Locate migrated SEM audit reports

In version 2023.2.1 and earlier, the SEM Reports application converted SEM database data into on-demand and scheduled audit reports you could use to troubleshoot and identify network problems. Beginning in version 2023.4, you can generate and schedule all reports in the Historical Events & Reports screen.

SolarWinds recommends that you begin creating your on-demand and scheduled reports from within the Historical Events & Reports tab.

In version 2023.4, you can permanently disable the SEM Reports application. See Disable the SEM Reports application for instructions. The SEM Reports application will be deprecated in a future release.

Locate an audit report query

The following table lists the report queries that were migrated from the SEM Reports application to the SEM web console.

To run a report query, identify the targeted report title and corresponding category or tag name. When you are finished, locate the report by category or tag in the web console and run or schedule the report query.

Title	Report		Location
Application Traffic	RPT2003-06-11-5.rpt	Lists all application traffic events.	Activity Types → Network (tag) Compliance → General (tag)
Attack Behavior: Access	RPT2003-11.rpt	Shows malicious asset access through the network. For example, attacks on FTP or Windows Network servers, malicious network database access, abuses of services, or attempted unauthorized entry.	Activity Types → Network (tag) Compliance → Healthcare (tag), Compliance → Education (tag) Compliance → General (tag)
Attack Behavior: Denial / Relay	RPT2003-12.rpt	Tracks activity associated with network denial or relay attack behaviors. This report shows malicious asset relay attempts and denials of service through the network. For example, FTP bouncing, Distributed Denial of Service events, and many protocol abuses.	Activity Types → Network (tag) Compliance → Healthcare (tag), Compliance → Education (tag) Compliance → General (tag)
Authentication	RPT2003-02.rpt	Lists all authentications tracked by the SolarWinds system, including user logon, logoff, failed logon attempts, guest logons, and so on.	Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Authentication: Log On / Off/ Failure	RPT2003-03.rpt	Tracks activity associated with account events such as log on, log off and log on failures. This is a refined version of the Authentication Report that does not include SolarWinds authentication events. It is more appropriate for management reports or audit reviews than regular use.	Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Core Traffic	RPT2003-06-11-5.rpt	Lists all core traffic events.	Activity Types → Network (tag) Compliance → General (tag)
File Audit Event	RPT2003-05.rpt	Tracks file system activity associated with audited files and system objects, such as file access successes and failures.	Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
File System Audit	RPT2003-09-010.rpt	Tracks activity associated with file system audit events including mount file system and unmount file system events. These events are generally normal system activity, especially during system boot.	Compliance → General (tag)
General Authentication: Domain Events	RPT2006-20-01.rpt	Includes changes to domains, including new domains, new members, and modifications to domain settings.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
General Authentication: Group Events	RPT2006-20-02.rpt	Lists changes to groups, including new groups, members added/removed to/from groups, and modifications to group settings.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
General Authentication: Machine Account Events	RPT2006-20-03.rpt	Includes changes to machine accounts, including enabling/disabling machine accounts and modifications to machine account settings.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
General Authentication: User Account Events	RPT2006-20-04.rpt	Includes changes to user accounts, including enabling/disabling user accounts and modifications to user account settings.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Malicious Code	RPT2003-04.rpt	Tracks event activity associated with malicious code such as virus, Trojans, and worms, both on the network and on local machines, as detected by anti-virus software.	Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Network Infrastructure Policy/View Change	RPT2006-21.rpt	Includes accesses to network infrastructure device policy, including viewing or changing device policy.	Change Management → Policy changes (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Process Audit	RPT2003-09-030.rpt	Tracks activity related to processes, including processes that have started, stopped, or reported useful process-related information.	Compliance → General (tag)
Registry Audit Events	RPT2003-05-75.rpt RPT2003-05-76.rpt RPT2003-05-77.rpt RPT2003-05-78.rpt RPT2003-05-79.rpt RPT2003-05-80.rpt RPT2003-05-81.rpt RPT2003-05-82.rpt RPT2003-05-83.rpt RPT2003-05-84.rpt RPT2003-05-85.rpt RPT2003-05-86.rpt	Lists registry audit events.	Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Resource Configuration	RPT2003-08.rpt	Details events that relate to configuration of user accounts, machine accounts, groups, policies and their relationships	Compliance → Federal (tag) Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Service Audit	RPT2003-09-040.rpt	Tracks activity related to services, including services that have started, stopped, or reported useful service-related information or warnings.	Compliance → General (tag)
SolarWinds Actions	RPT2003-18.rpt	Lists all commands or actions initiated by SolarWinds Network Security.	Compliance → Federal (tag) Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Suspicious Behavior	RPT2003-07.rpt	Tracks activity associated with suspicious network behaviors such as reconnaissance or unusual traffic. Specifically, this report shows potentially dangerous activity, such as excessive authentication failures, port scans, stack fingerprinting, and network enumerations.	Compliance → Federal (tag) Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag) Activity Types → Network (tag)
System Audit	PT2003-09-020.rpt	Tracks activity associated with system status and modifications, including software changes, system reboots, and system shutdowns.	Compliance → General (tag)
USB Defender	RPT2003-09-050.rpt	Tracks activity associated with USB-Defender, including insertion and removal events related to USB Mass Storage devices.	Compliance → General (tag)
Web URL Requests	RPT2003-06-01-5.rpt	Lists the most frequently visited URLs grouped by the requesting client source machine.	Activity Types → Network (tag) Compliance → Healthcare (tag) Compliance → Education (tag) Compliance → General (tag)
Windows/Active Directory Domains: Group Events	RPT2006-22.rpt	Includes Windows/Active Directory group-related events.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Windows/Active Directory Domains: Machine Events	RPT2006-23.rpt	Includes Windows/Active Directory machine-related events.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Windows/Active Directory Domains: New Critical Group Members	RPT2006-22-04.rpt	Includes additions of Windows/Active Directory user accounts to critical groups, such as Domain or Enterprise Admins.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Windows/Active Directory Domains: OU Events	RPT2006-24.rpt	Includes Windows/Active Directory Organizational Unit-related events.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)
Windows/Active Directory Domains: User Events	RPT2006-25.rpt	Includes Windows/Active Directory user-related events.	Change Management → General Best Practice (tag) Compliance → Education (tag) Compliance → Federal (tag) Compliance → General (tag) Compliance → Healthcare (tag)

