Hello, I'm trying to make a report on one of my rules. I have a GPO Changes rule that has 122 alerts. I'm having trouble making a simple report of these alerts. Can anyone help me with that?
You can create rules and reports to run against the Respond DB from within the Reporting Engine:
In your rule, choose “alert” in the “From” dropdown:
“Select” the keys you want to include in your report. You can see the options available by clicking in the “Select” line or in the “Meta” pane on the right side of the browser:
Then write your Where statement to look for your GPO Changes rule. The syntax and format here will be nearly the same as any other RE Rule, just with fewer operator options (e.g.: no “contains” or “ends” or “exists”). This example assumes that the alert itself is named “GPO Changes”:
Once finished, you can use your rule in a Report, just like any other RE Rule, and schedule it to run on a set frequency or ad-hoc.
Retrieving data ...