Correlation Reports


With EventLog Analyzer's correlation reports, you can intuitively understand complex incidents happening across your network devices, and get a clear picture of the sequence in which they unfold. Three types of reports are available:

 

You can also perform several report actions, which empower you to gain maximum value from your reports.

To know more about what correlation is, how correlation rules are structured, and more, see Understanding correlation.

 

Incidents overview report

The incidents overview report provides a summary of the various incident types encountered on the network. Each incident type corresponds to a correlation rule. For each incident type, you can view the total count of correlated events (or network actions that satisfied the correlation rule).

 

To view the incidents overview report, go to the Correlation tab of the product and select Recent incidents from the left hand menu:

 

 

Incident reports

An incident report provides the details of the various occurrences of a specific incident type (or correlation rule). It displays the count of correlated events over time.

To view the report for a specific rule, go to the Correlation tab of the product, navigate to the rule name on the left menu, and click on it. You can also go to the incident report from the incidents overview report, by clicking on the corresponding entry in the graphical or tabular parts of the report. A typical incident report looks like this:

 

 

You can also perform specific report actions on the various incident reports.

Timeline view

The timeline view report provides the history of correlated actions for each occurrence of an incident. It is a sequential listing of the logs that led to the rule being triggered.

To view the timeline report for a specific incident occurrence, go to the incident report, and click on 'View History' next to the corresponding entry in the table:

To view the details of each action or log, you can click on the 'Details' link next to each action.

Incident report actions

You can perform certain actions on the incident reports, as explained below:

Export reports

You can export incident reports in either PDF or CSV format. To export a report, navigate to the required report, and click Export as on the top right of the report. Select the format in which you would like to export it.

The status of all previous and ongoing exports can be viewed by clicking the report export history icon next to the Export as button.

Schedule reports

An incident report schedule allows you to generate incident reports at regular periods, and optionally distribute them via email. To view the list of existing schedules for a specific report, navigate to the required incident report and click on Schedule Report. You can enable/disable or edit the schedules by clicking on the respective icons. To create a new schedule, click on Add Schedule:

Specify the following details for the schedule and click Save once you are done:

Add/remove columns

You can choose what information is displayed in your incident report by adding or removing the required fields as columns in the report. To select the fields, click on the column selector icon on the top right of the tabular part of the required report:

Select the fields to be displayed in the report by choosing the respective checkboxes under each action.

You can also specify the below options for each field by clicking on the edit icon next to the required field:

Click Save once you have specified the required information to be displayed.

Get download link