This topic describes how you can create an event source list from the IPDB data source and use that list in a report.
As part of the configuration of the IPDB Extractor, you need to create event source lists for the IPDB data source. After you create an event source list, you use it in reports so that you can extract data from the IPDB for those event sources exclusively.
To create an IPDB data source event source group:
- In the Security Analytics menu, click Dashboard > Reports.
The Manage tab is displayed.
- Create a rule group for event source lists (for example, Aix_Devicelst) See the topic Add a Rule Group in the Reporting Guide.
- Create a rule (for example, AIX DEVICELIST) to get a list of the event source address from which you want the IPDB data source to pull data. See the topic Define a Rule in the Reporting Guide.The following example is a rule that creates an event source list address from the NIC domain, ESIPDB site, ESIPDB-ES node and AIX service type.
Note: You must use the format domain:site:node:device-type to specify the Event Source format (see IPDB Event Source Specification in the Reporting Guide). For example, NIC:ESIPDB:ESIPDB-ES:AIX. The Event Source specification and WHERE clause must be same.
- Add a list. See the topic Add a List in the Reporting Guide. You may not add any values to the list. For example: DEVICE LIST.
- Create a report and add the rule with the rule AIX DEVICELIST.
Schedule a report with output to a list as shown below.
When you run the report (rule), Security Analytics populates the output into the list.
When the report is run, Security Analytics populates the list. For example:
Use an IPDB Data Source Event Source List in a Report
To use an IPDB event source list in a report:
- Create a rule. See the topic Define a Rule in the Reporting Guide. Specify the list List of Services as the Event Source.
- Create a report with this rule. See the topic Add a Report in the Reporting Guide.
When you run the report, all the services in the list are used to generate the report.