A SIEM tool is not a vacuum cleaner; you can’t just turn it on and have it siphon up all your log information, and bag it up nicely for you to later dump with out getting your hands dirty. A SIEM requires hands on work, and careful consideration of your particular environment. What may be perfectly normal in your environment may very well be a red flag for another environment. Many times companies will buy a SIEM to simply "check off the box" of some compliance requirement without ever seeing if the solution will work for them.
SIEM vendors, including Solarwinds, have worked diligently to make the out of the box experience with SIEM more “vacuum-esque”, with easier configuration tools, and out of the box rules, alerts and reports. Unfortunately there is no one-size-fits-all approach a vendor can take to apply to all industries and businesses.
With all that being said I would encourage the following: Know your network, spend time with it (many of you already do). Then spend time and effort configuring your SIEM for your network and your needs. In the end it will be a much more fulfilling experience. After all, what is the point of a tool if it isn’t used properly?
To check out the most up-to-date information regarding What We're Working on, please visit the LEM Product Roadmap page.
Be sure to let us know in the Log & Event Manager Feature Requests forum, if there are features you're really keen on. This list doesn't enumerate a lot of the features we're looking into for long term development and further releases, but we continually use Thwack as our biggest source of feedback.
We are busily working on the next release and among many things we are looking at, there is Checkpoint R77 and PCI 3.0 support!
If you would like to influence this feature and Firewall Security Manager in general and if you are interested in these particular feature, please reach out to me as soon as possible!
Sign up for the beta here: FSM Beta Survey
Please note this beta is open to current customers with active maintenance on Firewall Security Manager and is NOT suitable for production environment and you need a separate test system.
This Beta is focused on small, but high quality feedback and you will be rewarded by crazy number of Thwack points! First come, first served!
After you sign up and confirm Beta agreement, I will contact you shortly.
One of the things that we wanted to do for this release was to split out the Windows Filtering Platform (WFP) from the Windows Security log connector.
Why are we splitting this out into a separate connector?
This is being split out because customers frequently call into support after being completely overwhelmed with the sheer volume of data upon enabling the Windows Security Log connector. While on the other hand some customers still want to collect this data.
What does this mean?
It means that upon connector upgrade this behaviors will change. Anyone that wants to collect Windows Filtering Platform events will need to configure that connector specifically once they get the latest connector update.