When it comes to Event Log Monitoring and management, scalable overviews and the ability to respond to incidents and rectify problems is of the utmost importance. Two of the more popular and powerful monitoring programs are Solarwinds LEM and Splunk, and this article will outline key features and comparisons for each. The main application discussed from Solarwinds will be the Log & Event Manager and Splunk.
As far as installation goes, Splunk is definitely easy and quick. There is one base program to install, and then modules and add-on applications may be added from that program. The base program is fairly empty, and requires the user to add the necessary modules in order to make full or even partial use of the tool. On the plus side, the modules and add-ons are Free.
Solarwinds also has a fairly easy install. However, Solarwinds also separates key functions of network monitoring into several different installable programs. For example, if you want to monitor web traffic, you need to install the Network Traffic Analyzer add-on to the Network Performance Monitor program.
Features of Solarwinds LEM
Eliminate threats faster with instant detection of suspicious activity and Event correlation with Rules and Event based reporting and alerts
Using threat intelligence groups across the internet that monitor DDOS, botnets, SPAM and other threats online, Solarwinds LEM updates BAD IPs and Bad activity and assists you in Pinpointing Potential Security issues that could potentially cause issues in your infrastructure.
Threats that LEM protects you against include:
- Malware Infections
- Phishing Attempts
- External Attacks from Known Malicious IP's and Hosts
LEM Allows you to create Rules and Filters that will automatically use the Threat intelligence data to help you thwart any attacks that could arise in your network before they occur.
Graphs and Reporting Features that assist in showing the constant threats and security issues that have been avoided within your Network and help meet compliance issues.
File integrity Monitoring will help you comply with policy based auditing of files and registry keys and activity. You'll understand and have an overview of what files have been read, modified and deleted.
Monitoring file integrity will also assist with Compliance of Regulations including:
- PCI DSS
On top of all the features mentioned above, File Integrity Monitoring is more important than ever right now with the constant worry of Ransomware attacks and Malware that is posing threats on every business in the world.
Solarwinds helps you pinpoint file modifications and allows you to see what is going on within your network computers.
USB Drive monitoring is another great feature of Solarwinds LEM which assists you in blocking malicious executables that are set to auto-run when plugged into a USB port. The LEM Dashboard shows you threats from USB Devices, including USB Files that are created, modified, deleted, attached and Detached.
You have the ability to specify the blocking of USB executables along with other threats that are Auto-Run via USB Devices within the Dashboard.
Comparison of Solarwinds LEM vs Splunk
Below you'll find a quick Comparison of the Solarwinds vs Splunk for SIEM and Event Log Analysis and Monitoring. For more information on each software, Please visit their Respective website to Download a Trial of the Software and test it out in your network. Download Links are available below as well!
(PCI DSS, Sarbanes-Oxley (SOX),
HIPAA, ISO, NCUA, FISMA, FERPA,
GLBA, NERC CIP, GPG13,
|Detect Suspicious/Malicious Activity||✔||✔|
|Real-Time Event/Threat Detection &|
|Real-Time Threat Remediation||✔||✔|
|Reports & Graph of Threat Management||✔||✔|
|File Integrity Monitoring (FIM)||✔||✔|
|Hardware device Monitoring|
|Robust Event Log Search/Indexing||✔||✔|
|Forensic Event & Incident Analysis||✔||✔|
|Threat Correlation Tracking & Analysis||✔||✔|
|Single Sign-On/LDAP Functionality||✔||Only Available in Enterprise|
and Cloud Versions
|High Availability, Clustering &|
|✔||Only Available in Enterprise|
and Cloud Versions
|Download FREE||Learn More|
Both Solarwinds and Splunk have an Array of Features, Tools and Capabilities that make them extremely attractive for SIEM, Threat Detection and Event Log analysis. We've Suggest you download either one of these Solutions based on your requirements to get a better feel for the software package.
Splunk has a basic Free Version That gives you Limited Access access to the Features, which is good for testing out at a basic level:
https://www.splunk.com and Click on “FREE SPLUNK” in the Top Right corner.
Solarwinds offers a 30 Day Free Trial that gives you Full Access to their Software suite without any Limitations.