When creating a report within the DefenseStorm UI, there are 3 main steps:
- Create a chart
- Organize a template
- Generate a report
By default the Reports homepage displays all generated reports. You can utilize the filter option to view reports generated from specific templates, and/or status' (active or deleted reports). Hovering over a report name displays options to download, delete, or view the charts within the report.
Creating a DefenseStorm Report
To create a Report, the first step is to create a chart to gather and display desired data. As soon as a new chart is created, it begins gathering applicable data from the previous 90 days. This gathering of data is strictly behind the scenes, and does not impact GRID performance.
Once you are satisfied with the charts you've created, organize them into templates. When putting together your templates, add all desired charts with headings and descriptions specific to the template's purpose. For example, if you create an overview template, the charts and descriptions would be high-level, and as simple as possible. If you're creating an in-depth template, while utilizing some of the same charts, they would have more detailed descriptions, with additional heading 2 charts.
After you have finalized your templates, determine the report frequency. Reports can be generated as a one-time occurrence or on a schedule. If you select to generate the report on a schedule, you can add email addresses to receive a link once the report has been generated.
1. Creating a Chart
Charts use search queries to capture data. The process of creating a chart can be started from the Events page or the Reports page.
How to create a chart via Events page
If you are searching through events and want more information on the trends and statistics for this occurrence, select to create a chart directly from the Events screen.
- Within the Events page, enter search query. It must be a search query, event results based solely on filters do not apply.
- Once desired results display, select the icon to create a chart.
- The Reports > Chart page opens providing a chart view of your queried data.
- To use this chart for reporting, go to Step 2 of the next section, "How to create a chart via Reports page". If you do not want to save the chart, select Cancel.
How to create a chart via Reports page
- Select Reports > Charts > blue + icon
- Enter required and desired chart information. * indicates a required field
Query*: Data being pulled from the GRID. You can enter a new query, or a saved search.
Name*: What the chart is called.
Chart Type: Default is a line graph.
X-Asis Title: Chosen title for the horizontal axis of the graph.
Y-Axis Title: Chosen title for the vertical axis of the graph.
- Select Save.
Example: Failed Admin Logons
- Query*: app_name:("microsoft-windows-security-auditing" OR "DefenseStorm Agent") AND (event_id:4625) AND (account_name:"Administrator" OR target_user_name:"Administrator") AND NOT defensestorm_type:alert
- Name*: Failed Admin Logins
- Chart Type: Line
- X-Asis Title: Time
- Y-Axis Title: Count
2. Creating a Template
Templates is where you choose, organize, and give context for the charts in your report. You can create multiple templates with a variation of charts.
How to create a template
- Select Reports > Templates > blue + icon
- Enter template title and description.
- Select Apply.
- Select 'Add a new fragment here' to add a chart.
- Select chart from the drop-down in the Edit Fragment window.
- Create a Heading name and Heading Type. Chose either Heading 1 or Heading 2. Heading 2 is a good option for a secondary, or sub-chart.
- Enter a paragraph description. What makes it relevant to your report? The same chart could have different descriptions based on the report audience and timeframe.
- Select Apply. Repeat steps 4-8 to add additional charts.
- Click Save. The template is created and ready to be generated as a report.
Example: Utilizing Heading 1 & Heading 2 when creating a template
For example, one of your boss' wants incredibly detailed information, while the other wants general information. You would create a template consisting of multiple heading 1 and heading 2 charts to provide in-depth information; and another template with a variety of heading 1 charts that show general information.
3. Generating a Report
Since charts and templates are created prior to generating a report, this is the quickest and easiest step in the process. All you have to decide is if you want the report generated once, or on a schedule.
How to generate a report
- Select Reports > Templates to view all templates.
- Search or scroll to find the template you wish to generate.
- Chose from the options to the right of the template name: Generate New Report, View Previously Generated Reports, Schedule, Clone, or Delete.
- Selecting to Generate a New Report > select the date range > Select Create.
- Previously generated report takes you to a filtered version of the Reports page.
- Schedule a report > add email addresses > determine frequency > Create.
Email addresses added here receive a URL to download the report once its completed.
- Cloning the template creates an exact copy of the template to allow quick, minor adjustments.
- Deleting the template removes it from the list so future reports cannot be generated. No charts or data is affected by deleting a template. All previously generated reports are still visible.
On-Demand Cybersecurity Report
The Cybersecurity Report is a default report created by the experts at DefenseStorm to make presenting information quick and simple.
The following information is provided in each report,
- Opened Incident Severity Breakdown
- Most Active Incidents
- Most Fired Alerts
- Events by Hour (daily report)
- Events by Day (weekly report)
- Events by Date (monthly report)
Generating the On-Demand Report
- Go to the Reports page
- Select + to open the Create Custom Report window
- Choose 'On-demand Report' from the Template drop-down
- Enter any email addresses you want the report sent to
- Determine Date Range
- Click Create