About SEM reports
The SEM reports convert historical event queries into information you can use to troubleshoot and identify problems in your organization. From within the Historical Events and Reports tab in the toolbar, you can set up and run reports on your search queries. These reports help you identify events and trends in your organization, helping you make informed decisions about your network activity.
Predefined queries
In the Historical Events and Reports tab, the Queries tab includes the Predefined category. This category includes several predefined queries included with SEM. You can generate a report for each predefined query. SEM includes several predefined queries that can help you make informed decisions about your network security.
The following table lists the predefined queries included with SEM.
| Category | Description |
|---|---|
| All Event Data Last 10 Minutes | Lists all events that occurred during the last 10 minutes. |
| All Event Data Last Week |
Lists all events that occurred during the previous week. |
| Authentication Event Data Last Week |
Lists all authentications tracked by the SolarWinds system that occurred during the previous week. These authentications include user logon, logoff, failed logon attempts, guest logons, and so on. |
| Change Management Event Data Last Week | Lists all changes to domains, groups, machine accounts, and user accounts that occurred in the previous week. |
| Failed Logon Event Data Last week |
Lists all Logon Failure events that occurred in the previous week. These events reflect failed account logon events from network devices (including network infrastructure devices). |
| Firewall Event Data Last Day | Lists all firewall node events that occurred in the previous day. |
| High Severity Event Data Last Day | Lists all high severity events that occurred in the previous day. |
| IDS Event Data Last Day | Lists all intrusion detection system (IDS) events that occurred in the previous day. |
| Incident Event Data Last Day | Lists all incident events that occurred in the previous day. |
| Incident Event Data Last Week |
Lists the Incident, HostIncident, HybridIncident and NetworkIncident events that occurred in the past week. These events reflect enterprise-wide issues. |
| Network ACL Denied Event Data Last Day | Lists all network access control list (ACL) denied events that occurred in the previous day. |
| Network Event Data Last Hour | Lists all network events that occurred in the past 60 minutes. |
| Rule Activity Last Week | Lists all rule activity events that occurred in the past week. |
| Threat Event Data Last Week | Lists all threat events that occurred in the past week. |
| Virus Event Data Last Week |
Lists all malicious or abusive use of network resources events that occurred in the past week. |
Report format
When you run or a SEM report, you can save the report in CSV or PDF format to your system. When you schedule a report, SEM automatically generates the report based on your scheduling settings and sends the report to you or another recipient in a zipped file using your email application.