Threat Detection

Perform automated, in-depth threat detection across your network infrastructure

Correlate event logs with integrated threat intelligence

SolarWinds® Security Event Manager (SEM) is built to automatically gather, organize, and normalize raw log data from across your network into one central location. Easily compare this system-wide log data against potential issues from an out-of-the-box threat database feed to better analyze event logs and detect potential threats. With SEM, admins gain a comprehensive overview of all their endpoints, including firewalls, IDS/IPS devices and apps, servers, routers, switches, OS logs, and other applications. 

As SEM collects logs from these endpoints, it provides real-time correlation with a regularly updated security feed based on a variety of research sources. This allows SEM to tag events while detecting bad IPs and other potentially malicious activity. For up-to-the-minute security support, SEM automatically downloads up-to-date lists of confirmed bad actors like potentially infected hosts, command and control networks, botnets, and spammers. 

Achieve real-time, system-wide threat detection

Do you know what’s happening across your network? SEM performs continuous threat detection monitoring and alerting, so suspicious activities don’t go overlooked. The tool is designed to use automated processes to detect threats across your devices and services, helping minimize the need for manual detection efforts. You can also set custom alerts or view SEM alert feeds to catch red flags, including:

  • IDS/IPS systems with infection symptoms
  • Antivirus software addressing potential infections
  • Security system event stream triggers
  • System errors and crash reports

SEM is built to identify the services that are being consumed, further reducing the manual effort it takes to detect cyber threats. 

It’s also simple to drill down into logs with SEM grouping and filter features. SEM includes several filter categories out-of-the-box designed to support security industry best practices, such as events that could indicate virus attacks, events detected by IDS tools, and events from Windows event logs that contain “error.”

Automate responses to cyber threat detection

Security Event Manager alerts can enable admins to take manual action more quickly, with the ability to configure the tool to perform automatic actions based on event types or log activity. Admins can use the SEM configuration options to create rules for responding to flagged threats, including security, operational, and policy-driven events. As part of the real-time threat detection process, SEM offers several automated Active Response actions, such as killing processes, logging off users, and even blocking USB devices that may pose a threat. You can also configure the tool to quarantine infected machines, block IP addresses, and adjust Active Directory settings

Catch threats from end-user activity, including USB use

Use Security Event Manager to track end-user activity in real time and know when privileged accounts are active, as well as how and where they are being used. You can also leverage the file integrity monitoring (FIM) feature in SEM to view and address unauthorized or suspicious activity across files, folders, and Windows Registry settings. Fine-tune FIM filters to help ensure only higher-priority file changes trigger alerts. Additionally, SEM can provide real-time notifications when users connect USB devices, with reporting features to help you audit USB usage. If a USB device poses a potential threat, you can also create a USB device rule to instantly block an unauthorized connection.

Get More on Threat Detection
Do you find yourself asking…

Use threat detection to achieve an up-to-date overview of security

Security Event Manager

  • Correlate log data with a regularly updated list of security threats
  • Keep tabs on suspicious end-user activity like excessive login attempts
  • Automatically gather logs from across integrated security tools

Starts at

Subscription and Perpetual Licensing options available

EMAIL LINK TO TRIALFully functional for 30 days
Let’s talk it over.
Contact our team. Anytime.