Using Management Center for Cisco Security Agents 6.0 - Generating Reports [Cisco Security Agent]

Table Of Contents

Generating Reports

Overview

Types of Reports

Viewing Reports

Generating Reports

Events by Severity

Events by Group

Host Detail

Policy Detail

Group Detail

Clam AntiVirus Reports

Creating an AntiVirus Update Detail Report

Creating an AntiVirus Summary Report

Creating a Restored Infection Details Report

Creating Virus Infections Reports

Creating Virus Infections Details Reports

Data Loss Prevention Reports

Creating Data Discovery Reports

Creating a Data Justification Details Report

Creating a Protected Data Movement Report

Signature Information Detail

Denial of Service Detail

Filtering Detail

Generation Detail

Generating Reports

Overview

You can configure the Cisco Security Agent to log an event each time a system action triggers a rule.

You can use the event logging data received from agents to generate reports that indicate overall network health. Using these reports, you can monitor how your current rule sets are working and adjust them, if necessary.

You can also generate reports related to configuration information.

This section contains the following topics.

•Types of Reports

•Viewing Reports

•Generating Reports

–Events by Severity

–Events by Group

–Host Detail

–Policy Detail

–Group Detail

–Clam AntiVirus Reports

–Data Loss Prevention Reports

–Signature Information Detail

Types of Reports

CSA MC lets you generate reports using various criteria. For example, you can create reports based on event severity level, on the group that generated the event, and on the individual host systems producing events. You can sort by other parameters such as time frame, host, and event code that you configure separately.

Viewing Reports

When you generate your reports, you're given the option of selecting the type of viewer through which to display the report. From the Viewer type pulldown menu, you can select the following.

•PDF: This option will generate the complete report as a PDF file that can be viewed, printed, and saved using the browser PDF plug-in. If you do not have a PDF plug-in installed on your browser, you will have to install a PDF browser plug-in to view this report type.

•HTML: This option breaks the report into individual HTML pages which can be viewed one page at a time in a browser window. Only the currently viewed report page can be printed. (Supported by Internet Explorer 6.0 or higher and FireFox 1.5.0.x or higher.)

When you print reports, the formatting will vary depending on which view type you have selected and the printer settings on the printer you're using.

Caution When you print reports, it is recommended that you print using Landscape mode. Reports do not print correctly using Portrait mode.

Caution CSA MC requires and installs Sun JRE (Java Runtime Environment) to generate reports using the Jasper reporting tool. If you remove the Java directory from the CSA MC system, you cannot generate reports.

Generating Reports

You generate reports by selecting various sorting options in the CSA MC report configuration views. When you are finished selecting sorting parameters, you can generate your report.

Events by Severity

You can generate reports using various selection and sorting criteria. In this case, you are creating a report based on event severity levels.

To generate an Events by Severity report, do the following.

Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Events by Severity from the drop-down list that appears. Any existing reports are shown.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Events by Severity report configuration view, enter a Name and a Description for the report.

Step 4 From the pulldown list, select an Event Filter. This is an Event Set you create from the Events> Event Sets configuration view (see Event Sets, page 10-39).

Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents (see Figure 11-1).

Step 6 Enable or Disable the Ascending checkbox depending on the order in which you want to view your reports.

Step 7 Select a Viewer type, PDF or HTML.

Step 8 Click the Save button to save the parameters you've just configured for generating this report.

Step 9 Click the View Report button and the report is automatically displayed in a new window.

Figure 11-1 Events by Severity Report Configuration

Events by Group

You can generate reports using various selection and sorting criteria. In this case, you are creating a report based on the groups that have generated the events.

To generate an Events by Group report, do the following.

Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Events by Group from the drop-down list that appears. Any existing reports are shown.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Events by Group report configuration view, enter a Name and a Description for the report.

Step 4 From the pulldown list, select an Event Filter. This is an Event Set you create from the Events> Event Sets configuration view (see Event Sets, page 10-39).

Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents.

Step 6 Enable or Disable the Ascending checkbox depending on the order in which you want to view your reports.

Step 7 Select a Viewer type, PDF or HTML.

Step 8 Click the Save button to save the parameters you've just configured for generating this report.

Step 9 Click the View Report button and the report is automatically displayed in a new window.

Host Detail

You can generate reports based on hosts in specific groups you select as part of the report. A host detail report provides in-depth information on the hosts in the groups you select for the report.

