商品明細

SolarWinds Security Event Manager 事件管理

商品簡述
Security Event Manager使用安全信息和事件管理解決方案改善您的安全狀況並快速證明合規性

商品介紹

本產品出貨為最新版本。
如需購買或了解內容請來電(2749-1909)或來信(sales@ahasoft.com.tw)業務部
___________________________________________________________________

目前Apache Log4j事件CVE-2021-44228 ,SolarWinds Orion受影響的模組為SAM與DPA。
UPDATE December 13, 2021: NOTE: This security vulnerability only affects Server & Application Monitor (SAM) and Database Performance Analyzer (DPA) and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.

有關Apache Log4j事件,詳見https://www.ahasoft.com.tw/page/news/show.aspx?num=1063&page=1&kind=8&lang=TW

Security Event Manager

Improve your security posture and quickly demonstrate compliance with a lightweight, ready-to-use, and affordable security information and event management solution. 

Advanced pfSense Firewall Log Analyzer
Help improve security, monitoring, and troubleshooting with insightful pfSense reporting and analysis.

 

APT Security Software for Advanced Persistent Threat Defense
Easy-to-use APT software detects threats across environments for defense-in-depth security.

 

Audit Logon Events
Keep track of logon and logoff events with a centralized logon audit events monitor.


Automate Compliance Risk Management

Get improved compliance risk management with active compliance verification and continuous risk monitoring.


Automate SIEM Log Aggregation, Analysis, and Reporting
Get real-time actionable insights from unified and correlated SIEM logs to detect and handle security risks.


Azure AD Log Analytics and Monitoring
Audit logs on Azure AD to optimize security efforts.


Botnet Detection Tool Designed to Help Monitor for Bot Attacks and Threats

Strengthen real-time situational awareness and advanced botnet detection capabilities.


Centralized Log Management
Choose centralized log management to achieve streamlined, in-depth control.


Compliance Management Software Helps Demonstrate IT Compliance

Help simplify IT compliance management with automated monitoring and reporting of compliance policy violations.

SEM VM hardware requirements

See Allocate CPU and memory resources to the SEM VM in the SEM Administrator Guide for information about how to manage LEM system resources.

Hardware on the VM host Small Medium Large
CPU

2 – 4 core processors at 2.0 GHz

6 – 10 core processors at 2.0 GHz

10 – 16 core processors at 2.0 GHz

If you will be storing original log messages in addition to normalized log messages, increase the CPU and memory resource requirements by 50%.

Memory 8 GB RAM 16 GB – 48 GB RAM 48 GB – 256 GB RAM
Hard drive storage 250GB, 15k hard drives (RAID 1/mirrored settings) 500GB, 15K hard drives (RAID 1/mirrored settings)

1TB, 15k hard drives (RAID 1/mirrored settings)

  • Installing SEM in a SAN is preferred.
  • High-speed hard drives (such as SSD drives) are required for high-end deployments.
  • Large deployments may require 1 to 2TB of storage, which you can reserve on VMware ESX(i) 5+ (and later) and Microsoft Hyper-V 2012 R2 or 2016.
Input/output operations per second (IOPS) 40 – 200 IOPS 200 – 400 IOPS 400 or more IOPS
NIC 1 GBE NIC 1 GBE NIC 1 GBE NIC

SEM software requirements

Learn about Microsoft Azure requirements here, and Amazon Web Services requirements here.

Software Requirements
Hypervisor (required on the VM host)

One of the following:

  • VMware vSphere ESX 5.0 or ESXi 5.0 and later
  • Microsoft Hyper-V Server 2016 or 2012 R2
Web browser (required on a remote computer to run the web console)

Current and later versions of the following:

  • Google® Chrome™ 71.0.3578

  • Microsoft Edge 44

  • Mozilla Firefox® 64
Adobe Flash (browser plug-in required on a remote computer to run the web console) Adobe Flash Player 15

SEM agent hardware and software requirements

Hardware and Software Requirements
Operation System (OS)

The SEM agent is compatible with the following operating systems:

  • HPUX on Itanium

  • IBM AIX 7.1 TL3, 7.2 TL1 and later
  • Linux

  • macOS Mojave, Sierra, High Sierra

  • Oracle® Solaris 10 and later

  • Windows (10, 8, 7, Vista)

  • Windows Server (2019, 2016, 2012, 2008)

The requirements specified below are minimum requirements. Depending on your deployment, you may need additional resources to support increased log-traffic volume and data retention.

Memory 512 MB RAM
Hard Drive Space 1 GB
Other requirements

Administrative access to the device hosting the SEM Agent.

The SEM agent for Mac OS X requires Java Runtime Environment (JRE) 8 or later.

SEM reports application hardware and software requirements

Hardware and Software Requirements
Operation System (OS)

The SEM reports application is Windows only. The following Windows versions are supported:

  • Windows 10 and later

  • Windows Server 2016 and 2012
Memory

512 MB RAM minimum.

SolarWinds recommends using a computer with 1 GB of RAM or more for optimal reports performance.

Other requirements

Install the SEM reports application on a system that runs overnight. This is important because the daily and weekly start time for these reports is 1:00 AM and 3:00 AM, respectively.

Ensure the Reports Console version matches your version of the SEM appliance. Incompatible versions may result in installation or login failures.

See the following articles in the Customer Success Center for troubleshooting tips:

  • Troubleshoot the SEM reports application
  • LEM 6.4 reports won't install correctly
  • Error with Sophos Enterprise Console

SolarWinds Security Event Manager Overview


 

Creating Correlation Rules with Security Event Manager