Locate a report by category

This procedure describes how to locate a report by category—for example, the Application Traffic report.

1. Log in to the SEM Console.

2. Click the Historical Events & Reports tab.

3. In the left column, click the Queries tab.

   

4. Click the vertical ellipsis and select Group By Category.

   

5. In the Default audit report locations table, locate the Application Traffic report.

6. In the Category column select a category. For example, Compliance.

7. In the left column, expand the Compliance query menu.

8. Locate and click the targeted report.

   

9. Run or schedule the report.

   See Run or schedule the report for instructions.

Locate a report by tag

This procedure describes how to locate a report by tag —for example, the Application Traffic report.

1. Log in to the SEM Console.

2. Click the Historical Events & Reports tab.

3. In the left column, click the Queries tab.

   

4. Click the vertical ellipsis and select Group By Category.

   

5. In the Default audit report locations table, locate the Application Traffic report.

6. In the Tag column select a tag. For example, General.

7. In the left column, expand the General tag menu.

8. Locate and click the targeted report.

   

9. Run or schedule the report.

   See Run or schedule the report for instructions.

Disable the SEM Reports application

Perform the following steps to disable the SEM Reports application.

1. Log in to the CMC command-line interface.

2. Access the CMC service menu.

   At the command prompt, execute:

   service

3. At the cmc::service> prompt, execute:

   restrictreports

4. When prompted for an IP address, execute:

   127.0.0.1

   The SEM Reports application is disabled.