The document is a catalog of reports from the Solidcore S3 Control product. It describes several types of reports including Visibility reports that provide summaries of changes, Accountability reports that tie changes to authorization tickets, Enforcement reports that flag unauthorized changes, PCI compliance reports that verify controls, and System information reports. It provides samples of specific reports like activity by username, groups/hosts summary, change policy violation by user, and database access reports.

1. Real-time Change Control
Report Catalog

2. Solidcore S3 Control is the leading Change
Control product in the market today. The
product has three modules – Visibility,
Accountability and Enforcement – which
can be used to audit and control all changes
in the IT organization. The visibility module
tracks changes on Servers, Databases,
Network Devices and Active Directory
servers and provides Alert, Dashboard and
Search capabilities. The Accountability
module correlates changes with RFC tickets
in Change Management Systems and can
flag unauthorized changes. Organizations
that wish to prevent such unauthorized
changes can use the Enforcement module
to prevent changes to critical configuration
files, registries and executables.
The Solidcore S3 Control product also
ships with a very robust and flexible
reporting module. The reporting module
uses an embedded Crystal report engine
to generate reports that transform raw
change data into actionable intelligence.
BU heads can use the pre-packaged
reports to automate their Compliance
reporting and System Administrators can
use the information in the reports to track
down exceptional changes and fine-tune
their change policies. The product ships
with nearly 30 reports that can be broadly
classified into the following categories
– Visibility, Accountability, Enforcement,
PCI Compliance, SOX Compliance, System
Information. The pre-packaged reports
were designed in consultation with industry
experts and auditors and can be further
customized by customers on a need basis.
In this catalog, we present samples of
some of the reports that are shipped with
S3 Control. These reports were shipped in
S3 Control 3.4, but are likely to change in
future versions of the product.
Visibility Reports...............................................1
Accountability Reports.......................................8
Enforcement Reports.......................................15
PCI Reports....................................................18
SOXReports....................................................26
System Information Reports............................30

3. The visibility module tracks changes on all the
IT components and stores it in a central change
database. Detailed information (when, who, what,
how and why) about every change is captured
in its change record. This information is used
to trigger alerts, create dashboard summaries
and in keyword searches. The visibility reports
(User Summary, Groups/Hosts Summary and
Change Agent Summary) provide a summary of the
changes grouped on different change attributes.
Administrators can schedule these summary
reports on a regular basis and eyeball the reports
to ensure that the change activity is under control.
Each item in the details section is linked back to the
search page making it easy for the administrator to
inspect suspicious change activity.
Visibility
Page 1Visibilty Reports

4. Activity by Username This report will reveal changes made by unauthorized
personnel and is especially useful for large IT organizations
which are managed by multiple administrators.
Page 2Visibilty Reports

5. Page 3Visibilty Reports
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved.

6. Groups / Hosts Summary This report summarizes the changes by Group and
Hostname. It helps administrators identify changes
made to critical groups or hosts.
Page 4Visibilty Reports

7. Page 5Visibilty Reports

8. Software DistributionDownloadedde84sp2tzchange 4
Change Agent Summary This report helps identify unusual change activity by
grouping on the program name attribute. The program
name can often be used to identify the source of the
change and this information can even help detect
malicious activity by viruses and rootkit infections.
Page 6Visibilty Reports

9. Software DistributionDownloadedda84updupdate.exe 14
Page 7Visibilty Reports

10. The accountability module ties every change to
the change policy or ticket that authorized the
change. Very often, changes are made only after
the CAB or CM reviews and approves the change.
The burden of documentation lays heavily on the
administrator’s shoulders, who does not view this
as his primary job responsibility. Even when the
documentation is provided by the administrator,
it is seldom accurate or complete. S3 Control
automates the process of documenting the changes
by reconciliing the changes in its database with the
change tickets in a Change Management System.
Accountability
Page 8Accountability Reports

11. Reconciliation This report provides an audit trail of all changes that
were corelated with change tickets in a Remedy Change
Management System.
Page 9Accountability Reports
Configure VMWare
mydomain.com

12. Page 10Accountability Reports

13. a
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
john_smith
Staging / Production Comparison Missing or unauthorized changes can be easily identified
for audit and this greatly reduces the risk exposure of the
IT department he is managing. This report lists the “small”,
but unauthorized, changes that an administrator tried to
club with an approved change.
Page 11Accountability Reports

14. Inspecting Change Location In this example, the change manager approved changes
only to the C:Oracle directory. With Solidcore, the change
manager can identify unapproved changes made in the C:
Program Files which were never authorized, and not related
to the Oracle installation.
Page 12Accountability Reports

15. Exceptional Changes by Users
None.
Changes by Directory Location that were not performed
None.
Page 13Accountability Reports