To generate a host detail report, do the following.

Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Host Detail from the drop-down list that appears. Any existing reports are shown.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Host Detail report configuration view (see Figure 11-2), enter a Name and a Description for the report.

Step 4 Select the Groups for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press the Shift key to select multiple successive items. You can also select All Hosts here to generate a report for all registered hosts.

Step 5 Select a Viewer type, PDF or HTML.

Step 6 Click the Save button to save the parameters you've just configured for generating this report.

Step 7 Click the View Report button and the report is automatically displayed in a new browser window.

Figure 11-2 Host Detail Report Configuration

Policy Detail

You can generate reports by selected policies. A policy report provides in-depth information on the policies you select for the report.

To generate a policy detail report, do the following.

Step 1 Move the mouse over Reports in the menu bar and select Policy Detail from the drop-down list that appears.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Policy Detail report configuration view, enter a Name and a Description for the report.

Step 4 Select the Policies for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press and hold the Shift key to select multiple successive items.

Step 5 Select a Viewer type, PDF or HTML.

Step 6 Click the Save button to save the parameters you've just configured for generating this report.

Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window.

Group Detail

You can generate reports by a selected group or groups. A group report provides in-depth information on the groups you select for the report.

To generate a group detail report, do the following.

Step 1 Move the mouse over Reports in the menu bar and select Group Detail from the drop-down list that appears.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Group Detail report configuration view, enter a Name and a Description for the report.

Step 4 Select the Groups for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press and hold the Shift key to select multiple successive items.

Step 5 Select a Viewer type, PDF or HTML.

Step 6 Click the Save button to save the parameters you've just configured for generating this report.

Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window.

Clam AntiVirus Reports

These reports provide information about the age of signature files on hosts and the number of infected hosts in the deployment. These are the AntiVirus reports available:

•AntiVirus Update

•AntiVirus Summary

•Restored Infection Details

•Virus Infections

•Virus Infections Details

Creating an AntiVirus Update Detail Report

This report shows how old signature files are on hosts in a group. The bar chart breaks down the number of hosts using signatures that are older than X days.

Some reports are provided by default. If you would like to create your own report, follow this procedure:

Step 1 From the Reports menu, navigate AntiVirus > AntiVirus Update.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Criteria area, select a Host Filter from the drop down menu. The report will include all the hosts described by the selection in the Host Filter drop down menu. Only one Host Filter can be applied to one report.

Step 6 In the Group Filter area, select one of these two radio buttons:

•No Group Filter - if you do not want to restrict your reports to hosts in certain groups.

•Groups Matching - if you do want to restrict your report to hosts in certain groups. You may pick one or more groups from the Groups Matching menu.

Step 7 From the Sort by AV Update Date menu select ascending or descending.

Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 9 Click one of these buttons:

•Save to be able to view this report in the future.

•View Report to view the report immediately, whether it is saved or not.

Creating an AntiVirus Summary Report

This report can identify the most frequently occurring virus infections and the most infected hosts in your enterprise. The Top 10 Infected Hosts and the Top 10 Virus Infections reports are provided by default. To create your own report, follow this procedure:

Step 1 From the Reports menu, navigate AntiVirus > AntiVirus Summary.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 From the Report type list box, select the kind of report you want to create.

Step 6 In the Groups matching field, select the group, or groups, which you want to include in this report.

Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded.

You can specify the From and Until parameters in these ways:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 9 Click one of these buttons:

•Save to be able to view this report in the future

•View Report to view the report immediately, whether it is saved or not.

Creating a Restored Infection Details Report

This report provides administrators with a list of files which have been tagged with signature-based or behavior-based AntiVirus tags but that users have chosen to remove from quarantine through their local agent interface. This report allows an administrator to identify trends in these restored files. For example, if the same file is being restored by many users in one particular group, then an exception may be warranted for this file.

The report identifies the name of the virus that was found, the file that was restored, the user that restored the file, the host on which the file was restored, and the time at which the file was restored.

To create a Restored Infection Details report, follow this procedure:

Step 1 From the Reports menu, navigate AntiVirus > Restored Infection Details.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report.

Step 6 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded.

You can specify the From and Until parameters in these ways:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 7 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 8 Click one of these buttons:

•Save to be able to view this report in the future

•View Report to view the report immediately, whether it is saved or not.

Creating Virus Infections Reports

The Virus Infections report graphically displays the number of infected files found on a host. You can configure the report to sort the information by tag or by host.

