SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat, Risk and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • Securing Hybrid Workforce
      • Unified Endpoint Management (UEM)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • UBsecure (Vex)
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Product
  • SolarWinds Security Event Manager (SEM)
0
E-SPIN
Wednesday, 29 April 2020 / Published in Product, SolarWinds

SolarWinds Security Event Manager (SEM)

SolarWinds Security Event Manager (SEM), is a security information and event management (SIEM) virtual appliance that adds value to existing security products and increases efficiencies in administering, managing, and monitoring security policies and safeguards on your network. SEM previously know as Log & Event Manager.

SEM provides access to log data for forensic and troubleshooting purposes, and tools to help you manage log data. SEM leverages collected logs, analyzes them in real time, and notifies of a problem before it causes further damage. For example, advanced persistent threats can come from a combination of network events such as software installations, authentication events, and inbound and outbound network traffic. Log files contain all information about these events. The SEM correlation engine identifies advanced threat activity, and then notifies of any anomalies.

Security Event Manager at a Glance

  • Collects, consolidates, normalizes, and visualizes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, OS, and other applications
  • Performs real-time correlation of machine data to identify threats and attack patterns
  • Responds to suspicious activity automatically with Active Response, including blocking USB devices, killing malicious processes, logging off users, and more
  • Eases compliance reporting and audits with out-of-the-box reports and filters for HIPAA, PCI DSS, SOX, ISO, DISA STIGs, FISMA, FERPA, NERC CIP, GLBA, and more
  • Intuitive interface and ample selection of out-of-the-box content means you don’t need to be a security or compliance expert to get value from our SIEM solution
  • Affordable, scalable licensing based on log-emitting sources, not log volume

Features

Compliance Reporting Software for IT

Collect and correlate log data to help satisfy various compliance requirements

SolarWinds® Security Event Manager (SEM) is built to make it easy to collect and correlate log data from tens of thousands of devices as required by many auditing authorities. Using real-time log analysis and cross-event correlation from sources throughout your entire infrastructure, this compliance monitoring tool can quickly help uncover policy violations, identify attacks, and highlight threats. With 360° visibility that spans domains and systems, SEM helps streamline your IT compliance reporting.

Generate internal and external regulatory compliance reports

Generating reports with SolarWinds Security Event Manager is simple and reliable. SEM includes built-in report templates for internal and external regulatory compliance, including PCI DSS, GLBA, SOX, NERC CIP, HIPAA, and more. Or, you can create a custom report using the intuitive reporting console.

SEM includes the following features:

  • Ability to collect, monitor, and analyze real-time log data from routers, switches, servers, applications, user endpoints, and more
  • Designed to correlate system and user activities to reconstruct a compliance violation or mitigate an emerging security threat
  • Leverage over 300 built-in compliance report templates
  • Filter information to customize reports for specific departments or recipients
  • Produce graphical summaries to enhance your high-level reports
  • Support forensic analysis findings with detailed reports
  • Export reports in a variety of standard formats

Schedule reports to run automatically or run as needed

SEM provides built-in report templates and advanced reporting tools that make it easy to customize reports. Reports can be printed, exported, or viewed in the console. SEM is designed to make it easy to report over specific time periods and across systems. You can also generate custom reports with data tailored to specific audiences. Run your reports automatically on a regular schedule, or just run them as needed.

Log Monitoring Tool That Includes Cyber Threat Intelligence Feeds

Help improve security with threat intelligence tools

There’s an increase in the volume of DDoS, botnet, and malware attacks happening every day. In this era, implementing a robust cyber threat intelligence framework for collecting, consolidating, and analyzing all your log data and threat intelligence feeds in one place is a smart move for data security and the company’s bottom line.

SolarWinds Security Event Manager (SEM) is an on-premise, advanced SIEM tool built with an active threat intelligence management system in the form of threat feeds designed to automatically detect and respond to user, application, and network threats.

Flag threat events with cyber threat intelligence frameworks

Security Event Manager is built to collect logs, correlate events, and monitor threat data lists, all in a centralized location. The continuously updated threat intelligence feeds can proactively provide cyberthreat analysis of activities against a list of known malicious threat vectors, and are designed to immediately alert you when known bad actors have entered your environment or user-configured network security thresholds have been triggered.

