Report generation
- SOCaaP can generate event reports covering a wide range of security and productivity criteria. You can create reports on a per-customer basis.
- You can create reports for intervals from one hour to one month in the past. You can show data as tables, pie charts or bar charts.
- Data for reports is fetched from event query results. You can use pre-defined queries or custom queries. See 'Query Management' for more help with this.
- To open the report interface:
- Click the hamburger button at top right
- Select 'Reporting' then 'Report Management':
The 'Report Management' screen will open:
The left-hand panel shows a list of predefined reports (those in blue) and custom queries added for the selected customer. The right hand panel shows the configuration area for report generation.
|
Report Management Interface – Table of Controls and Fields |
|
|---|---|
|
|
The 'Customers' drop-down allows you to select the customer for which you want to create or view the report(s). |
 |
Expand, collapse or refresh the list of reports. To collapse, click the first button and to expand it, click the second button. Click the refresh button at the end to instantly update the rules list. |
 |
Import saved report types. |
 |
Export report types. |
|
|
Add a new report category folder to the left side panel. |
|
|
Edit the name of a folder. |
|
|
Add a new report type under a folder. |
|
|
Delete selected report category folders or report type from the left hand side pane. |
|
Name |
Displays the name of the report chosen from the left hand side pane. Allows you to enter the name for the report, when creating a new report. |
|
Description |
Displays a brief description of the report chosen from the left hand pane. Allows you to enter a brief description the for the report when creating a new report. |
|
Allows you to select the time period for report generation. Options ranges from the last hour to the entire previous month. |
|
Report Elements |
Displays a list of the contents in the report with details such as name, the event query based on which the data is populated and the type of report component (table, pie or bar chart). |
|
|
Add a report element to the selected report and choose the type of chart for the report. |
 |
The last report can be moved to the first position. |
 |
The report can be moved to the above row. |
 |
The report can be moved to the below row. |
 |
The first report can be moved to the last position. |
|
|
Edit a report element. |
 |
Delete a report element from the list. |
|
Generated Reports |
Displays the list of reports generated so far for the selected customer, and allows you to download any report as a .pdf file. |
|
Show Last Generated Report |
Will display the most recently created report. |
|
|
Instantly generate a report according to your selected criteria. |
|
|
Automatically generate recurring reports according to a schedule of your choice. |
|
|
Save a configured report. |
 |
Save and move your report to another folder. |
 |
Select a location in which to save the report. |
The following sections explain how to:
Manage a Reports Category Folder
Each report folder contains a collection of reports belonging to a specific category. Every new report must be placed in a category folder.
Creating a report group folder
- Choose a customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined reports added for the customer is displayed as a tree structure in the 'Reports' pane.
-
If you want to create a sub-folder, select a parent folder and click the
button. You can also create a new top level folder. The Folder Name dialog will appear.
- Enter a name for the new folder in the 'Folder Name' field
- Select 'Private' if you want the folder accessible only to you. Note - this option is only available when creating a top level folder.
- Click
the 'Add' button
If you did not select 'Private', a confirmation dialog will be displayed:
- Click 'Yes' to confirm
The newly created report folder will be listed. A lock icon will be displayed on the folder icon if the folder is created as a private folder.
The relevant reports can now be placed under the newly created folder. See 'Adding and Configuring a Report' for more details.
Editing a reports group folder
- To
edit the name of a reports group folder, select it and click the
button.
The 'Folder Name' dialog will appear.
- Edit
the name as required and click the 'Save'
button
Please note you cannot edit
built-in folder names.
Deleting a reports group folder
- To
delete a reports group folder, select it and click the
button.
A confirmation dialog will appear.
- Click
'Yes' in the In the confirmation dialog. Please note all reports
contained in the folder will also be deleted.
- SOCaaP ships with a set of pre-defined reports for common requests. These are listed in the 'Comodo Built-in Reports' folder in the left hand panel.
- Admins can also configure custom reports on demand for any customer.
To add a new report for a customer
- Choose a customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined reports added for the customer is displayed as a tree structure in the 'Reports' pane.
- Select the appropriate folder or create a new folder in which you want to create a report.
- Click
the
button
The configuration screen for creating the new report will be displayed in the right hand side panel.
- Enter a name for the report in the 'Name' field
- Enter an appropriate description for the report in the 'Description' text box
- Select the period for which events are to be included from the 'Time' drop-down. Options range from the previous hour to the entire previous month.
The period
options range from last one hour to the entire previous month of the
report generation time.
The next step is to add the component tables/charts to be included in the report. The events for populating the tables/charts are fetched from the query results. See 'Query Management' for more details about configuring event queries.
- Select the type of report element that should be added, from the drop-down at the bottom of the 'Report Elements' area.
The options available are:
- Table - Table showing events that match the query selected. See explanation on adding a table given below for more details.
- Pie Chart - Pie-chart showing events aggregated by the parameters configured for the chart. See explanation on adding a pie chart given below for more details.
- Bar chart - Bar-chart showing events aggregated by the parameters configured for the chart. See adding a bar chart explanation given below for more details.
A 'Table' report is configured by selecting an event query from the list of queries added for the customer. The report will contain details of events that match the query in the selected time period.
Add a Table type report
- Select
'Table' from the drop-down and click the
button beside it.
The 'Add (Table)' screen allows you to configuring the event query:
- Enter a name for the report element in the 'Name' field.
- Select the event query you want to use by clicking the
button. This table is the same as configured
in the event queries. To create a new query for generating a report, click the 
button. The procedure is same as explained in 'Configuring Event Queries'.
- Click the 'Preview' button to view the result
- Click the 'Add' button.
The report element will be added to the report.
'Pie
Chart' and 'Bar Chart' Report
Chart type reports can be configured by specifying the following parameters:
'Event Query' + 'Group By' + 'Aggregation Function' + 'Order By' + 'Limit'
- Event Query - The query whose results are to be displayed in the chart. The query can be selected from a list added for the selected customer.
- Group By - The parameter by which events identified in the query are displayed in the chart. For example, you can group events by 'Source IP'. Event groups will be formed so that each event group will have events with same value for the selected field.
- Aggregation Function – How the event groups should be ranked in the chart. Available options are:
- Count - Event groups are ranked based on the number of events in each group. For example, if you choose Source IP as 'Field' then the group which contains the most events on a particular source IP will have the top rank and the group containing the lowest number of events is ranked lowest. You can further control how the data is displayed by modifying the 'Order By' and 'Limit' parameters.
- Sum - Event groups are ranked based on the sum of values in another field that contains a numerical value. If you choose 'Sum', you need to select another field that contains a numerical value, like bytes in/out. The event groups are ranked based on the sum of the values in the chosen numerical field from all the events in that group. For example, if we choose 'Bytes-in' as numerical value, then the system adds up the values in the 'Bytes-in' field of all the events in a group and ranks the group accordingly. This will tell you which source IP has the most incoming traffic. The event group with the highest SUM in the 'Bytes-in' field is ranked top and vice-versa.
- Average - Similar to above. Event groups are ranked based on the average of the values of the chosen numerical field from all the events in that group. (e.g. the average of values of 'Bytes_in' field of events in the group, if we take the same example as above)
- Minimum - Similar to above. The event groups are ranked based on the minimum of the values of chosen numerical field from all the events in that group.
- Maximum - Similar to above. The event groups are ranked based on the maximum of the values of chosen numerical field from all the events in that group.
- Order By – Choose whether results are shown in ascending or descending order. Available options are:
- Ascending - The group with the lowest rank will be top of the list. A limit of 5 will show the 5 groups with the lowest ranks.
- Descending - The group with the highest rank will be top of the list.. A limit of 5 will show the 5 groups with the highest ranks.
- Limit – The number of event groups to be displayed in the chart
The following screenshot shows the preview of resulting pie chart from the following configuration parameters:
'Network Events' + 'Source IP' + 'Count' + 'Descending' + '5'
The following sections explain on:
To add a Pie Chart type report
- Select
'Pie Chart' from the drop-down and click the
button beside it
The 'Add (Table)' screen will be displayed for configuring the event query whose report is to be shown as pie chart.
|
Add (Pie Chart) – Form Parameters |
|
|---|---|
|
Parameter |
Description |
|
Name |
Enter an appropriate name for the report element. |
|
|
Displays the list of predefined and custom event queries added for the selected customer. Select the event query for which the results are to be displayed in the chart. |
 |
Allows you to configure the 'Results' table for the new query. See 'Configure results table for a query' for more details. |
 |
Allows you to configure a new event query. |
|
Group By |
The drop-down displays the fields, configured as event query results table column headers for the selected event query. See 'Configure results table for a query' for more details. Select the field based on whose values, the events identified by the query are to be grouped and shown in the chart. |
|
Aggregation Function |
Allows you to choose the aggregation operation to be applied for ranking the event groups and show them in ascending or descending order, in the chart. The options available are:
|
|
Order By |
Allows you to choose the order in which the event groups are to be indicated in the chart, based on their ranking. The available options are:
|
|
Limit |
Enter the number of events to be displayed for the chart. |
|
Preview |
This button allows to preview the chart before adding it to the report. |
|
Add |
Click this button to add the chart to the report. |
- Enter the parameters for the chart as shown in the table above and click the 'Preview' button to check the chart before adding it to the report.
- Click the 'Add' button
The configured report element will be added to the list.
To add 'Bar Chart' type report element
- Select
'Bar Chart' from the drop-down and click the
button beside it
The procedure is same as adding
a pie chart report element explained above.
- Enter the parameters for the chart as shown in the table above and click the 'Preview' button to check the chart before adding it to the report.
- Click the 'Add' button
The configured report element will be added to the list.
The 'Report Elements' area displays the list of report components added to the report.
- Name - Displays the name of the report element
- Type - Indicates the type of report element, whether table, pie or bar chart.
You can add as many report elements as required for a report.
- Click the 'Save' button to save all the report elements.
- You can save the report to another folder by selecting it and then clicking the 'Save As' button.
After configuring a report, you can generate it manually or specify the automatic generation of the report according to a schedule of your choice.
To manually generate a report
- Choose the customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined and custom reports added for the customer is displayed as a tree structure in the 'Reports' pane.
- Select the report from the list.
The details of the report with the list of report elements will be displayed in the configuration area at the right.
The 'Generated Reports' area displays a list of reports generated manually or as per the schedule created for the report.
- Creation Time - The date and time the report was generated.
- File Type - Currently only PDF format is available for reports. Future releases will support RTF files also.
- Action - Allows to delete the generated report.
- To generate the report instantly, click the 'Generate' button.
The report generation will be started and on completion, it will be added to the list under 'Generated Reports' and its time stamp will be added to the 'Creation Time' column.
- To download the report, clicking the time stamp under the 'Creation Time' column.
- To view the report instantly select the 'Show Last Generated Report' check box.
See 'Download / View a Report' for more details about how to download and /or view a report.
You can automate the process of report generation according to a schedule of your choice. If required, you can cancel a schedule later on.
To schedule a report generation
- Choose the customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined and custom reports added for the customer is displayed as a tree structure in the 'Reports' pane.
- Select the report from the list.
The details of the report with the list of report elements will be displayed in the configuration area at the right.
- Click the 'Schedule' button at the bottom of the 'Generated Reports' area.
The 'Schedule Report' dialog will be displayed.
If the report is already scheduled, the 'Unschedule and Save' button will be in enabled status. You can remove the schedule by clicking the 'Unschedule and Save' button.
- To schedule report generation, select the parameters from the 'Date' and 'Occurs' fields
- Date - Allows to select the start date and time of report generation
- Select the start date from the calendar
- Select the start time from the timing section
- To configure the frequency of report generation from the start date, select the parameter from the 'Occurs' field. The options available are:
- Hourly
- Daily
- Weekly
- Monthly
- Click the 'Schedule and Save' button after selecting the start date and frequency of report generation
A confirmation message will be displayed at the top right side of the screen. The reports will be automatically generated as per the schedule for the period selected under 'Time' drop-down and added to the list under 'Generated Reports' and represented by time stamps under the 'Creation Time' column. You can download required report(s) by clicking the respective time stamp.
The 'Generated Reports' area in the 'Report Management' interface allows you to download and / or view any generated report.
To download / view a report
- Choose the customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined and custom reports added for the customer is displayed as a tree structure in the 'Reports' pane.
- Select the report from the list.
The details of the report with the list of report elements will be displayed in the configuration area at the right.
The
'Generated Reports' area displays a list of reports generated
manually or as per the schedule created for the report.
- Click the time stamp in the 'Creation Time' column to download the report as a .pdf.
- 'Show Last Generated Report' – view the most recently created report.
The report will be displayed in the 'Last Generated Report' area, below 'Generated Reports' area.
You can change the name, description, report elements and their configuration at any time from the Report management interface.
To edit a report
- Choose the customer from the 'Customers' drop-down at the top of the left panel.
A list of predefined and custom reports added for the customer is displayed as a tree structure in the 'Reports' pane.
- Select the report from the list.
The details of the report with the list of report elements will be displayed in the configuration area at the right.
- Edit the name and description as required and click the 'Save' button at the bottom.
To edit the details of a report element
- Select the report element from the list that you want to edit and click the edit button at the bottom.
The 'Update'
screen for the selected report element will be displayed.
- Edit the details of the report element as required. The procedure is similar to adding a report element as explained above.
- Click the 'Update' button.
- Click
the 'Save' button at the bottom.
To delete a report element
-
Select the report the element and click the delete button at the bottom
The report element will be deleted.
To delete a report
- Select the report on the left side and click the delete button at the bottom.
In the confirmation dialog, click the 'Yes' button to remove the report.
The report and all the report elements under it will be deleted.
The 'Generated Reports' area displays a list of reports for the report selected on the left.
- To sort the report list according to date, click anywhere on the 'Creation Time' column header.
- To
refresh the list, click the button
on the right.
- Enable 'Show Last Generated Report' to view the most recently generated report. To close the report, clear the selection.
- To
delete a report, click the thrash can icon
in the 'Action' column
- Click
the 'Ok' button to confirm the deletion of the report.
- SOCaaP allows you to save report queries in order to use them for other customers.
- Imported queries can be used 'as is' or altered to suit the requirements of the customer.
- You can export a query folder or a particular query. Please note - exported event queries can only be imported to their respective sections.
- For example, event queries exported from the reports section can only be used in the report section. Also the values in the filter items in the exported events for tagged and list events will be set to default values.
To export a report query or report folder
- Select a customer from the 'Customers' drop-down at the top of the left panel.
- Choose the report or report folder to be exported from the 'Reports' list on the left.
- Click the 'Export' button at the bottom
- This varies by browser. For some browsers, the file with extension 'nxm' will be automatically downloaded to the default download location.
- The saved query can be imported for use with another customer account.
Administrators can import saved report queries for use with other customers. Imported queries can be used 'as is' or altered to suit the requirements of the customer. Please note that only exported queries from the report section should be imported for use here.
To import a query or query folder
- Select the customer from the 'Customers' drop-down (top of the left panel) for which you want to import the saved queries
- Click 'Import' at the bottom
-
Navigate to the location where the report query file is saved.
- Select the file and click 'Open'
The report or report folder will imported and will be listed under 'Imported' folder.
You can generate report as it is or alter according to your
requirement.