The information in the report is based on the events passed from the agents to the CSA MC when the agents last polled. The information from the latest polling event overwrites the information from the previous polling event.

Some Virus Infections reports are provided by default. To create your own Virus Infections report, follow this procedure:

Step 1 From the Reports menu, navigate AntiVirus > Virus Infections.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report.

Step 6 If you know the name of the virus you want to search for, enter it in the Virus Name field, otherwise leave the * entry to search for all viruses.

Step 7 You can choose to group the report output by Host Name or Virus Name by selecting one or the other in the Group by field.

Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 9 Select Order by number of infections if you would like the report presenting the viruses with the highest number of occurrences first.

Step 10 Click one of these buttons:

•Save to view this report in the future.

•View Report to view the report immediately, whether it is saved or not.

Creating Virus Infections Details Reports

The Virus Infection Details report lists the locations of infected files. The information in the report is derived from events, generated by a scan event log rule that is set to "monitor" or "notify." These events are collected by the CSA MC. This information can be sorted by host or by virus.

Some Virus Infections Details reports are provided by default. To create your own Virus Infections Details report, follow this procedure:

Step 1 From the Reports menu, navigate AntiVirus > Virus Infection Details.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report.

Step 6 If you know the name of the virus you want to search for, enter it in the Virus Name field, otherwise leave the * entry to search for all viruses.

Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded.

You can specify the From and Until parameters in these ways:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 8 You can choose to group the report output by Host Name or Virus Name by selecting one or the other in the Group by field.

Step 9 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 10 Click one of these buttons:

•Save to be able to view this report in the future

•View Report to view the report immediately, whether it is saved or not.

Data Loss Prevention Reports

Data Loss Prevention reports can be generated for any host that is running a data loss prevention policy. To use this policy, the CSA MC has to have an available data loss prevention license for that host.

These procedures create reports describing files that have been tagged with scanning data tags or static data tags.

•Creating Data Discovery Reports

•Creating a Data Justification Details Report

•Creating a Protected Data Movement Report

Creating Data Discovery Reports

The Data Discovery report graphically displays the number of files, with a particular scanning data tag or static data tag, found on the fixed local drives of a host. You can configure the report to sort the information by tag or by host.

The information in the report is based on the events passed from the agents to the CSA MC when the agents last polled. The information from the latest polling event overwrites the information from the previous polling event.

Reports for Credit card and SSN information and Sensitive data details are provided for you by default.

To create a Data Discovery report, follow this procedure:

Step 1 From the Reports menu, navigate Data Loss Prevention > Data Discovery.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group which you want to include in this report. You may choose more than one group. You may also choose <All Groups>.

Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>.

Step 7 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report displays one pie chart, per host, per report page. The name of the data tags and the number of files with that tag are listed below the chart. If you select Tag Name, the report is a bar chart indicating the tag and the number of files with that tag. The host name and number of files with that tag are listed below the chart.

Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 9 Select Order by number of tags if you would like the report presenting the tags with the highest number of occurrences first.

Step 10 Click one of these buttons:

•Save to view this report whenever you want.

•View Report to view the report immediately, whether it is saved or not.

Creating a Data Justification Details Report

The Data Justification Details report reports the explanations users provide when acting on files tagged with scanning data tags or static data tags.

Data Justification Details reports can be generated for any host that is running a data loss prevention policy and that is using at least one scan event log rule that queries or notifies the user and asks for a justification of their action. The host must also have a data loss prevention license assigned to it.

The Data Justification Details report lists the date of the justification, the username that was prompted for the justification, the application that was acting, the file on which the application was acting, and the justification message if one was provided.

Note If a host is part of a group which is configured to filter user info from events, the username will not appear in the report.

To create a Data Justification Details report, follow this procedure:

Step 1 From the Reports menu, navigate Data Loss Prevention > Data Justification Details.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group which you want to include in this report. You may select more than one group. You may also choose <All Groups>.

Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>.

Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of covering all available data. You can specify the From and Until parameters in these ways:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 8 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report lists the directory locations of tagged files grouped by host and then by tag. If you select Tag Name, the report lists the directory locations of the tagged files grouped by tag and then by host.

Step 9 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices.

Step 10 Click one of these buttons:

•Save to view this report in the future.

•View Report to view the report immediately, whether it is saved or not.