Leverage threat intelligence tools to automate detection

Imagine that abnormal privileged user activity occurs outside of the usual working hours, which can be a sign of malicious internal behavior. Using its integrated threat intelligence, SEM is built to compare security events against threat feeds that are updated daily, and alert when one of the source or destination fields hit a blacklist IP address or domain to automatically pinpoint potential security issues like phishing attempts, malware infections, and external cyberattacks.

Security Event Manager also comes with over 700 built-in correlation rules and hundreds of active responses that admins can configure to automatically trigger to respond to security events in real time. You can select from predefined rules or manually define rules to set operational thresholds, easily automating how SEM mitigates immediate threats and generates relevant notifications in response to defined conditions.

Gain powerful insights by using threat intelligence feeds

You can more easily identify trends within large amounts of threat data by leveraging the built-in visualization and discovery techniques in SEM, including parameterized search, tree maps, charts, and word clouds. These features help in filtering out the inherent noise present in log data and can allow you to more quickly identify important cyberthreat security events, like suspicious behavior and data anomalies. You can save these searches for later use and even export them as reports in PDF or CSV format. SEM also offers an extensive library of reports, which can be used out-of-the box or customized for compliance and forensic analysis.

Make the right incident-response decision using Active Response software

Help increase response capabilities as threats grow

You may not be able to respond to threats at scale if you subscribe to the prehistoric method of manual research, validation, and remediation. New threats are developed and deployed every day, and existing threats we thought we’d handled are evolving to cause greater damage. You could invest an entire day in the manual response method, and you’d still be behind due to the sheer volume of potential threats in the queue still needing to be investigated. Respond to threats at scale using SolarWinds® Security Event Manager (SEM) security incident management software with Active Response.

Respond to threats as soon as alarms are triggered

Active Response provides preconfigured, customizable actions for incident response based on which trigger conditions are satisfied, enabling you to proactively hunt and stop threats. Security Event Manager incident response solutions are designed to ingest threat intelligence findings and act on unique user-defined actions. Simply kick off an automated email to your team, actively block a threat detected at your firewall, disable an Active Directory account whose actions may place your enterprise at risk, and more.

Easily configure incident responses to complex threats

Manual response can be a task requiring a certain level of technical breadth to understand the risks and consequences of the selected remediation path. By the time IT professionals have thoroughly researched a potential threat, it may have already escalated into something more serious. Remove the manual research involved in incident response and let the security incident management software in Security Event Manager with Active Response do the heavy lifting.

Automate SIEM Log Aggregation, Analysis, and Reporting

Aggregate all SIEM logs at one location

SolarWinds Security Event Manager (SEM) is designed to facilitate effective Security Information and Event Management (SIEM) log management. SEM is built with a SIEM log collector tool that helps you automatically collect and aggregate logs from multiple devices and applications across your network in an agentless environment. SolarWinds SEM is designed to give you a unified view to help you cut through the clutter and make sense out of the noise created by thousands of SIEM logs. With Security Event Manager, you can easily correlate event log data from multiple sources to easily discover security threats with minimum time and effort.

Detect security risks with real-time analysis

The SIEM management capabilities of Security Event Manager help accelerate threat detection and empower your IT team to analyze SIEM log data in real-time. With integrated threat detection capabilities, SEM is designed to help you dig deep into security event logs and investigate incidents faster. SEM is built to help you easily ascertain the cause and effect of events generated across the network infrastructure. The advanced search and event-time correlation capabilities in SEM can help simplify and expedite forensic analysis and network security audits. Also, its SIEM log analyzer tool is designed to easily forward correlated log data to an external source for further analysis if and when required.

Monitor proactively and automate remediation

Security Event Manager is built to provide continuous SIEM monitoring to handle security breaches and incidents better. You can constantly monitor your files and folders with its SIEM capabilities to track any permission changes or data modification to identify suspicious activities. SEM’s USB security software provides proactive USB device monitoring to avert IT security risks like data leaks or other malicious threats. The SIEM monitoring tool capabilities of SEM helps to optimize security threat resolution with automated responses. You can also initiate real-time threat remediation by configuring threshold-based alarms and notifications.

