Documentation forSecurity Event Manager

Set up the SEM reports

In version 2023.2.1 and earlier, the SEM Reports application was required to generate reports. Beginning in version 2023.4, you can run or schedule reports from queries in the Historical Events and Reports tab located in the SEM Console.

To set up the SEM reports engine for the historical event queries:

  1. Set the maximum number of events for the reports. In the Settings > Event Limits > Report tab, enter the maximum number of events that will be included in your SEM reports. Consider entering a low-to-moderate maximum threshold to consume fewer system resources and maintain optimum SEM performance.

    The minimum value is one hundred (100) events. The maximum value is ten million (10000000) events.

  2. Set the maximum email attachment size. If you plan to send SEM reports to your stakeholders as an email attachment, set the maximum email attachment size so it conforms with your Microsoft Exchange Server restrictions.

    After you set this value, the attachment size restriction displays in the Schedule Search pop-up window when you schedule a report. For example:

  3. Configure the Email Active Response connector. To send automated emails to SEM console users when a rule is triggered, configure the Email Active Response connector. This connector specifies the SMTP Relay mail host used to send emails and provides the requisite server credentials.

  4. Set up an email template for the scheduled reports. Create an email template for all stakeholders who receive the report as an email attachment in a scheduled report. See Create email templates for use with SEM rules for instructions.

  5. Update the user accounts for all scheduled report recipients. Ensure that the user accounts of all scheduled report recipients are configured with a valid email address. A valid email is required for all scheduled reports. See Add SEM users for instructions.

  6. (Optional) Configure an SFTP connection to an external server. If your reports exceed your email attachment requirements, consider setting up a secure file transfer protocol (SFTP) connection to one or more external Windows or non-Windows systems in your organization. This option allows you to automatically deliver your reports directly to a system in your organization that your stakeholders can access from their systems.