SolarWinds Log and Event Manager: SIEM product overview

Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.

The SolarWinds Log and Event Manager is a product for security information and event management (SIEM). SolarWinds SIEM product collects security event log records from an enterprise's security controls, operating systems, applications and other software. As logs are collected, SolarWinds Log and Event Manager analyzes them to identify potentially malicious activity, such as attacks or malware infections. This alerts administrators so they can manually respond to an incident, or the product can attempt to automatically stop attacks through a variety of interactions with other enterprise security controls.

Product versions

The SolarWinds SIEM tool is available as a virtual appliance that is supported by VMware ESX and Microsoft Hyper-V. The virtual appliance models are as follows:

  • LEM30, up to 30 nodes
  • LEM50, up to 50 nodes
  • LEM100, up to 100 nodes
  • LEM250, up to 250 nodes
  • LEM500, up to 500 nodes
  • LEM650, up to 650 nodes
  • LEM800, up to 800 nodes
  • LEM1000, up to 1000 nodes
  • LEM1500, up to 1500 nodes
  • LEM2500, up to 2500 nodes

Larger organizations can buy a virtual appliance from SolarWinds that supports an even higher number of maximum nodes.

Additional security capabilities

SolarWinds Log and Event Manager offers the core SIEM capabilities supported by nearly every SIEM, and in addition, the product also supports enhanced file and registry integrity monitoring to generate additional security log entries for endpoints. No other advanced security capabilities are available from SolarWinds Log and Event Manager.

Reporting capabilities

Robust built-in reporting capabilities are offered by SolarWinds SIEM product, including over 300 reporting templates. These templates address the requirements of many security compliance initiatives, including the following:

Licensing and pricing

Organizations can download a free 30-day trial of SolarWinds Log and Event Manager here.

SolarWinds Log and Event Manager are licensed by the maximum number of nodes a model supports. See here for current pricing by model.

SolarWinds Log and Event Manager

SolarWinds Log and Event Manager is available in a variety of virtual appliance models that are each distinguished by the number of logging nodes they can support; additionally, customized virtual appliances are available to support even larger numbers of nodes. SolarWinds Log and Event Manager's security capabilities are not cutting-edge, but its reporting capabilities are substantially better than average. Nearly any organization, other than the largest enterprises, should consider SolarWinds Log and Event Manager as a possible candidate for SIEM evaluation.

Next Steps

In part one of this series, learn about the basics of SIEM products in the enterprise

In part two of this series, find out about the enterprise benefits of SIEM products

In part three of this series, read about the seven questions to ask before buying a SIEM product

In part four of this series, compare the best SIEM systems in the industry

Dig Deeper on Security analytics and automation