Sustain security posture with integrated reporting

SolarWinds Security Event Manager is built to provide an integrated compliance reporting tool for simplified and faster compliance audits. SEM’s standardized reports available out-of-the-box can assist you in demonstrating various industry-specific regulations like HIPAA, PCI DSS, SOX, FISMA, NERC CIP, FERPA, GLBA, GPG13, DISA STIG, and more. You can easily conduct forensic investigations with SEM’s detailed drill-down reports. In addition to industry regulation compliance, the compliance reporting can also help you demonstrate and ensure that any internal security policies are effectively implemented at all times.

File Integrity Monitoring Software

Track file and directory access, movement, and shares

SolarWinds® Security Event Manager (SEM) file integrity monitoring tool is designed to detect and alert on changes to key files, folders, and registry settings. Using SEM, you can easily correlate system, Active Directory, and file audit events to obtain information on which user was responsible for accessing and changing a file and identify other users activities occurring before and after the file change. You can also use this information to create an alert or run reports to review activity.

Use a file integrity checker to detect malware threats

Malware and advanced persistent threats (APTs) often access and modify local files. Security Event Manager file integrity monitoring software is built to correlate logs from anti-virus tools and IDS/IPS with file audit events to more easily detect APTs, malware, and improve FIM security.

You can also configure Security Event Manager’s integrated incident response actions to trigger when certain conditions exist that can kill a malicious process or quarantine systems for complete endpoint protection.

Demonstrate FIM security compliance requirements

Many industry compliance standards—like PCI DSS, SOX, HIPAA, NERC CIP, FISMA, and SANS Critical Security Controls—require you to both secure sensitive data and demonstrate how you’ve secured it.

Security Event Manager file integrity monitoring is built to help you more easily demonstrate these requirements. You can use built-in file integrity monitoring templates to audit key files, folders, and generate out-of-the box reports to help demonstrate compliance.

Easily perform Windows file integrity monitoring

With a simple configuration process, you can integrate Security Event Manager into your Microsoft OS by following steps from SolarWinds Customer Success here.

In line with the SolarWinds commitment to customization, you have the option to set up your Windows FIM tool to monitor either individual nodes or an entire connector profile. During the configuration process, you can customize the files, folders, or access criteria you want to monitor. You can also specify the conditions for the FIM security monitoring, so highly critical data can be scrutinized more thoroughly than less sensitive files.

Benefits

Data aggregation and visibility

Visibility into your entire IT environment is one of the biggest benefits of SIEM. This visibility goes hand in hand with the way that logs are normalized and correlated in a SIEM tool. No matter the size of a business, there are likely a variety of different components in the IT environment, each of which is generating, formatting, and sending huge amounts of data.

Incident detection

Many of the hosts on your system that log security breaches don’t include built-in incident detection capabilities. That means they can observe events and produce log entries, but can’t analyze them for potential suspicious activity. However, because SIEM tools correlate and analyze the log data that’s produced across hosts, they’re able to detect the incidents that might otherwise be missed—either because the relevant logs were not analyzed or because they were too widely separated between hosts to be detected.

Improved efficiency

SIEM tools can significantly improve your efficiency when it comes to understanding and handling events in your IT environment. With SIEM tools, you can view the security log data from the many different hosts in your system from a single interface. This expedites the incident handling process in several ways. First, the ability to easily see log data from the hosts in your environment allows your IT team to quickly identify an attack’s route through your business. Second, the centralized data lets you easily identify the hosts that were affected by an attack.

Simplified compliance reporting

Practically every business, no matter the size or the industry, has at least some regulations that it needs to comply with. Ensuring that you’re abiding by those regulations and that you can prove your compliance can be a difficult and time-consuming task. Luckily, thanks to the collection, normalization, and organization of log data, SIEM tools can help simplify the compliance reporting process. In fact, the benefits of SIEM tools as centralized logging solutions for compliance reporting are so significant that some businesses deploy SIEMs primarily to streamline their compliance reporting.

New features and improvements in SEM

Release date: November 7, 2019

New in SEM 2019.4

HTML5 features

SEM continues the transition from Flash-based software to HTML5 by adding the following features to the SEM Events Console:

Visualize network and log data through the SEM Dashboard

Access the SEM Dashboard to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display network data in a variety of tables and graphs according to pre-defined and user-defined filter sets.

