Ensure FERC / NERC CIP compliance with a 360⁰ view of your network devices, applications, physical security systems, and electronic security perimeter systems
- Reconstruct a particular event using a comprehensive picture of system and user activities
- Meet FERC / NERC CIP data collection requirements and keep disk space to a minimum using the high-compression data store
- Go beyond satisfying log collection and review to automated log analysis
- Track all FERC / NERC CIP required events to ensure a compliant chain of custody audit trail
The Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) require energy companies to comply with the Critical Infrastructure Protection (CIP) mandate. SolarWinds Log & Event Manager (LEM) uncovers FERC / NERC CIP policy violations with real-time log analysis and powerful cross-device event correlation covering your entire infrastructure.
Find FERC / NERC CIP compliance violations using either interactive search or rule-based event correlation
- Sets independent thresholds for activities per event or per group when executing multiple event correlation rules
- Collects and consolidates logs from multiple systems in your network for real-time cross-device event correlation
- Supports creation of custom groups and variables for event correlation rules using a drag-and-drop GUI
- Allows you to explore your data visually using an intuitive drag-and-drop interface
- Searches from high-level events and key terms to detailed log data
SolarWinds Log & Event Manager (LEM) provides two methods to find potential FERC / NERC CIP compliance violations: for interactive, ad-hoc searches use the context-aware console, or for finding events of interest automatically use the rule-based, real-time event correlation engine. Eliminate hours of work with over 700 out-of-the-box event correlation rules, many of which are specific to FERC / NERC CIP regulations.
Automate responses to mitigate FERC / NERC CIP compliance violations and security threats immediately
SolarWinds Log & Event Manager (LEM) helps you ensure compliance with Critical Cyber Assets CIP protection requirements using Active Reponses to address critical events and shut down security threats automatically and immediately. Automated actions are triggered in real time using a rule-based event correlation engine executed in memory. Build and trigger Active Responses interactively using the console.
SolarWinds LEM can disable network access on a user’s PC after excessive attempts to access a secure network or it can immediately eject USB devices when inserted into restricted PCs by using an extensive library of built-in actions. This saves hours wasted writing rules and shortens the deployment ramp.
Built-in Active Responses include:
- Kill processes by ID or name
- Block an IP address
- Create, disable, or delete user accounts and user groups
- Detach USB devices
- Remove user-defined group elements
- Reset user account passwords
- Restart or shut down machines
- Send incident alerts, emails, pop-up messages, or SNMP traps
Quickly and easily generate FERC / NERC CIP compliance reports
- Schedules reports to run daily, weekly, or as required
- Supports forensic analysis findings with detailed reports
- Filters report data with a few simple mouse clicks
- Produces graphical summaries to enhance your high-level reports
- Exports reports to a variety of standard formats
SolarWinds Log & Event Manager (LEM) includes over 300 pre-built “audit-proven” reporting templates. Customize them for internal requirements using the reporting console or use them out of the box to generate reports complying with FERC / NERC CIP regulations.