This guide describes the features and capabilities of the Reporting module in Security Analytics. The Reporting module pulls Security Analytics rules into a single view to define, schedule and view reports.
The Reporting module enables you to create, manage and view the following:
- Warehouse Analytics
You can navigate to different sections (labeled in the figure below) from the Reporting UI.
It uses the Tabbed UI approach where each of the tasks (create, edit, schedule, view) when clicked loads a new tab without having to open multiple windows for each of the different tasks. You can report and alert on the log and packet data collected, and customize the reports and charts to enhance the visual appearance. You can create real-time reports for historical data. You can create charts and dashlets, that can be added in the real-time chart dashlets aswell.
The Reporting module relies on the Reporting Engine to provide data for the reports, alerts and charts. Hence, you must configure the Reporting Engine before you can generate the reports. You must also specify the data source in the Reporting Engine from which the data is extracted.
The following table points to the tasks that must be performed on the Reporting module, in the order you must perform them:
The data that you can report or alert depends on the configuration of Reporting Engine and the data sources that you specify as part of the rule definition.
The Reporting Engine is a key component that provides data to the Reporting module. You must add the Reporting Engine as a service to Security Analytics before you generate reports or alerts. When you run the reports, the results are stored in Reporting Engine.
After you generate a report, you can perform the following:
- Send the reports by email to other users by configuring the output actions. You can also configure the output actions before generating a report.
- Download the reports as PDF or Comma-Separated Values (CSV) format files.
Once an alert is created, Security Analytics Incident Management collects this data from the Reporting Engine and displays these alerts on the Security Analytics User Interface.