Create rules from filters

From the Filters pane, you can create a new rule based on any existing filter with a single click. This allows you to set alerts for specific event activity without manually duplicating filter values in the custom rule builder.

Create email templates

You can use email templates to customize your email notifications when triggered as responses in your custom rules. An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is filled in from the original event that caused the rule to fire.

Create user-defined groups

Create user-defined groups to organize related elements for use with rules and filters. Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced frommultiple rules and filters.

Update SEM agents and connectors automatically

On the SEM Events Console Settings page, you can enable automatic updates for SEM agents and connectors.

Download debug logs

SEM simplifies the network troubleshooting process by offering a one-click debug log download feature which no longer requires a third-party application and additional configuration steps. On the SEM Events Console Settings System Resources tab, click Download debug logs, and then forward them to SolarWinds Customer Support for assistance.

Set the global password policy for SEM users

On the SEM Events Console Settings page, you can set minimum password requirements for local SEM user accounts.

Enable the Threat Intelligence feed

On the SEM Events Console Settings page, you can enable the Threat Intelligence feed, which enables SEM to detect threats based on lists of known malicious IP addresses.

Participate in the SolarWinds Improvement Program

On the SEM Events Console Settings page, enter your email address to send usage statistics to SolarWinds to help us improve our products.

Browse FIM directories

SEM streamlines the FIM inclusion configuration process by allowing you to navigate to and choose specific files, directories, and registries. This enhancement eliminates the requirement to manually enter specific navigation paths.

Set the maximum event threshold

You can set the maximum number of events that populate the filters in your SEM Events viewer. The default setting is 10,000 events. This means SEM will store up to 10,000 events in memory for each filter. This setting also applies to the maximum number of events that can populate each filter-based dashboard widget.

Additional features and improvements

Agent installer support for Windows 2019

Starting with SEM 2019.4, the SEM agent installer supports Windows 2019.

Deploy SEM to Amazon Web Services (AWS)

With version 6.7 and later, you can deploy SEM to Amazon Web Services (AWS). To get started, contact your SolarWinds Sales or Customer Support representative to request access to SEM on AWS.

End of life, end of support, and deprecation notices

End of life

Version EOL

Announcements

EOE Effective

dates

EOL Effective dates
6.3.1 May 23, 2019: End-of-Life (EoL) announcement – Customers on SEM version 6.3.1 should begin transitioning to the latest version of SEM. August 21, 2019: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 6.3.1 will no longer be actively supported by SolarWinds. August 21, 2020: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 6.3.1.

End of support

Type Details
Windows Server 2008 As of SEM 2019.4, Windows Server 2008 is no longer supported. SEM still supports Windows Server 2008 R2.

Deprecation notice

Type details
VMware vSphere 5.5 Beyond SEM 6.7, releases will no longer support vSphere 5.5.

System Requirements

March 26, 2020

Use the following tables to plan your Security Event Manager (SEM) deployment to suit your network environment.

Server sizing is impacted by:

  • Number of nodes and network traffic. Consider event throughput and performance degradation when planning the size of your deployment. As the number of nodes and network traffic increase, the size of your deployment will need to grow with it. For example, if you are running a small deployment and begin to notice performance degradation at 300 nodes, move to a medium deployment.
  • Storing original (raw) log messages in addition to normalized log messages. If you will be storing original log messages, increase the CPU and memory resource requirements by 50 percent. See your hypervisor documentation for more information.

Sizing criteria

Use the following table to determine if a small, medium, or large deployment is best suited to supporting your environment.

Sizing Criteria Small Medium Large
Number of nodes Fewer than 500 nodes in the following combinations:

  • 5 – 10 security devices
  • 10 – 250 network devices, including workstations
  • 30–150 servers
Between 300 and 2,000 nodes in the following combinations:

  • 10 – 25 security devices
  • 200 – 1,000 network devices, including workstations
  • 50 – 500 servers
More than 1,000 nodes in the following combinations:

  • 25 – 50 security devices
  • 250 – 1,000 network devices, including workstations
  • 500 – 1,000 servers
Events received per day 5M – 35M events 30M – 100M events Up to 215m events (2,500 EPS)
Rules fired per day Up to 500 Up to 1,000 Up to 5,000

SEM VM hardware requirements

Hardware on the VM host Small Medium Large
CPU 2 – 4 core processors at 2.0 GHz 6 – 10 core processors at 2.0 GHz 10 – 16 core processors at 2.0 GHz

If you will be storing original log messages in addition to normalized log messages, increase the CPU and memory resource requirements by 50%.

