I'm having a little trouble understanding the different between LEM and Threat Monitor. Also the difference between Kiwi Syslog and LEM is a little unclear. Can anyone help clarify a bit? Thanks!
The easy answer is that they were all 3 developed by completely separate companies and acquired by Solarwinds.
In practice they have lots of overlap but I would say the main differences boil down to these
Kiwi - locally hosted, 2 million messages per hour
LEM - locally hosted, 16 million messages per hour (given a powerful enough server) - Can also pull events from a few additional sources outside the common syslog/trap/windows events
Threat Monitor - Cloud based (with local collectors), can't find any publicly documented rate limits - Can also pull events from a few additional types sources
Ahh, very interesting. Thank you for the clarification!