OTUS SIEM, lets you generate a variety of reports. Several of these reports are already built-in into the system. These are the DEFAULT REPORTS. However you can always customize a report to suit your needs. These are the CUSTOM REPORTS. You can also create a brand new report from scratch. The topics in this chapter show you how.
Note: Custom reports are pre-calculated queries for defined period of time. Reports also appear to users depending on their roles. The report role ensures the basic reports (bothe DEFAULT and CUSTOM) are available for a user.
The DEFAULT REPORT CATEGORIES are:
•Alerting – reports related to raised raw or indexed alerts
•History – internal reports related to otus user login / logout activity
•Indexing – reports related to number of indexed entries for a chosen indexer
•Raw – reports related to raw log files Some of the raw reports are:
Name of report |
Description |
Raw_all |
size of all raw log files gathered into otus system |
Raw_copy_method |
size of all raw log files grouped by copy method |
Raw_data_type |
size of all raw log files grouped by distribution |
Raw_default |
size of all raw log files grouped by server |
Raw_server_copy_ method |
size of all raw log files grouped by server / copy method |
Raw_server |
size of all raw log files grouped by server |
Raw_storage |
size of all raw log files grouped by storage |
Raw_storage_ruke |
size of all raw log files grouped by storage rule |
•System – reports related to system errors
To access the reports
1. Click Reporting. The reporting web page is displayed.
To search for a built-in report and view
1. Click the Search field and select the report from the drop-down list.
In the example the report alert_alert_200_instance1_WEEK is selected.
The web page refreshes to display the report shown below.
Pointing mouse on the graph provides more information in call-outs as shown below.
To view information click . The web page refreshes to display the following.
To export the report to CSV or Excel click the button .
Also you can view the report in two graphical representations (Bar Graph, Pie and Details). For example here is the image of a report represented by the bar graph.
The same report when viewed by clicking the Pie graph button displays as follows.
Note: Pointing to the graph for the bar or the pie types displays vital information of the report in call-outs as explained earlier in this section.
The same information when the Details button is clicked displays the following:
The Information button displays details for graph points (example: every login/logout for History -> Auth) as shown below.
For quick information on a report click the information button and displays information as shown below.
You can also filter the report for ranges as shown below in the Ranges drop-down.
To delete a report
Note: System reports are not editable or deletable. Only created reports (including customized ones) are deletable.
1. Select the report you wish to delete.
2. Click . The confirmation dialog is displayed.
(not done)
3. Click Yes.
Caution: As always delete with care as the process is irreversible.