This topic describes how you can create an event source list from the IPDB data source and use that list in a report. As part of the configuration of the IPDB Extractor, you need to create event source lists for the IPDB data source. After you create an event source list, you use it in reports so that you can extract data from the IPDB for those event sources exclusively.
Create an IPDB Data Source Event Source Group
To create an IPDB data source event source group:
In the Security Analytics menu, click Dashboard > Reports.
The Manage tab is displayed.
- Create a rule group (refer to Reporting Guide) for event source lists (for example, Aix_Devicelst).
Create a rule (for example, AIX DEVICELIST) to get a list of the event source address from which you want the IPDB data source to pull data. The following example is a rule that creates an event source list address from the NIC domain, ESIPDB site, ESIPDB-ES node and AIX service type.
Note: You must use the format
domain:site:node:device-typeto specify the Event Source format topic in the Reporting Guide. For example,
NIC:ESIPDB:ESIPDB-ES:AIX. The Event Source specification and WHERE clause must be same.
- Add a list. You may not add any values to the list. For example: DEVICE LIST.
- Create a report and add the rule with the rule AIX DEVICELIST.
Schedule a report with output to a list as shown below.
When you run the report (rule), Security Analytics populates the output into the list.
When the report is run, Security Analytics populates the list. For example:
Use an IPDB Data Source Event Source List in a Report
To use an IPDB event source list in a report:
- Create a rule topic in the Reporting Guide. Specify the list List of Services as the Event Source.
- Create a report topic in the Reporting Guide with this rule.
When you run the report, all the services in the list are used to generate the report.