Reporting: Search Reporting Details

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

 

This topic provides instructions on how to perform a keyword search on name and content for each of the Reporting components. You can perform a keyword search on name and content for each of the Reporting components (Rule/Report/Chart/Alert/List) on the Reporting UI. 

Note: You cannot search based on date and numeric values. 

The following figure shows the search parameters available in the Reporting Module:

Reportg_details_overview2_10.4.png

The following are the search parameters available on the Reporting UI:

  1. Search for entities (rule, report, chart, alert, list).
  2. Search for the entities based on either the name or content.

Note: Searches are case insensitive. For example, Completed is equivalent to completed.

Prerequisites

In the Reporting Module, you can perform a keyword search based on the name and content (definition). In this context, content implies definition of each of the reporting components. For instance, the value defined in the rule, report, report schedule, chart, and alert panel. You can also prioritize your search by selecting either or all of the components: Rule, Report, Chart, Alert, or List.

Note: You cannot search based on the List values and list path stored in schedule definition panel.

For example, to search for the rule name (ExpertRule), you must select Rule, Name, and Content in the filtering options drop-down to view all the rule names that matched the search. You can similarly search for a report, chart, alert, or list definition. 

Procedure

Perform the following steps to search for reporting details from the Manage tab:

  1. In the Security Analytics menu, select Reports.

    The Manage tab is displayed.

  2. Click show_button_104.png and select the appropriate criteria to search.
  3. In the Search field, enter the text to be searched.
    The search drop-down list is displayed:
    search_drop-down_list_10.4.png

Search Syntax and Different Types of Search 

The following table explains the search syntax and the possible searches that can be performed on the Reporting UI.

                       
Search TypesDescription
Word or phrase based search

Word Based Search:

To search for a word such as "action" or "meta", you must enter the word in the search box.

The following figure shows the search results for the text action.

single_text_search_104.png

Phrase based search:

A Phrase is a group of words surrounded by double quotes such as "action meta". To search for a phrase, you must enclose phrases in double-quotes in the search box.

The following figure shows the search results for the phrase "action meta".

phrase_search_104.png

Wildcard Search (Single/ Multiple/ Special Character Search)

The question mark "?" symbol is used to perform a single character wild card search and asterisk "*" symbol is used to perform multiple character wildcard search.
Single character search:

The single character wildcard search looks for terms that match with the single character replaced. For example, to search for "Expert" or "Export" you can use the search syntax: 
Exp?rt

The following figure shows the search results for the wildcard character Exp?rt.
single_char_wildcard_search_104.png

Multiple character search:

Multiple character wildcard search looks for 0 or more characters. For example, to search for Expert, or Experts, you can use the search syntax: 

Expert*

The following figure shows the search results for the wildcard multiple character Expert*.
multiple_char_wildcard_search_104.png

Special character search:

Certain punctuation and special characters are ignored during search (@#$%^&*(){}"~=+-[]\?|!:,.). For example, a search for action-login will be interpreted during search as "action" "login", that is, if rules exist with name "action-login" and "action@login" and search string is "action-login", the search result will return both the rules.

special_char_search_104.png

Search based on name or content

Search based on name:
When you want to search based on the name of a report, select Reportand Namebox from the filtering options drop-down. For example, to search for the report name "Report With Multiple Rules", you can use the search syntax:

"Access to Compliance Data"

Note: When you search for a report, it implies you can search for the report schedules as well.

The search result will return the report containing the specific name.

report_name_search_104.png

Search based on content:

When you want to search for the content within an alert, say alert description, select Alert and Content box from the filtering options drop-down. For example, to search for the alert description "Device IP Got Detected", you can use the search syntax:

"Device IP Got Detected"
alert_view_content_search_104.png

The search will return the result having the specific content.

schd_report_search_result_104.png

Next steps 

Perform one of the following tasks:

  1. You can edit a rule, report, chart, alert and list from the appropriate panels.
  2. You can schedule a report from the Schedule a Report view.
  3. You can test a chart from the Test a Chart view.
Previous Topic:Reporting Guidelines
Next Topic:Troubleshooting
You are here
Table of Contents > Reporting Overview > Search Reporting Details

Attachments

    Outcomes