Creating a Protected Data Movement Report

Protected Data Movement reports gather information generated by monitoring events and notification events of Scan Event Log Rules (SACLs). These events are triggered if the SACL detects a user performing a file operation on a file with a data loss prevention tag.

The Protected Data Movement report shows which files, with data tags, were accessed. This report can be sorted by host or by tag name.

Protected Data Movement reports can be generated for any host that is running the Data Loss Prevention policy and that is using at least one scan event log rule that monitors events or notifies the user of file movement.

To create a Protected Data Movement report, follow this procedure:

Step 1 From the Reports menu, navigate Data Loss Prevention > Data Discovery Details.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 Enter a Name and a short Description of the report.

Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list.

Step 5 In the Groups matching field, select the group which you want to include in this report. You may choose more than one group. You may also choose <All Groups>.

Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>.

Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded. You can specify the From and Until parameters in these ways:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 8 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report lists the directory locations of tagged files grouped by host and then by tag. If you select Tag Name, the report lists the directory locations of the tagged files grouped by tag and then by host.

Step 9 Select a Viewer type, PDF or HTML.

Step 10 Click one of these buttons:

•Save to be able to view this report in the future.

•View Report to view the report immediately, whether it is saved or not.

Signature Information Detail

You can generate reports related to the automatic signature generation feature. Signature reports provide in-depth information on these signature details:

•Denial of Service Detail

•Filtering Detail

•Generation Detail

Denial of Service Detail

Denial of service (DoS) detail reports the number of times payloads have been associated with the @highrisk_signatures token.

To generate a DoS detail report, do the following:

Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Denial of Service.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Denial of Service Detail report configuration view, enter a Name and a Description for the report.

Step 4 In the Time Frame area, specify the time period that the report should address in the From and Until fields. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 5 In the Viewer Type field select the format in which you want to display the report, HTML or PDF.

Step 6 Click the Save button to save the parameters you've just configured for generating this report.

Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window.

Filtering Detail

Filter Detail reports describe the number of times CSA acted as a result of a matching an attack payload to an existing signature.

To generate a Filtering Detail report, do the following:

Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Filtering Detail.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Filtering Detail report configuration view, enter a Name and a Description for the report.

Step 4 Select an Event Filter from the drop down menu list.

Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents.

Step 6 Enable or disable the Ascending checkbox depending on the order in which you want to view your reports.

Step 7 Choose whether or not to remove similar events from the report by choosing Yes or No in the Filter out Similar Events field.

Step 8 In the Time Frame area, specify the time period that the report should address in the From and Until fields. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Or you can select All times checkbox if you do not want to limit the time frame of the report.

Step 9 Select a Viewer type, PDF or HTML.

Step 10 Click the Save button to save the parameters you've just configured for generating this report.

Step 11 Click the View Report button. Your report is created and is automatically displayed in a new window.

Generation Detail

Generation Detail reports describe the number of times CSA correlated a signature.

To generate a Generation Detail report, do the following:

Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Generation Detail.

Step 2 Click the New button to create a new report. This takes you to the configuration view.

Step 3 In the Generation Detail report configuration view, enter a Name and a Description for the report.

Step 4 In the Signature Type field select Local or Global.

Step 5 For Global signature generation details provide a Correlation start time and Correlation end time. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC:

•You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second.

•You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional.

•You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year.

Step 6 In the Sort by Sig update time field, select Ascending or Descending.

Step 7 Select a Viewer type, PDF or HTML.

Step 8 Click the Save button to save the parameters you've just configured for generating this report.

Step 9 Click the View Report button. Your report is created and is automatically displayed in a new window.