Memory 8 GB RAM 16 GB – 48 GB RAM 48 GB – 256 GB RAM
Hard drive storage 250GB, 15k hard drives (RAID 1/mirrored settings) 500GB, 15K hard drives (RAID 1/mirrored settings) 1TB, 15k hard drives (RAID 1/mirrored settings)
  • Installing SEM in a SAN is preferred.
  • High-speed hard drives (such as SSD drives) are required for high-end deployments.
  • Large deployments may require 1 to 2TB of storage, which you can reserve on VMware ESX(i) 6.5 (and later) and Microsoft Hyper-V 2012 R2 or 2016.
Input/output operations per second (IOPS) 40 – 200 IOPS 200 – 400 IOPS 400 or more IOPS
NIC 1 GBE NIC 1 GBE NIC 1 GBE NIC

SEM Azure hardware requirements

Hardware on the VM host Small

Standard_DS3_v2

Medium

Standard_DS4_v2

Large

Standard_D32s_v3

CPU [cores] 4 8 32
RAM [GB] 14 28 128
IOPs 12800 25600 51200

SEM software requirements

Software Requirements
Hypervisor (required on the VM host) One of the following:

  • VMware vSphere ESX 6.5 or ESXi 6.5 and later
  • Microsoft Hyper-V Server 2016 or 2012 R2
Microsoft Azure Learn about Microsoft Azure requirements here.
Amazon Web Services Learn about Amazon Web Services requirements here.
Web browser (required on a remote computer to run the web console) Current and later versions of the following:

  • Google® Chrome™ 71.0.3578
  • Mozilla Firefox® 64
Adobe Flash (browser plug-in required on a remote computer to run the web console) Adobe Flash Player 15

SEM agent hardware and software requirements

Hardware and Software Requirements
Operation System (OS) The SEM agent is compatible with the following operating systems:

  • HPUX on Itanium
  • IBM AIX 7.1 TL3, 7.2 TL1 and later
  • Linux
  • macOS Mojave, Sierra, High Sierra
  • Oracle® Solaris 10 and later
  • Windows (10, 8, 7, Vista)
  • Windows Server (2019, 2016, 2012, 2008 R2)

The requirements specified below are minimum requirements. Depending on your deployment, you may need additional resources to support increased log-traffic volume and data retention.

Memory 512 MB RAM
Hard Drive Space 1 GB
Other requirements Administrative access to the device hosting the SEM Agent.

The SEM agent for Mac OS X requires Java Runtime Environment (JRE) 8 or later.

SEM reports application hardware and software requirements

Hardware and Software Requirements
Operation System (OS) The SEM reports application is Windows only. The following Windows versions are supported:

  • Windows 10 and later
  • Windows Server 2016 and 2012
Memory 512 MB RAM minimum.

SolarWinds recommends using a computer with 1 GB of RAM or more for optimal reports performance.

Other requirements Install the SEM reports application on a system that runs overnight. This is important because the daily and weekly start time for these reports is 1:00 AM and 3:00 AM, respectively.

Ensure the Reports Console version matches your version of the SEM appliance. Incompatible versions may result in installation or login failures.See the following articles in the Customer Success Center for troubleshooting tips:

  • Troubleshoot the SEM reports application
  • SEM reports won’t install correctly
  • Error with Sophos Enterprise Console

SolarWinds SEM Port and Firewall Requirements

This page lists the firewall ports that you need to open to allow network communication with SolarWinds SEM. Configure any firewall that stands between any two points of communication to allow traffic to reach SEM.

This page lists the firewall ports that you need to open to allow communication with SolarWinds Security Event Manager (formerly Log & Event Manager). Any firewalls that stand between any two points of communication should allow inbound and/or outbound traffic across the specified ports to ensure that SEM works properly.

In the table, “inbound” assumes that the SEM VM is behind the firewall, and that firewall rules allow network traffic through the firewall to the SEM VM.