16. January 11, 2008 02:18:51 PMGenerated at:
Date Range: December 11, 2007 - January 11, 2008
Authorized Update Time Range: 16:00:00 - 17:30:00
Frequency: Daily
127.0.0.1DB Server:
orclDB SIDs:
All unauthorized (outside of your enterprise time based change policy) events for Databases
Time-based Change Compliance (Databases)
Details
Date Database SID Authorized Unauthorized Total
orcl 3 2 501/04/2008
orcl 5 0 501/09/2008
orcl 19 6 2501/10/2008
Grand Total 827 35
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Maintenance Windows This report allows the Change Manager to easily identify
outside of the maintenance window (4pm – 5.30pm). The
numbers in the table are HTML links to the search page and
can be used to get more information about the changes
made outside the maintenance window.
Page 14Accountability Reports

17. Critical files can be protected by S3 Control to
prevent unauthorized changes. Authorization
can be given through change tickets or through
S3 Control change policies. Change policies
can be time-based that allow changes during
authorized maintenance windows, or program-
based policies that allow changes to be made by
authorized programs and provisioning agents like
SMS, SUS, etc. Unauthorized attempts to change
the protected files are prevented and reported as
violations.
Enforcement
Page 15Enforcement Reports

18. SOLIDCOREhabbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
Change Policy Violation by User This report reveals unauthorized attempts to change the
protected files that were prevented and reports them as
violations.
Page 16Enforcement Reports

19. SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
SOLIDCORE
habbate
Page 17Enforcement Reports

20. S3 Control provides a comprehensive set of
reports that verify PCI compliance with respect
to controls 10 and 11 of the PCI DSS. Packaged
Reports are available for meeting PCI DSS controls
for File Integrity and Monitoring of System
components. These controls help not just achieve
PCI compliance but also maintain compliance on
an ongoing basis. Thus, they make up an integral
part of a sustainable PCI compliance program. These
reports can be used by auditors and significantly
lower the costs of a PCI audit.
PCI Compliance
Page 18PCI Reports

21. domain m
domain.com
Continuous File Integrity Monitoring This report can be used to meet PCI DSS 11.5 requirements
that stipulate the use of a File Integrity Monitoring solution.
S3 Control monitors all changes to critical files, identifies
the authorization and also calls out attempted violations
of change policy that were prevented by S3 Control
Page 19PCI Reports

22. Page 20PCI Reports

23. All Filters applied
Filters Profiles Report
Generated At : January 11, 2008 02:28:59 PM
Details
Redhat Linux ES3 Base Filters
Description :
Profile Name :
StateStatusHost
StateStatusGroup
ADDED SUCCESSLinux
Type : Directory
FLAG VALUE
Include /usr/src
Include /usr/libexec
Include /usr/share/info
Include /usr/share/doc
Include /usr/X11R6/include
Include /usr/local/include
Include /usr/include
Include /var/crash
Exclude /
Include /bin
Include /sbin
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Filter Profiles This report is complementary to the previous report in that
it lists the critical files that are being tracked and the groups
and hosts on which the filter profiles are applied.
Page 21PCI Reports

24. Include /boot
Include /etc
Include /lib
Include /proc/driver
Include /proc/fs
Include /proc/net
Include /proc/sys
Include /usr/bin
Include /usr/local/bin
Include /usr/kerberos/bin
Include /usr/X11R6/bin
Include /usr/ccs/bin
Include /usr/contrib/bin
Include /usr/sbin
Include /usr/local/sbin
Include /usr/kerberos/sbin
Include /usr/etc
Include /usr/local/etc
Include //usr/lib
Include /usr/local/lib
Include /usr/kerberos/lib
Include /usr/X11R6/lib
Include /usr/share/man
Type : Extension
FLAG VALUE
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 2
Page 22PCI Reports

25. Database Access PCI DSS Section 10 mandates the auditing of all system
components including databases. This report sample
provides an audit trail of all activities on a database handling
credit card information. As mandated by the PCI DSS, date
and time,
Page 23PCI Reports

26. Page 24PCI Reports

27. SOX Controls often require organizations to track
login activity on critical server. This is done to
make sure that only authorized users are accessing
the database and attempts to break into critical
servers are tracked.
SOX also mandates the tracking of all privileged
activities on servers. Database Administrator
accounts, often have overriding privileges which
comes with a very high misuse risk. Organizations
try to mitigate the risk by reducing the number of
shared accounts, but it is never possible to remove
such accounts altogether without crippling the
management and administrative capabilities. As a
compensating control, it is important to inspect all
activities made using such privileged accounts.
SOX Compliance
Page 25SOX Reports

28. Failed Logons This report provides a list of all the unsuccessful logon
attempts on an Oracle and SQL Server summarized by the
user account used for such a login attempt.
Page 26PCI Reports

29. Page 27SOX Reports

30. Privileged Activity This report can be used to inspect all activities made using
privileged database accounts.
Page 28SOX Reports

