I'm struggling to get Security Analytics to give any really useful reports.
I'm employed where we have FTI data stored across multiple servers, segmented & firewalled heavily; I'm just trying to come up with a simple graph showing user activity on each of the servers. A "stacked bar" chart is something along the lines of what I'm thinking, where one might visualize the total number of events along the y-axis and having a column per user along the x-axis. Each user might have multiple servers represented by an area equal to the number of events.
This doesn't seem to be possible... unless I use SA rules/reports to create a CSV export that I then bring into another program to do detailed analysis on. UGH.
The only similar issue I can find in the community is this: https://community.emc.com/thread/215024
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform