What is our primary use case?
The primary use case is for privilege account monitoring. It's monitoring admin accounts for things such as who logged in, where they logged in from, what time they logged in, and from what devices they used Remote desktop, with the privileged accounts.
It's a good tool to do troubleshooting, you can see extensive Info about Kerberos User Auth tickets or Windows Kerberos Machine Auth tickets, which can alert you to say , failing Kerberos Authentications due to incorrect NTP (Network time).
How has it helped my organization?
We're able to do a bit more in terms of forensic analysis.
I am able to correlate the S.A.M. Service Applications Monitoring in SolarWinds ORION Platform.
I can trace back several things including the performance at a certain date and time.
What is most valuable?
It's extremely easy to deploy.
The LEM 6.6, if it's a Windows host, you use the 64-bit or 32-bit installer, and install it. Immediately, you'll start seeing Windows SYSTEM, SECURITY and Application Logs from the host where you deployed the Agent. So, this makes the deployment very easy to install.
On a daily basis, it's good for PKI monitoring.
It's very good for troubleshooting, and data monitoring. It gives you an advanced warning with your backups. If you have no monitoring tool in place, SolarWinds SIEM is a good place to start and very inexpensive.
What needs improvement?
They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.?
They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.
For how long have I used the solution?
SolarWinds LEM is a product that I have been using for approximately a year and a half.
What do I think about the stability of the solution?
Very stable. It seems backend database is PostgreSQL and needs no maintanence.
What do I think about the scalability of the solution?
Not very scalable in my opinion. That's why I'm investigating new SIEM replacement.
How are customer service and technical support?
good. can be hit or miss sometimes, but sometime you get some good tech support over there.
Which solution did I use previously and why did I switch?
With this company, there was no real SIEM and no real use cases before I deployed it. Because of that, I can develop the use cases the educate the management on what they need in terms of SIS security monitoring.
How was the initial setup?
What about the implementation team?
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
Easy setup, very cheap and licensing cost is very fair and easy to understand
Which other solutions did I evaluate?
There was no time. Just read several reports from Gartner, IT Central etc. I did try ManageEngine , but it was a product which was already in Test phase implemented by my predeccesor
What other advice do I have?
Which deployment model are you using for this solution?