31. Page 29SOX Reports

32. System Information Reports
Page 30System Information Reports

33. Filter Profile Desc = Filters Profile will
monitor only critical changes for Weblogic
Server 10 on Windows,Filter Profile Name =
Weblogic Server 10 Windows Filters
Audit Trail
Audit trail of all actions performed from the Analytics Server
Duration :
Actions :
Generated At : Friday, January 11, 2008 2:32:29PM
Alert Rule Creation, Database Creation, Database Deletion, Database Updation, Disable
Enforcement, Filter Profile Deletion, Filter Profile Updation, Group Updation, Host
Creation, Host Updation, Login Failure, Login Success, Logout, Report Generation,
Synchronize, System Controller Creation, System Controller Updation, User Creation,
User Updation
December, 11 2007 00:00:00 - January, 11 2008 23:59:59
Users : anthony, brian, cesar, reportuser, s3admin, s3dbadmin, s3ldapadmin, s3nasadmin,
s3netadmin, sam, scadmin
Details
Timestamp User Action Additional Details
11-Jan-2008 2:30:57PM scadmin Report
Generation
Desc of Report Run = Host Connection
Report,Format = PDF,Report Run =
HostConnectionStatus.rpt
11-Jan-2008 2:30:48PM scadmin Disable
Enforcement
Host/Group name = Windows
11-Jan-2008 2:30:05PM scadmin Report
Generation
Desc of Report Run = Host Connection
Report,Format = PDF,Report Run =
HostConnectionStatus.rpt
11-Jan-2008 2:28:59PM scadmin Report
Generation
Desc of Report Run = Filters Profiles Report,
Format = PDF,Report Run = Filter_Profiles.
rpt
11-Jan-2008 2:28:55PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Windows XP,
Filter Profile Name = Windows XP Base
Filters
11-Jan-2008 2:28:53PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Windows NT,
Filter Profile Name = Windows NT Base
Filters
11-Jan-2008 2:28:51PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Windows
2000,Filter Profile Name = Windows 2000
Base Filters
11-Jan-2008 2:28:48PM scadmin Filter Profile
Deletion
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 1
Audit Trail Any auditing system must be able to audit itself. This report
provides an audit trail of all the actions performed through
the S3 Control application. The action and username
parameters can be restricted to identify specific changes
made by a user.
Page 31System Information Reports

34. Timestamp User Action Additional Details
11-Jan-2008 2:28:46PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Weblogic
Server 10 on Solaris,Filter Profile Name =
Weblogic Server 10 Solaris Filters
11-Jan-2008 2:28:43PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Weblogic
Server 10 on Linux,Filter Profile Name =
Weblogic Server 10 Linux Filters
11-Jan-2008 2:28:40PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Weblogic
Server 10 on HPUX,Filter Profile Name =
Weblogic Server 10 HPUX Filters
11-Jan-2008 2:28:38PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Weblogic
Server 10 on AIX,Filter Profile Name =
Weblogic Server 10 AIX Filters
11-Jan-2008 2:28:34PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Trend Micro
Client Server Security on Windows,Filter
Profile Name = Trend Micro CS Windows
Filters
11-Jan-2008 2:28:32PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Tomcat 5.5
on Windows,Filter Profile Name = Tomcat 5.5
Windows Filters
11-Jan-2008 2:28:29PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Siebel on
Solaris,Filter Profile Name = Tomcat 5.5
Solaris Filters
11-Jan-2008 2:28:27PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Tomcat 5.5
on Linux,Filter Profile Name = Tomcat 5.5
Linux Filters
11-Jan-2008 2:28:24PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Solaris 9
(sparc),Filter Profile Name = Solaris 9
(sparc) Base Filters
11-Jan-2008 2:28:22PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Solaris 8
(sparc),Filter Profile Name = Solaris 8
(sparc) Base Filters
11-Jan-2008 2:28:19PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes on Solaris 10
(sparc),Filter Profile Name = Solaris 10
(sparc) Base Filters
11-Jan-2008 2:28:17PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for Siebel on
Solaris,Filter Profile Name = Siebel Solaris
Filters
11-Jan-2008 2:28:15PM scadmin Filter Profile
Deletion
Filter Profile Desc = Filters Profile will
monitor only critical changes for SC 2.5 on
Linux,Filter Profile Name = SC 2.5 Linux
Filters
Copyright @ 2006-2007 Solidcore Systems, Inc. All rights reserved. 2
Page 32System Information Reports

35. Host Status This report is used by the S3 Control administrators to check
the status of the hosts being managed by S3 Control. Host
Connection status, the Solidifier status and the System
Controller status are all available from this one report.
Page 33System Information Reports

36. Page 34System Information Reports

37. Highlights
Embeds a very powerful report engine
Crystal is an industry standard
Multiple Formats Supported
HTML, PDF, CSV, RPT
Flexible Reporting
Each report can be customized to take
multiple parameters
Schedules
Reports can be scheduled on a daily,
weekly, monthly or custom intervals
Pre-packaged reports
Nearly 30 pre-packaged reports built
in consultation with auditors and
administrators help improve the RoI
Extensibility
Reports can be deployed in a Crystal Server
for advanced functionality and greater
scalability
Solidcore Systems, Inc.
www.solidcore.com
888.210.6530
(c) 2008 Solidcore Systems, Inc.
Solidcore, the Solidcore logo, Solidificatiom, and
Solidifier are trademarks of Solidcore Systems,
Inc.
Disclaimer: The reports shown in this catalog are
representative of actual reports that are generated by
the S3 Control Reporting Module, but are not exact
replicas of the reports themselves. They have been
truncated and edited to fit the format of this catalog.