	Using Management Center for Cisco Security Agents 6.0
	Generating Reports
Using Management Center for Cisco Security Agents 6.0 Preface Overview Management Center for Cisco Security Agents Administration Configuring Groups and Managing Hosts Building Policies Rule Module Configuration Available Rule Types Using Global Settings Using Application Classes Configuring Variables and State Conditions Event Logging and Alerts Generating Reports Using Management Center for Cisco Security Agents Utilities Using Cisco Security Agent Analysis Automatic Signature Generation AntiVirus Protection Data Loss Prevention Cisco Partner and Third Party Product Integration Using the Scripting Interface (CSAAPI) Cisco Security Agent Overview System Components Open Source License Acknowledgements and Third Party Copyrights	Download this chapter Generating Reports Download the complete book Using Management Center for Cisco Security Agents V.6.0 (PDF - 8 MB) Table Of Contents Generating Reports Overview Types of Reports Viewing Reports Generating Reports Events by Severity Events by Group Host Detail Policy Detail Group Detail Clam AntiVirus Reports Creating an AntiVirus Update Detail Report Creating an AntiVirus Summary Report Creating a Restored Infection Details Report Creating Virus Infections Reports Creating Virus Infections Details Reports Data Loss Prevention Reports Creating Data Discovery Reports Creating a Data Justification Details Report Creating a Protected Data Movement Report Signature Information Detail Denial of Service Detail Filtering Detail Generation Detail Generating Reports Overview You can configure the Cisco Security Agent to log an event each time a system action triggers a rule. You can use the event logging data received from agents to generate reports that indicate overall network health. Using these reports, you can monitor how your current rule sets are working and adjust them, if necessary. You can also generate reports related to configuration information. This section contains the following topics. •Types of Reports •Viewing Reports •Generating Reports –Events by Severity –Events by Group –Host Detail –Policy Detail –Group Detail –Clam AntiVirus Reports –Data Loss Prevention Reports –Signature Information Detail Types of Reports CSA MC lets you generate reports using various criteria. For example, you can create reports based on event severity level, on the group that generated the event, and on the individual host systems producing events. You can sort by other parameters such as time frame, host, and event code that you configure separately. Viewing Reports When you generate your reports, you're given the option of selecting the type of viewer through which to display the report. From the Viewer type pulldown menu, you can select the following. •PDF: This option will generate the complete report as a PDF file that can be viewed, printed, and saved using the browser PDF plug-in. If you do not have a PDF plug-in installed on your browser, you will have to install a PDF browser plug-in to view this report type. •HTML: This option breaks the report into individual HTML pages which can be viewed one page at a time in a browser window. Only the currently viewed report page can be printed. (Supported by Internet Explorer 6.0 or higher and FireFox 1.5.0.x or higher.) When you print reports, the formatting will vary depending on which view type you have selected and the printer settings on the printer you're using. Caution When you print reports, it is recommended that you print using Landscape mode. Reports do not print correctly using Portrait mode. Caution CSA MC requires and installs Sun JRE (Java Runtime Environment) to generate reports using the Jasper reporting tool. If you remove the Java directory from the CSA MC system, you cannot generate reports. Generating Reports You generate reports by selecting various sorting options in the CSA MC report configuration views. When you are finished selecting sorting parameters, you can generate your report. Events by Severity You can generate reports using various selection and sorting criteria. In this case, you are creating a report based on event severity levels. To generate an Events by Severity report, do the following. Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Events by Severity from the drop-down list that appears. Any existing reports are shown. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Events by Severity report configuration view, enter a Name and a Description for the report. Step 4 From the pulldown list, select an Event Filter. This is an Event Set you create from the Events> Event Sets configuration view (see Event Sets, page 10-39). Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents (see Figure 11-1). Step 6 Enable or Disable the Ascending checkbox depending on the order in which you want to view your reports. Step 7 Select a Viewer type, PDF or HTML. Step 8 Click the Save button to save the parameters you've just configured for generating this report. Step 9 Click the View Report button and the report is automatically displayed in a new window. Figure 11-1 Events by Severity Report Configuration Events by Group You can generate reports using various selection and sorting criteria. In this case, you are creating a report based on the groups that have generated the events. To generate an Events by Group report, do the following. Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Events by Group from the drop-down list that appears. Any existing reports are shown. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Events by Group report configuration view, enter a Name and a Description for the report. Step 4 From the pulldown list, select an Event Filter. This is an Event Set you create from the Events> Event Sets configuration view (see Event Sets, page 10-39). Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents. Step 6 Enable or Disable the Ascending checkbox depending on the order in which you want to view your reports. Step 7 Select a Viewer type, PDF or HTML. Step 8 Click the Save button to save the parameters you've just configured for generating this report. Step 9 Click the View Report button and the report is automatically displayed in a new window. Host Detail You can generate reports based on hosts in specific groups you select as part of the report. A host detail report provides in-depth information on the hosts in the groups you select for the report. To generate a host detail report, do the following. Step 1 Move the mouse over Reports in the menu bar of CSA MC. Select Host Detail from the drop-down list that appears. Any existing reports are shown. