Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036102 - How to create a report in only 5 minutes in RSA Security Analytics

Document created by RSA Customer Support

on Mar 24, 2018•Last modified by RSA Customer Support

on Mar 26, 2019

Version 20Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036102
Applies To	RSA Product Set: Security Analytics, NetWitness Logs & Packets RSA Product/Service Type: User Interface, Reporting Engine RSA Version/Condition: 10.6.x, 10.5.x Platform: CentOS
Issue	This article show us how to create a report in Netwitness within 5 minute. It will first show how to create a report engine rule, then use it to create a report template.
Tasks	First, create a report engine rule by going to Reports in the RSA Security Analytics UI, clicking the Add (+) button and then selecting NetWitness DB. Fill in the essential details, for example: This will report on the logs containing people using administrator or root account to login to a system. Select: time, device.ip, device.type, user.dst, ec.theme, ec.outcome, event.cat.name Where: ec.theme = 'authentication'&& (user.dst = 'administrator' \|\| user.dst = 'root') && event.cat.name = 'user.activity.failed logins' Summarize: None Title: My privilege user Click Save and then Use to make this rule available as a report template. The Report will now be available to 'Schedule'. Schedule the report using any relevant information as needed. Next, go to Manage > Reports and select the scheduled report (shaded in blue). The Report Schedule page will appear with Completed reports. Select View report. Finally, the completed Report page will appear with the specified time range.

Attachments

Outcomes

0 Comments

Recommended Content