SolarWinds log and event manager

Introduction

SolarWinds is ranked by Gartner in the Niche Players section of its latest Magic Quadrant for
SIEM. It lacks the full security suite presence of some competitors, but is well-integrated
across a variety of IT operation capabilities, making it a good fit for SMEs who may lack
their own internal security teams. The company targets tightly resourced, budget-conscious
security teams, in organizations with up to 10,000 employees, and often cites compliance as a
driver.
The issue that we want to address is that we need a SIEM solution that can help us monitor
and manage our logs and events. We need to address this issue because we want to be able to
track down issues and problems as they happen, so that we can fix them quickly.
The solution to this issue is to use SolarWinds log and event manager as our SIEM solution.
This will allow us to monitor our logs and events, and find out what is happening in our
environment. This will help us solve any issues that may be happening, and make sure that
everything is running smoothly. We will also be able to give benefits to those who need it the
most - the users of our system. They will be able to see the issues that are happening, and be
able to fix them quickly. Overall, this project will help us solve our issue and improve our
systems overall.
Those who get benefits from the project are the users of Solarwinds log and event manager.
They will be able to see the issues that are happening, and be able to fix them quickly.
Additionally, Solarwinds will benefit from this project as they will be able to sell their
product more easily to those who need it the most. Overall, this is a beneficial project for all
involved.

Main body

Introduction
SolarWinds Log & Event Manager (LEM) is a powerful and affordable security information
and event management (SIEM) solution. It enables you to collect, analyze, and respond to
data in real time, helping you to identify and resolve issues quickly and effectively.
CLO 2
Collecting and processing events and flow

SolarWinds Log & Event Manager (LEM) collects and processes events and flows in real
time. It uses a variety of data sources to identify issues, including syslog, SNMP traps,
Windows event logs, and application logs. LEM then uses a variety of analysis techniques to
help you find the root cause of issues and resolve them quickly.

Collection of vulnerability data

SolarWinds Log & Event Manager (LEM) collects vulnerability data in real time from a
variety of sources, including Nessus and OpenVAS scans, firewall logs, and security alerts .
LEM then uses a variety of algorithms to identify and prioritize vulnerabilities.

SolarWinds logical components and data flow

.
The following are the logical components of SolarWinds Log & Event Manager (LEM):
Collectors: LEM uses a variety of data sources to identify issues, including syslog, SNMP
traps, Windows event logs, and application logs.

Analyzers: LEM uses a variety of analysis techniques to help you find the root cause of
issues and resolve them quickly.

Responders: If an issue is identified by the analyzers, LEM will send notifications to

designated responders. These responders can include administrators, system engineers, or
security professionals.

Logical data flow: Events and flows are collected in real time and processed by the LEM
logical components to provide you with actionable information.
SIEM Event Collector, Processor and Console architecture

The SolarWinds Log & Event Manager (LEM) event collector communicates with various
data sources, such as Nessus and OpenVAS scanners, firewall logs, and security alerts. The
LEM processor then uses a variety of algorithms to identify and prioritize vulnerabilities. The
console provides you with a graphical interface that allows you to manage your environment
and take action on issues.

Explain the SIEM logical data flow

Events and flows are collected in real time and processed by the LEM logical components to
provide you with actionable information. The LEM processor then uses a variety of
algorithms to identify and prioritize vulnerabilities. The console provides you with a
graphical interface that allows you to manage your environment and take action on issues.
SolarWinds Log & Event Manager (LEM) is a powerful and affordable security information
and event management (SIEM) solution. It enables you to collect, analyze, and respond to
data in real time, helping you to identify and resolve issues quickly and effectively.
How SolarWinds LEM detects and shows offenses using management console

The management console provides you with a detailed view of your environment. You can
use the console to detect and show offenses. The console also allows you to manage your
environment and take action on issues.

Different types of offenses.

There are several types of offenses that can be detected by the SIEM management console.
These include, but are not limited to, malicious activity, unauthorized access, and data
leakage. The benefits of using SIEM include, but are not limited to, improved security
posture, decreased vulnerability detection time, and increased awareness of potential threats.
Additionally, the management console allows you to take action on issues quickly and
efficiently.

CLO3

SolarWinds LEM dashboard.

The Solarwinds log and event manager (LEM) provides a comprehensive intelligence
platform for managing your environment. The LEM dashboard is a graphical interface that
allows you to view and manage events, flows, and data in real time. The dashboard provides
you with a detailed view of your environment, making it easy to identify and take action on
issues.

Steps you take to creating a new dashboard.

To create a new dashboard, you first need to login to the management console. Once logged
in, click on the Panels tab and then select New Dashboard from the drop-down menu. You
will then be prompted to provide a name for your new dashboard and select a region from
which to collect events. After completing these steps, your new dashboard will be ready for
use.

Different SIEM tabs

The different SIEM tabs include, but are not limited to, Logs, Events, Users, and Settings.

 Logs: This tab displays all of the events that have been captured by the SIEM. You
 can view, filter, and export logs as needed.

 Events: This tab provides you with a detailed view of all the events that have been
captured by the SIEM. You can view, filter, and export events as needed.

 Users: This tab displays all of the users who have access to the SIEM and their
privileges. You can also manage user permissions and add new users as needed.