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Host Detail report configuration view (see Figure 11-2), enter a Name and a Description for the report. Step 4 Select the Groups for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press the Shift key to select multiple successive items. You can also select All Hosts here to generate a report for all registered hosts. Step 5 Select a Viewer type, PDF or HTML. Step 6 Click the Save button to save the parameters you've just configured for generating this report. Step 7 Click the View Report button and the report is automatically displayed in a new browser window. Figure 11-2 Host Detail Report Configuration Policy Detail You can generate reports by selected policies. A policy report provides in-depth information on the policies you select for the report. To generate a policy detail report, do the following. Step 1 Move the mouse over Reports in the menu bar and select Policy Detail from the drop-down list that appears. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Policy Detail report configuration view, enter a Name and a Description for the report. Step 4 Select the Policies for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press and hold the Shift key to select multiple successive items. Step 5 Select a Viewer type, PDF or HTML. Step 6 Click the Save button to save the parameters you've just configured for generating this report. Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window. Group Detail You can generate reports by a selected group or groups. A group report provides in-depth information on the groups you select for the report. To generate a group detail report, do the following. Step 1 Move the mouse over Reports in the menu bar and select Group Detail from the drop-down list that appears. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Group Detail report configuration view, enter a Name and a Description for the report. Step 4 Select the Groups for which you want to generate a report. To select multiple items in a list box, hold down the Ctrl key as you select each item. To unselect a single item, hold down the Ctrl key when you click on the item in question. Press and hold the Shift key to select multiple successive items. Step 5 Select a Viewer type, PDF or HTML. Step 6 Click the Save button to save the parameters you've just configured for generating this report. Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window. Clam AntiVirus Reports These reports provide information about the age of signature files on hosts and the number of infected hosts in the deployment. These are the AntiVirus reports available: •AntiVirus Update •AntiVirus Summary •Restored Infection Details •Virus Infections •Virus Infections Details Creating an AntiVirus Update Detail Report This report shows how old signature files are on hosts in a group. The bar chart breaks down the number of hosts using signatures that are older than X days. Some reports are provided by default. If you would like to create your own report, follow this procedure: Step 1 From the Reports menu, navigate AntiVirus > AntiVirus Update. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Criteria area, select a Host Filter from the drop down menu. The report will include all the hosts described by the selection in the Host Filter drop down menu. Only one Host Filter can be applied to one report. Step 6 In the Group Filter area, select one of these two radio buttons: •No Group Filter - if you do not want to restrict your reports to hosts in certain groups. •Groups Matching - if you do want to restrict your report to hosts in certain groups. You may pick one or more groups from the Groups Matching menu. Step 7 From the Sort by AV Update Date menu select ascending or descending. Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 9 Click one of these buttons: •Save to be able to view this report in the future. •View Report to view the report immediately, whether it is saved or not. Creating an AntiVirus Summary Report This report can identify the most frequently occurring virus infections and the most infected hosts in your enterprise. The Top 10 Infected Hosts and the Top 10 Virus Infections reports are provided by default. To create your own report, follow this procedure: Step 1 From the Reports menu, navigate AntiVirus > AntiVirus Summary. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 From the Report type list box, select the kind of report you want to create. Step 6 In the Groups matching field, select the group, or groups, which you want to include in this report. Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded. You can specify the From and Until parameters in these ways: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 9 Click one of these buttons: •Save to be able to view this report in the future •View Report to view the report immediately, whether it is saved or not. Creating a Restored Infection Details Report This report provides administrators with a list of files which have been tagged with signature-based or behavior-based AntiVirus tags but that users have chosen to remove from quarantine through their local agent interface. This report allows an administrator to identify trends in these restored files. For example, if the same file is being restored by many users in one particular group, then an exception may be warranted for this file. The report identifies the name of the virus that was found, the file that was restored, the user that restored the file, the host on which the file was restored, and the time at which the file was restored. To create a Restored Infection Details report, follow this procedure: Step 1 From the Reports menu, navigate AntiVirus > Restored Infection Details. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report. Step 6 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded. You can specify the From and Until parameters in these ways: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 7 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 8 Click one of these buttons: •Save to be able to view this report in the future •View Report to view the report immediately, whether it is saved or not. Creating Virus Infections Reports The Virus Infections report graphically displays the number of infected files found on a host. You can configure the report to sort the information by tag or by host. The information in the report is based on the events passed from the agents to the CSA MC when the agents last polled. The information from the latest polling event overwrites the information from the previous polling event. Some Virus Infections reports are provided by default. To create your own Virus Infections report, follow this procedure: Step 1 From the Reports menu, navigate AntiVirus > Virus Infections. