Report Template Fields

The following table describes the fields you can use to build a section in your report template. Not all fields are used in all types of sections; after you choose the section format, the system displays the appropriate fields.

Field Name

Section Types

Definition

Format

n/a

Choose the format of the section data:

Bar chart (bar chart icon): Compares quantities of the selected variables.

Line chart (line chart icon): Shows trends/changes over time of a selected variable. Available only for time-based tables.

Pie chart (pie chart icon): Shows each selected variable as a percentage of the whole. Variables with quantities of zero are dropped from the chart. Very small quantities are clustered into a category labeled Other.

Table view (table view icon): Shows values of attributes for each record. Not available for summary or statistical data.

Detail view (detail view icon): Shows complex object data associated with certain events, such as packets (for intrusion events) and host profiles (for host events). This format is available only for certain event types that involve such objects. Output may degrade performance if large numbers are requested.

Table

All

Choose the table from which the section data is extracted.

Preset

All

Predefined searches. Select an appropriate preset to initialize the search criteria when you define a new search.

Search or Filter

All

For most tables, you can constrain a report using a predefined or saved Search. You can also create a new search by clicking Edit (edit icon).

For the Application Statistics table, you use a user-defined application Filter to constrain a report.

X-Axis

Bar chart

Line chart

Pie chart

Available data for the X-axis of the selected chart.

For line charts, the X-axis value is always Time. For bar and pie charts, you cannot select Time as the X-axis value.

Y-Axis

Bar chart

Line chart

Pie chart

Available data for the Y-axis of the selected chart.

Section Description

All

Descriptive text that precedes the search data in the section.

Enter a combination of text and input parameters. The default for a new section is $<Time Window> and $<Constraints>.

Time Window

All

The time window for the data that appears in the section.

If the section searches time-based tables, you can select the check box to inherit the report’s global time window. Alternatively, you can set a specific time window for the section.

Data Source

All

If you used the wizard to configure remote (external) data storage using Security Analytics and Logging (On Premises), you can choose the data source to use for connection and Security Intelligence events.

Options are:

  • Auto: Show data stored on the CDO if available. If data on the CDO is not available for the entire selected time window, show only remotely stored data.

  • Local: Show only data that is stored on the CDO, regardless of the time window selected.

    Choose this option to include data that is not available on the remote volume, such as events generated from devices that are not configured to send events to the remote volume.

  • Extended: Show only data that is stored on the remote volume.

Maximum Results

Table view

Detail view

The maximum number of matching records to include.

You can include fewer records in a PDF report than in a CSV or HTML report. The web interface uses warning and error icons to indicate when the number is too large. Hover your pointer over the icon to see the limits.

Results

Bar chart

Pie chart

Choose either Top or Bottom and enter the number of matching records you want to use to build the chart.

Color

Bar chart

Line chart

Colors for graphed data in the section.