Reporting: Use Variables for Parameterized Reporting

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

Parameterized reporting allows you to specify values dynamically at runtime without changing the rule definition so you can view the results based on a particular value. You can achieve parameterize reporting by using variables in the query or rule. For information on adding a rule, see Define a Rule. At runtime, you can enter the value for the variable or select the value from the list based on which the result set is displayed.

The syntax to specify the variable is as follows:

       
DescriptionExamples of Supported Syntax
Insert $ before a variable.
Enclose a variable within braces.
columnname=${<variable>}

The syntax to define the variable is the same for Netwitness DB, IPDB and Warehouse DB data sources. When you assign the value of the variable in a Run Configuration, you must enclose the value within single quotes: '<value>'.

Some examples where a variable can be used are provided in this section.

View Source IP Addresses for a Specific Destination Country

The following is an example of a Netwitness DB rule to view the source and destination ip addresses for a specific destination country. Here the destination country is defined as a variable ${Country} as shown below:

104_Dynamicvar_Netwitness.png

At runtime, you are prompted to enter the value for the variable. The figure below shows the Country variable where you can enter the value. If you enter the value as United States, all the source and destination ip addresses with destination country as United states are listed as shown below.

102DynamicVariableNWDBResults.png

Associate a Variable to a List of Values

You can associate the variable to a list. For example, you can create a list called Country and enter all the country names as values. You can select the list Country as the value for the variable Country. At Run Configuration, the Country list is populated and you can select the country based on which results are displayed.

102DynamicVariableNWDBResultsList.png

View All Destination IP Addresses for a Source IP Address

The following is an example of a Warehouse rule to view all the destination IP addresses for a specific source IP. The source IP address ip_src is defined as a variable ${IP_Address}.

104_Dynamicvar_WarehouseDB.png

At runtime, you are prompted to enter the source IP address. The figure below shows the IP_Address variable, and you can enter a valid source IP address. All the destination IP addresses with the specified source IP are listed as shown below.

102DynamicVariableSAWResults.png

IPDB Rule to View Device Details Based on the Device Name

The following is an example of a IPDB rule to view the details of a device based on the device name. In the event source specification the device name is specified as a variable ${Device_Name}.

104_Dynamicvar_IPDB.png

At runtime, you are prompted to enter the device name Device_Name. The figure below shows the Device_Name variable and you can enter the event source specification, for example, NIC:ESIPDB:ESIPDB-ES:ciscopix:111.111.111.25. All the device details are displayed as shown below.

102DynamicVariableIPDBResults.png

You are here: Working with Reports in the Reporting Module > Use Variables for Parameterized Reporting

Attachments

    Outcomes