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report. Step 6 If you know the name of the virus you want to search for, enter it in the Virus Name field, otherwise leave the * entry to search for all viruses. Step 7 You can choose to group the report output by Host Name or Virus Name by selecting one or the other in the Group by field. Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 9 Select Order by number of infections if you would like the report presenting the viruses with the highest number of occurrences first. Step 10 Click one of these buttons: •Save to view this report in the future. •View Report to view the report immediately, whether it is saved or not. Creating Virus Infections Details Reports The Virus Infection Details report lists the locations of infected files. The information in the report is derived from events, generated by a scan event log rule that is set to "monitor" or "notify." These events are collected by the CSA MC. This information can be sorted by host or by virus. Some Virus Infections Details reports are provided by default. To create your own Virus Infections Details report, follow this procedure: Step 1 From the Reports menu, navigate AntiVirus > Virus Infection Details. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group, or groups, which you want to include in this report. Step 6 If you know the name of the virus you want to search for, enter it in the Virus Name field, otherwise leave the * entry to search for all viruses. Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded. You can specify the From and Until parameters in these ways: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 8 You can choose to group the report output by Host Name or Virus Name by selecting one or the other in the Group by field. Step 9 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 10 Click one of these buttons: •Save to be able to view this report in the future •View Report to view the report immediately, whether it is saved or not. Data Loss Prevention Reports Data Loss Prevention reports can be generated for any host that is running a data loss prevention policy. To use this policy, the CSA MC has to have an available data loss prevention license for that host. These procedures create reports describing files that have been tagged with scanning data tags or static data tags. •Creating Data Discovery Reports •Creating a Data Justification Details Report •Creating a Protected Data Movement Report Creating Data Discovery Reports The Data Discovery report graphically displays the number of files, with a particular scanning data tag or static data tag, found on the fixed local drives of a host. You can configure the report to sort the information by tag or by host. The information in the report is based on the events passed from the agents to the CSA MC when the agents last polled. The information from the latest polling event overwrites the information from the previous polling event. Reports for Credit card and SSN information and Sensitive data details are provided for you by default. To create a Data Discovery report, follow this procedure: Step 1 From the Reports menu, navigate Data Loss Prevention > Data Discovery. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group which you want to include in this report. You may choose more than one group. You may also choose <All Groups>. Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>. Step 7 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report displays one pie chart, per host, per report page. The name of the data tags and the number of files with that tag are listed below the chart. If you select Tag Name, the report is a bar chart indicating the tag and the number of files with that tag. The host name and number of files with that tag are listed below the chart. Step 8 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 9 Select Order by number of tags if you would like the report presenting the tags with the highest number of occurrences first. Step 10 Click one of these buttons: •Save to view this report whenever you want. •View Report to view the report immediately, whether it is saved or not. Creating a Data Justification Details Report The Data Justification Details report reports the explanations users provide when acting on files tagged with scanning data tags or static data tags. Data Justification Details reports can be generated for any host that is running a data loss prevention policy and that is using at least one scan event log rule that queries or notifies the user and asks for a justification of their action. The host must also have a data loss prevention license assigned to it. The Data Justification Details report lists the date of the justification, the username that was prompted for the justification, the application that was acting, the file on which the application was acting, and the justification message if one was provided. Note If a host is part of a group which is configured to filter user info from events, the username will not appear in the report. To create a Data Justification Details report, follow this procedure: Step 1 From the Reports menu, navigate Data Loss Prevention > Data Justification Details. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group which you want to include in this report. You may select more than one group. You may also choose <All Groups>. Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>. Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of covering all available data. You can specify the From and Until parameters in these ways: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 8 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report lists the directory locations of tagged files grouped by host and then by tag. If you select Tag Name, the report lists the directory locations of the tagged files grouped by tag and then by host. Step 9 In the Viewer type menu, select PDF or HTML output. See the "Viewing Reports" section for information more information about PDF and HTML output choices. Step 10 Click one of these buttons: •Save to view this report in the future. •View Report to view the report immediately, whether it is saved or not. Creating a Protected Data Movement Report Protected Data Movement reports gather information generated by monitoring events and notification events of Scan Event Log Rules (SACLs). These events are triggered if the SACL detects a user performing a file operation on a file with a data loss prevention tag. The Protected Data Movement report shows which files, with data tags, were accessed. This report can be sorted by host or by tag name. Protected Data Movement reports can be generated for any host that is running the Data Loss Prevention policy and that is using at least one scan event log rule that monitors events or notifies the user of file movement. To create a Protected Data Movement report, follow this procedure: Step 1 From the Reports menu, navigate Data Loss Prevention > Data Discovery Details. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 Enter a Name and a short Description of the report. Step 4 If you want this report to appear on the CSA MC Home page, select Put this report on the Home page favorite list. Step 5 In the Groups matching field, select the group which you want to include in this report. You may choose more than one group. You may also choose <All Groups>. Step 6 In the Tags matching field, select the tag, or tags, for which you want to create a report. You may also choose <All tags>. Step 7 Specify the time frame for the report by entering the From and Until parameters in the Time Frame area. Alternatively, you may check All times if you want a report of all virus infections ever recorded. You can specify the From and Until parameters in these ways: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 8 Choose to group the report output by Host Name or Tag Name by selecting one of those items from the Group by field. If you select Host Name, the report lists the directory locations of tagged files grouped by host and then by tag. If you select Tag Name, the report lists the directory locations of the tagged files grouped by tag and then by host. Step 9 Select a Viewer type, PDF or HTML. Step 10 Click one of these buttons: •Save to be able to view this report in the future. •View Report to view the report immediately, whether it is saved or not. Signature Information Detail You can generate reports related to the automatic signature generation feature. Signature reports provide in-depth information on these signature details: •Denial of Service Detail •Filtering Detail •Generation Detail Denial of Service Detail Denial of service (DoS) detail reports the number of times payloads have been associated with the @highrisk_signatures token. To generate a DoS detail report, do the following: Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Denial of Service. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Denial of Service Detail report configuration view, enter a Name and a Description for the report. Step 4 In the Time Frame area, specify the time period that the report should address in the From and Until fields. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 5 In the Viewer Type field select the format in which you want to display the report, HTML or PDF. Step 6 Click the Save button to save the parameters you've just configured for generating this report. Step 7 Click the View Report button. Your report is created and is automatically displayed in a new window. Filtering Detail Filter Detail reports describe the number of times CSA acted as a result of a matching an attack payload to an existing signature. To generate a Filtering Detail report, do the following: Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Filtering Detail. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Filtering Detail report configuration view, enter a Name and a Description for the report. Step 4 Select an Event Filter from the drop down menu list. Step 5 From the Sort by pulldown list, select a parameter for sorting this report's contents. Step 6 Enable or disable the Ascending checkbox depending on the order in which you want to view your reports. Step 7 Choose whether or not to remove similar events from the report by choosing Yes or No in the Filter out Similar Events field. Step 8 In the Time Frame area, specify the time period that the report should address in the From and Until fields. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Or you can select All times checkbox if you do not want to limit the time frame of the report. Step 9 Select a Viewer type, PDF or HTML. Step 10 Click the Save button to save the parameters you've just configured for generating this report. Step 11 Click the View Report button. Your report is created and is automatically displayed in a new window. Generation Detail Generation Detail reports describe the number of times CSA correlated a signature. To generate a Generation Detail report, do the following: Step 1 Move the mouse over Reports in the menu bar and navigate Signatures>Generation Detail. Step 2 Click the New button to create a new report. This takes you to the configuration view. Step 3 In the Generation Detail report configuration view, enter a Name and a Description for the report. Step 4 In the Signature Type field select Local or Global. Step 5 For Global signature generation details provide a Correlation start time and Correlation end time. You can refer to the following points for entering time frame information, but note that most reasonable time frames are recognized by CSA MC: •You can specify a relative time using any of the following terms: tomorrow, yesterday, today, now, next, ago, year, month, week, day, hour, minute, and second. •You can enter a specific time using any of the following time formats: hh:mm:ss. If no meridian (AM or PM) is specified, hh is interpreted on a 24 hour clock (0-23). Note that entering minutes and/or seconds is optional. •You can enter a specific month and day with optional year in the formats: mm/dd/yy, monthname dd,yy. Specifying the year is optional. The default year is the current year. Step 6 In the Sort by Sig update time field, select Ascending or Descending. Step 7 Select a Viewer type, PDF or HTML. Step 8 Click the Save button to save the parameters you've just configured for generating this report. Step 9 Click the View Report button. Your report is created and is automatically displayed in a new window.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks