cancel
Showing results for 
Search instead for 
Did you mean: 

Security Event Manager (SEM) 2019.4 is now available

Product Manager

Security Event Manager (SEM) 2019.4 is now available on your Customer Portal and solarwinds.com.  The Release Notes are available here and steps to upgrade your existing SEM appliance here. The SEM online demo has also been updated and can be accessed from here​ and you can see the dashboard in action within this video.

Firstly, you'll probably notice our new versioning format. New releases for SEM going forward will now use year.quarter, taking a similar approach to Orion® Platform product modules. SEM versions will be named with the four-digit year in which they were released, followed by the quarter of release. If there's a Service Release in between major releases, it will appear in the third position following the quarter, e.g., 2019.4.1.

So, what's included in this SEM release? This release mainly focuses on our migration from Flash, with new functionality added to our HTML5 interface including dashboards, user-defined groups, and email templates.

DASHBOARD

As the saying goes, a picture paints a thousand wordswhich is particularly true when it comes to log data. The Events page in SEM allows you to interact with your logs via filtering and keyword searching, but it can be difficult to spot any unusual activity or suspicious trends. That's where a dashboard comes into playbeing able to visualize thousands of logs and build a picture of what's happening on your network can be hugely valuable when detecting threats. We've included several out-of-the-box charts based on some of the most common use cases we hear from our customers, including change management, authentication, and network traffic widgets. You can easily create custom widgets based on any filter within the Events page and chart options include bar, pie, and donut, as well as line graphs for time-series data. Drilling into the log data behind each chart is vitally important when analyzing potential threats. You can easily view the corresponding log data within the Events page by clicking on a segment of a chart. Here's a glimpse at our new dashboard looksI hope you like what we've done:

Screenshot 2019-11-07 at 09.22.24.png

USER-DEFINED GROUPS

You can now build and manage these groups via the HTML5 interface. User-defined groups contain data specific to your environment, such as user and computer names, sensitive files, approved USB devices, and so on. These groups can also act as whitelists and blacklists for use in correlation rules and filters, for example, alerting you to attempted URL access to a URL that you've blacklisted. You can create these groups manually or import elements via a CSV file. You can also easily export group elements to a CSV too. To ensure our out-of-the-box content remains relevant to an ever-changing threat landscape, we've updated several of our predefined groups, including SQL Injection/XSS vectors, anonymizer websites, and remote desktop websites.

Screenshot 2019-10-30 at 13.11.30.png

EMAIL TEMPLATES

As part of the SEM 6.7 release, we introduced the ability to manage your correlation rules via the new interface, including the ability to select which email template you'd like to use as part of the alert. However, the creation and customization of those email templates still resided in the Flash console. SEM 2019.4 introduces the ability to build and customize these email templates within the new interface. These emails are incredibly valuable when it comes to adding context to email alerts as well as including information from log data within those alerts.

Screenshot 2019-10-30 at 13.12.30.png

FILTER -> RULE

Your network is probably generating hundreds, if not thousands, of events every second, and trying to identify interesting logs from the deluge of log data is challenging. That's where filters come into play. You can rely on the predefined filters or create custom filters within SEM to home in on certain logs. But what if you want to create a correlation rule to alert or respond to those same events being generated on your network? Until now, you had to create a filter and then manually create a corresponding correlation rule. We've simplified this process and you can now send SEM filters to rule creation to quickly create new correlation rules based on a filter.

Screenshot 2019-10-29 at 10.22.40.png

I really hope you like the direction we're going with Security Event Manager, especially the new user interface. As always, your feedback and ideas are always greatly appreciated, so please provide any feedback you may have within the comments section below or within the SEM Release Candidate forum.

10 Comments
Level 12

We just updated to the new version, very cool layout. Waiting to hear from our management team to take advantage of how data is presented.

Really like the direction the software is running. Now only if you can integrate the reporting somehow...looking forward to that.

Product Manager
Product Manager

Glad you like where we're heading with SEM! Would love to hear any uses case you and your management team come up with. Web based reports, request noted

Looks like I need to update.....

MVP
MVP

SolarWinds is making great progress in building a really competitive product. When it comes to network tools the best tool is the one that you actually use.  That said finding a good SEIM that is actually usable has been a problem. Either they are difficult to use and manage (often requiring the hiring of a "propeller head") or they were little more than a simple log manager. This product is really moving towards filling that gap. The fact that it's running on the Orion platform and integrating with the other tools makes this a great product for many networks.

Level 7

Just upgraded our SEM environment from version 6.7.2 to 2019.4, SEM console Dashboard is much more informative now... also upgraded the storage to 2TB.. is there a way that I can only limit Firewall logs retention to x number of days so that other windows server logs will not be deleted/remove? since firewall logs consumes mostly of our storage it would be great if we can adjust some settings on that area. is there a way and/or hoping we could see that in the next update...

Level 20

The update is worth it @Radioteacher I have some to update still as well but I worked with UX team on the changes... all good stuff!

Level 20

I'm about to bite the bullet and update finally!

Product Manager
Product Manager

Look forward to hearing your thoughts on the upgrade

Level 7

@jhynds  - Have you guys been developing anything in relation to CMMC yet?

Level 20

The current version 2019.4 has been working great and we love the HTML5 updates.  I can't wait until the new reporting in HTML5 eventually comes out!!! From what I've seen it's going to be great and everyone will love it.  It'll be great to put Crystal Reports out to pasture once and for all!!!

About the Author
I have been involved in the IT industry for more than 8 years, focusing on IT Audit, Compliance and Information Security. I have held various roles from IT Desktop and Server Support, IT Auditing and Risk Management and Pre-Sales Engineering with SolarWinds.