Reporting

Navigation:  »No topics above this level«

Reporting

Previous pageReturn to chapter overviewNext page

OTUS SIEM, lets you generate a variety of reports. Several of these reports are already built-in into the system. These are the DEFAULT REPORTS. However you can always customize a report to suit your needs. These are the CUSTOM REPORTS. You can also create a brand new report from scratch. The topics in this chapter show you how.

 

Note:   Custom reports are pre-calculated queries for defined period of time. Reports also appear to users depending on their roles. The report role ensures the basic reports (bothe DEFAULT and CUSTOM) are available for a user.

 

The DEFAULT REPORT CATEGORIES are:

Alerting – reports related to raised raw or indexed alerts

History – internal reports related to otus user login / logout activity

Indexing – reports related to number of indexed entries for a chosen indexer

Raw – reports related to raw log files Some of the raw reports are:

 

Name of report

Description

Raw_all

size of all raw log files gathered into otus system

Raw_copy_method

size of all raw log files grouped by copy method

Raw_data_type

size of all raw log files grouped by distribution

Raw_default

size of all raw log files grouped by server

Raw_server_copy_ method

size of all raw log files grouped by server / copy method

Raw_server

size of all raw log files grouped by server

Raw_storage

size of all raw log files grouped by storage

Raw_storage_ruke

size of all raw log files grouped by storage rule

 

System – reports related to system errors

 

 

To access the reports

 

1.   Click Reporting. The reporting web page is displayed.

 

reporting_pg

 

To search for a built-in report and view

 

1.   Click the Search field and select the report from the drop-down list.

 

    report_searching

 

      In the example the report alert_alert_200_instance1_WEEK is selected.

 

      The web page refreshes to display the report shown below.

 

report_alert2

 

Pointing mouse on the graph provides more information in call-outs as shown below.

 

report_tooltip_graph

 

To view information click information_btn. The web page refreshes to display the following.

 

information_report

 

To export the report to CSV or Excel click the button csv_xls_btn.

 

Also you can view the report in two graphical representations (Bar Graph, Pie and Details). For example here is the image of a report represented by the bar graph.

 

line_bar_graph

 

The same report when viewed by clicking the Pie graph button pie_btn displays as follows.

 

pie_chart

 

Note:   Pointing to the graph for the bar or the pie types displays vital information of the report in call-outs as explained earlier in this section.

 

The same information when the Details button details_btn is clicked displays the following:

 

details_btn_report

 

The Information button information_btn2 displays details for graph points (example: every login/logout for History -> Auth) as shown below.

 

information_btn_details

 

For quick information on a report click the information button info_btn and displays information as shown below.

 

info_btn_report

 

You can also filter the report for ranges as shown below in the Ranges drop-down.

 

report_range

 

 

To delete a report

 

Note:   System reports are not editable or deletable. Only created reports (including customized ones) are deletable.

 

1.   Select the report you wish to delete.

 

2.   Click delete_btn. The confirmation dialog is displayed.

 

(not done)

 

3.   Click Yes.

 

Caution:   As always delete with care as the process is irreversible.