 Settings: This tab allows you to configure the settings for the SIEM. You can modify
log retention policies, configure alerts, and set up reporting options.

Each tab provides you with different options to help you manage your environment more
effectively

Use of menu options

The menu options available in the SIEM include, but are not limited to, Logs, Events, Users,
and Settings.

 Logs: The Logs menu option allows you to view, filter, and export logs as needed.
 Events: The Events menu option provides you with a detailed view of all the events
that have been captured by the SIEM. You can view, filter, and export events as
needed.

 Users: The Users menu option displays all of the users who have access to the SIEM
and their privileges. You can also manage user permissions and add new users as
needed.

 Settings: The Settings menu option allows you to configure the settings for the SIEM.
You can modify log retention policies, configure alerts, and set up reporting options.

Default and customize Dashboards.

Default Dashboards: By default, the SIEM creates three default dashboards that are
designed to help you quickly view and analyze your data. You can access these dashboards
by clicking on the Default Dashboards link on the left side of the screen.

Customize Dashboards: You can also create and customize your own dashboards using the
built-in dashboard designer. This feature allows you to design custom reports and graphs that
are specific to your organization's needs. To access this feature, click on the Customize
Dashboards link on the left side of the screen.

Offense rating.
The explanation for the offense rating is a brief description of how the offense rating was
calculated. This information will help you understand the factors that were used to come up
with this number.

Create an offense and analyze the following: Offense sources and offense status and flags.
The offense source is the service or application that was used to generate the data. The
offense status and flags column indicates whether or not the data is currently in a valid state.
Valid states include active, suspended, and removed.

The offense analysis report will show you the following information: The number of events
that were generated by the offense source. The percentage of events that were classified as
offensive. The average offense rating for each event type.

CLO 4
Asset profiling
Discuss asset profiling

Asset profiling is the process of identifying and categorizing assets based on their value,
criticality, and vulnerabilities. This information can be used to prioritize and focus security
efforts on the most important assets.
There are several ways to profile assets in LEM:

 By type of asset: This includes systems, applications, users, and devices.

 By location: This includes on-premises servers, cloud deployments, and endpoints. -
By role: This includes servers, applications, users, and devices.
  By sensitivity: This includes high-value assets (HVAs), critical assets (CA), and
vulnerable assets (VA).

Discuss asset vulnerabilities

Asset vulnerabilities are the weaknesses in an asset that can be exploited by attackers. Asset
vulnerabilities can be divided into three categories: remote code execution, cross-site
scripting (XSS),

Creating new rule

1. Log into the LEM Console.
2. Go to the Rules view.
3. Click the Add Rule button.
4. Enter a name and description for the new rule .
5. Select the source type for the rule: Event, Log, or Remote Server.
6. Click OK to add the rule
CLO 05
Report template creation
SolarWinds Log & Event Manager (LEM) is a platform that helps administrators to collect,
manage, and analyze logs and events. Administrators can create custom reports to help them
understand the log and event data. LEM provides a simple, intuitive report template editor
that enables administrators to create custom reports quickly and easily.

To create a new report in LEM, first open the Reports tab in the LEM user interface. Next,
select the report type that you want to create from the report types list on the left side of the
window.
Performing advanced filtering
Advanced filtering in SolarWinds Log & Event Manager (LEM) can be performed by using
the filter builder. This can be found in the "Filter" tab, under the "Filter Builder” menu item.
To start, select the columns you would like to filter your data by. LEM will then display the
available filters in the "Filter" tab. You can use these filters to restrict the data displayed in
the "Logs" and "Events" tabs.

Discussion

The team has identified a few problems with the SolarWinds log and event manager. One
issue is that the software does not have a good way to track or manage all of the logs that it
needs to. Another issue is that the software is not well-suited for analyzing large amounts of
data. The team will need to focus on improving these aspects of the software in order to
ensure that it meets the needs of its users. Additionally, the team will need to come up with
ways to effectively analyze all of the data that it collects. Otherwise, this project may be
unsuccessful. Overall, these are major challenges that the team will need to overcome in
order to successfully develop and deploy Solarwinds of log and event manager. Overall, this
project is still in its early stages, so it is likely that there will be further challenges that the
team will need to address. However, with the help of the team's stakeholders, this project
should be able to successfully meet the needs of its users.
References
Drew R. (2018). SolarWinds Log & Event Manager – SIEM Product Overview and Insight.
SolarWinds (2020). olarWinds Log & Event Manager (LEM) Has Been Renamed.SolarWinds LEM is
now Security Event Manager (SEM).
http://www.slideshare.net/anetertugrul/log-ynetimi-sisteminizin-log-karp-karmadn-test-
etmek-ister-misiniz2
http://www8.hp.com/tr/tr/software-solutions/arcsight-esm-enterprise-security-management/
tech-specs.html3
http://www.solarwinds.com/log-event-manager.aspx#p_systemrequirements
https://www.alienvault.com/docs/data-sheets/AV-USM.pdf
http://www01.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/
c_hwg_310_allone_base.html
http://www.slideshare.net/anetertugrul/surelog-international-edition
https://www.netiq.com/documentation/sentinel70/s701_install/data/btmckgy.html#bwwvoik
http://blogs.gartner.com/anton-chuvakin/2014/06/17/on-siem-tool-and-operation-metrics/