Solarwinds SEM is designed to receive and process the tens of thousands of event log messages generated by network devices and servers. Next, it uses a sophisticated matching engine to instantly correlate events, identifying potential security threats or other issues. Events are processed in real-time and in memory, meaning they don’t need to be written to a database and then queried before the system can identify problems.
Response is incredibly fast, though obviously higher log volumes could lead to slower processing depending on how powerful your server is .A monitoring display, like the one below, shows log data and events as they are ingested from your devices. The Events page allows for log filtering, keyword search, and exporting of log data.
But the real power in SEM comes from its ability to automatically detect suspicious patterns in the logs and events as they stream in.It does this using correlation rules to look for patterns matching defined conditions’ ships with over 700 built-in correlation rules you can use to start monitoring the network out-of-the-box. And, SolarWinds makes it easy for admins to create new rules. A simple graphical drag-and-drop interface allows admins to build new filters. Say goodbye to complex query languages. Event correlation rules are flexible. Rules can be set to correlate events based on times, transactions, or even groups of events. Thresholds can be specified for a number of events in a time period. And, variables can be set for various conditions—for example, enable rules during certain business hours, but disable them outside of business hours.
—– RESOURCES —–
#Hacking #KillChain #Verdatabo #Solarwinds
windows server 2012