and cost of most other enterprise SIEM solutions.
SECURITY EVENT MANAGER AT A GLANCE
Easy Collection and Normalization of Network Device and Machine Logs Security Event Manager comes with hundreds of out-of-the-box connectors to simplify the process of collecting, standardizing, and cataloging log and event data generated across your network. Our industry leading log compression rate allows more data to be stored with fewer resources required.Customizable Visualizations and Dashboard
Quickly identify important or suspicious patterns in machine data with a wide variety of customizable visualizations and a flexible dashboard. Drill into interesting patterns with a click of a button and see the full list of related logs and their details.
Powerful and Simple Searching for Forensic Analysis and Troubleshooting
Security Event Manager is designed to allow users to quickly find important log data using simple keyword searches in both real-time event data as well as historical data at predefined or custom time periods. Out-of-the-box and user-defined filters also provide fast data refinement.
Real-Time, In-Memory Event Correlation
By processing and normalizing log data before it’s written to the database, Security Event Manager can deliver true real-time log and event correlation. Predefined and custom correlation rules allow Security Event Manager to automatically alert on possible security breaches and other critical issues.
Out-of-the-Box Security and Compliance Reporting Templates
Security Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 report templates and a console allowing for customizable reports to meet your organization’s specific needs.
Threat Intelligence Feed and Groups
Correlation rules are enhanced with a fully integrated, regularly updating threat intelligence feed that automatically identifies and tags malicious activity from known bad IPs. Easily build groups containing values relevant to your environment, such as user and computer names, sensitive file locations, and approved USB devices. These groups can be auto-populated via correlation rules and can help simplify searching and reporting.
Built-in Active Response
Security Event Manager can do much more than trigger email alerts. SEM is designed to immediately respond to security, operational, and policy-driven events using predefined responses, such as quarantining infected machines, blocking IP addresses, killing processes, and adjusting Active Directory® settings.
Enhanced, Real-Time File Integrity Monitoring
Embedded File Integrity Monitoring (FIM) is designed to deliver broader compliance support and deeper security intelligence for insider threats, zero-day malware, and other advanced attacks. Leverage enhanced filter capabilities for finer tuning and significantly reduced the noise associated with lower priority file changes, increasing productivity and efficiency.
USB Detection and Prevention
Security Event Manager can help prevent endpoint data loss and protect sensitive data with real-time notifications when USB devices connect, the ability to automatically block their usage, and built-in reporting to audit USB usage.
Log Forwarding and Exporting
Security Event Manager forwards raw log data with syslog protocols (RFC 3164 and RFC 524 4) to other applications for further use. Additionally, users can export logs to a CSV file so the data can be shared with other teams and external vendors, uploaded to other tools, or attached to helpdesk tickets.
|
 |
|
Splunk Enterprise
Do you want to get more value from your data? Splunk Enterprise collects data from any source, including metrics, logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services. It enables you to search, monitor and analyze that data to discover powerful insights across multiple use cases like security, IT operations, application delivery, industrial data and IoT. Additionally, with the power of machine learning baked in, you can make faster, more informed decisions across the organization.With Splunk Enterprise, everyone from data and security analysts to business users can gain insights to drive operational performance and business results. Whether you’re looking to troubleshoot IT, monitor your security posture and application development, or optimize marketing campaigns, Splunk Enterprise can help get you there. |