ENVIRONMENT

LEM 6.3;LEM 6.4;LEM 6.5;LEM 6.6;SEM 6.7;SEM 2019.4
CAUSE
RESOLUTION
PORT # PROTOCOL SERVICE DIRECTION DESCRIPTION
22, 32022 TCP SSH Bidirectional SSH traffic to the SolarWinds SEM VM. (Port 22 is not used prior to version 6.3.x.)

If you need to close either ports 22 or 32022, contact SolarWinds Support.

25 TCP SMTP Outbound SMTP traffic from the SolarWinds SEM VM to your email server for automated email notifications.
80, 8080 TCP HTTP Bidirectional Non-secure HTTP traffic from the SolarWinds SEM console to the SolarWinds SEM VM. (SEM closes this port when activation completes, but you can re-open it with the CMC togglehttp command.)
139, 445 TCP NetBIOS, SMB Bidirectional Standard Windows file sharing ports (NetBIOS Session Service, Microsoft SMB) that SEM uses to export debug files, syslog messages, and backup files.

The SEM Remote Agent Installer also uses these ports to install Agents on Microsoft Windows hosts across your network.

161, 162 TCP SNMP Bidirectional SNMP trap traffic received from devices, and used by the Orion platform to monitor SEM. (Monitoring SEM on port 161 is not used prior to version 6.3.x.)
389, 636 TCP LDAP Outbound LDAP ports that the SEM Directory Service Connector tool uses to communicate with a designated Active Directory domain controller.

The SEM Directory Service Connector tool uses port 636 for SSL communications to a designated Active Directory domain controller.

443, 8443 TCP HTTPS Bidirectional HTTPS traffic from the SolarWinds SEM console to the SEM VM.

SEM uses these secure HTTP ports after SEM is activated.

(445) TCP See entry for port 139.
514 TCP or UDP Syslog Inbound Syslog traffic from devices sending syslog event messages to the SolarWinds SEM VM.
(636) TCP See entry for port 389.
2100 UDP NetFlow Inbound NetFlow traffic from devices sending NetFlow to the SolarWinds SEM VM.
6343 UDP sFlow Inbound sFlow traffic from devices sending sFlow to the SolarWinds SEM VM.
(8080) TCP See entry for port 80.
(8443) TCP See entry for port 443.
8983 TCP nDepth Inbound nDepth traffic sent from nDepth to the SEM VM containing raw (original) log data.
9001 TCP SEM reports application Bidirectional SEM reports application traffic used to gather SEM teports data on the SEM VM.
(32022) TCP See entry for port 22.
37890-37892 TCP SEM Agents Inbound SEM Agent traffic sent from SolarWinds SEM Agents to the SolarWinds SEM VM. (These ports correspond to the destination ports on the SEM VM.)

SEM no longer uses the port listed in the following table.

PORT # PROTOCOL SERVICE DIRECTION DESCRIPTION
5433 TCP SEM Reports Inbound Port 5433 is no longer used. Previously, this port carried traffic from the SolarWinds SEM reports application to the SolarWinds SEM VM. This was used by versions prior to LEM 5.6, for which support ended December 2015.

 

Tagged under: Solarwinds

What you can read next

VMware AirWatch Technical Overview by E-SPIN
VMware AirWatch Technical Overview by E-SPIN
Titania Nipper Studio
Titania Nipper Studio
Acunetix v10 Technical Overview by E-SPIN
Acunetix v10 Technical Overview by E-SPIN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • The Accelerated Era of AI and Robotics: Adapting to the Digital Revolution

    The IT and technology sector has experienced a ...
  • The Future of Work: Embracing the Potential of Generative AI and Robotics

    The potential for generative AI to revolutioniz...
  • DevOps Platform – GitLab 15 Releases and Updates

    GitLab is evolving, where constant research are...
  • The Role of AI and Robotics in the 2023 Global Financial Crisis and Its Likely Outcome

    The 2023 Global Financial Crisis has already be...
  • Identity and Access Management (IAM) in Securing Digital Identities and Beyond

    The complexity in securing digital identities h...

Recent Comments

  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking
  • Atalay marie on What is Cybersecurity Mesh ?

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • Excelledia
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Isorobot
  • JetBrains
  • Job
  • Life Science
  • LiveAction
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • UBsecure
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2022 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP