Help Document

Report Settings

Schedule Reports

Reports can be automated by scheduling the reports at specific time intervals. The scheduled reports can also be automatically sent through email to stakeholders at desired time intervals or saved at a user-defined storage path.

schedule-reports

  • Navigate to Anomaly Reports → Schedule Reports.
  • Enter a name for the schedule and choose the reports which you wish to schedule.
  • Select how often you wish to receive the report, the time-range the report will cover, and the report format. You can also specify a desired storage path for the scheduled reports.
  • Enter the mail address to which the report will be sent and an email subject.

Managing Custom Reports

To manage custom reports click on the Anomaly Reports → Manage Reports.

Custom report creation

The list of custom reports that have been created will appear. Actions such as editing, deleting, and sharing custom reports can be performed by clicking on the respective icons.

Displaying or Hiding a report from the User Interface: The reports that will be displayed in the user interface can be selected by clicking on the check boxes in the Show / Hide column.

Sharing a report

To share a report place the cursor near the delete icon of the report. The Share Report option will appear.

sharing-a-report

Clicking on this option will give you the Select Technicians pop-up. The report can be shared

sharing-a-report-technicians-pop-up

with the required technicians from this screen.

If the report had been shared previously, the technician to which it had been shared will be visible. Clicking on "share to" link shows a list of technicians to which the report is shared.

Note: The admin will have access to all custom reports. This option is to share reports to operators.

Creating Custom Reports

creating-custom-reports

Follow the steps below to create custom reports based on your organization's requirements.

  • Navigate to Anomaly Reports → Manage Reports.
  • Click on Create Custom Report and enter a name for the report.
  • Based on what information you require in the report, select the Custom Group, Source Report, and Action.
  • Choose the parameter (time, count, and pattern) based on which the anomaly is determined.
    • Time - The time at which the event(s) occurred.
    • Count - The number of times the event(s) has occurred.
    • Pattern - The pattern the event(s) follows.
  • Use the Select Views option to specify the granular details that should be included in the report. Click Add and then Create.

Managing Predefined Reports

managing-predefined-reports

Categories, groups, and reports can be managed using this option. Click on the group count of the required format to drill down to the related group. To drill down to the report, click on the report count of the respective group.

The categories, groups, and reports in all formats can be enabled or disabled by using the toggle button in the report view. Clicking on the toggle button will enable or disable a category, group, or report. It will also not be displayed in the reports tab. Log Collection from the components of UEBA and Anomaly Detection happens only for the enabled sections.

Disabling categories, groups, and reports that are not required can improve UEBA performance by reducing training and analysis time.

Note: At least one report from each module has to be enabled

Reordering categories

reordering-categories

Categories, groups, and reports can be reordered by clicking on the left end of the bar and dragging to the required position. The change will be reflected in the UI immediately.