How to track SWIS connections established via API?

We have several users who run automation scripts that use the PowerShell API to connect to the SolarWinds Information Service (SWIS). We would like to report on these connections (when they occur, what credentials they use). However, API connections to SWIS are not logged. Is there a way to enable logging of API connections to SWIS?

SolarWinds support was no help - they disclaim any responsibility for anything that uses the API or the SDK.

Thanks for any insight or assistance!

Parents Reply
  • Running a powershell script and doing a capture on port 17777 and my IP using - trusted as my Powershell authentication type I am able to see the account being used to run the script in the packet decode. 

    I would suggest setting up a capture filter on port 17777, exclude all of your polling engines in the filter and let it run. See what hosts are connecting. After you have captured data change your Find filter as shown below and search for the suspected accounts.