In the last article, we discussed various types of reports a SIEM solution offers. We also threw light on how reports are arranged block-wise on Logsign SIEM along with other features. In this article, we explore how you can customize an existing report to suit your requirements. To start with, go to the Reports and Analysis section and select any report that you wish to customize.
For this article, we have selected Page Visit Analysis – Top 50 from All Web Activity Events block.
Report customization: Modifying its parameters
You can customize a report from two locations. First, as you can see in Figure 2, three icons are corresponding to each report. You can click the Edit icon to customize the selected report.
Second, when you are viewing the report data, there is an Edit button nearby the Export option. Check below the Search bar in Figure 3.
Clicking on the either of Edit options takes you to the same interface.
A. Report Type
You can select from the following report types:
- Grouped (3 variants)
- Histogram (2 variants)
Your report preference decides the number of input fields visible on the report customization interface.
B. Index Type
The Index Type dropdown has three options: Log, Captive Portal, and Logsign Events.
C. Time Column
In this dropdown, plenty of options are available for your security team. If you wish to change this, you can select any option as appropriate to the report you are customizing. In the present report, Time.Generated is selected.
This input field is crucial in generating reports as it directs Logsign SIEM in finding the data required for the present report. If you have not been able to create custom queries for your business, our Support team can definitely help you out.
E. Report Name and Report Block
In the Report Name field, you can modify the report name as per your requirements. Further, if you think a different block is more appropriate than the current block, you can select it from the Report Block dropdown.
F. Rows and Columns
In this section, you can customize the following information:
- Group Column: Based on this column, your report data gets organized.
- Rows per page: Number of results per page in the report.
- Min Event Count: This column details the minimum number of occurrences before an event becomes a part of the report.
- Sum Columns and Value Columns: Utilize these columns if your report should demonstrate the sum and value for particular events.
- Unique Columns: This field allows you to select unique columns for your report if any. Unique Column Options let you customize the data units if required.
- Term Columns: This field allows you to select the data type for term column and set its row-size attribute.
- Order by: Results in your report can be ordered by term, count, unique, and sum. The corresponding data field can be selected from the dropdown.
- Graph Type: Here, you select the graph type to visualize your report data.
- Filter Columns: You should select the columns that will be shown in your report to filter the available data.
G. Category, Tags, and Compliance
Using these fields, as the names themselves suggest, you can
- Select the category for your report, such as general, vendor-specific, compliance, etc.
- Add tags from the available list, and
- Select the regulations applicable for this report
This is how updated category, tags, and compliance may look like for a report.
Once done, click on the Save button to update your report settings.
Have you been able to customize reports for your organization? Get in touch with our support team today if you need any help.