customize your reports on SIEM

How to Customize a Report on Logsign SIEM?

In the last article, we discussed various types of reports a SIEM solution offers. We also threw light on how reports are arranged block-wise on Logsign SIEM along with other features. In this article, we explore how you can customize an existing report to suit your requirements. To start with, go to the Reports and Analysis section and select any report that you wish to customize.

customize a report on Logsign SIEM
Figure 1: Reports and Analysis section on Logsign SIEM

For this article, we have selected Page Visit Analysis – Top 50 from All Web Activity Events block.

customize a report on Logsign SIEM
Figure 2: Page Visit Analysis – Top 50 from All Web Activity Events
customize a report on Logsign SIEM
Figure 3: Report data

Report customization: Modifying its parameters

You can customize a report from two locations. First, as you can see in Figure 2, three icons are corresponding to each report. You can click the Edit icon to customize the selected report.

customize a report on Logsign SIEM
Figure 4: Schedule, Modify, and Delete

Second, when you are viewing the report data, there is an Edit button nearby the Export option. Check below the Search bar in Figure 3.

customize a report on Logsign SIEM
Figure 5: Edit and Export options

Clicking on the either of Edit options takes you to the same interface.

customize a report on Logsign SIEM
Figure 6: Customizing a report

A. Report Type

customize a report on Logsign SIEM
Figure 7: Report types

You can select from the following report types:

  1. Grouped (3 variants)
  2. Table
  3. Histogram (2 variants)
  4. Map
  5. Correlator

Your report preference decides the number of input fields visible on the report customization interface.

B. Index Type

The Index Type dropdown has three options: Log, Captive Portal, and Logsign Events.

customize a report on Logsign SIEM
Figure 8: Index type

C. Time Column

In this dropdown, plenty of options are available for your security team. If you wish to change this, you can select any option as appropriate to the report you are customizing. In the present report, Time.Generated is selected.

customize a report on Logsign SIEM
Figure 9: Time Column

D. Query

This input field is crucial in generating reports as it directs Logsign SIEM in finding the data required for the present report. If you have not been able to create custom queries for your business, our Support team can definitely help you out.

customize a report on Logsign SIEM
Figure 10: Query

E. Report Name and Report Block

In the Report Name field, you can modify the report name as per your requirements. Further, if you think a different block is more appropriate than the current block, you can select it from the Report Block dropdown.

customize a report on Logsign SIEM
Figure 11: Report name and report block

F. Rows and Columns

In this section, you can customize the following information:

  1. Group Column: Based on this column, your report data gets organized.
  2. Rows per page: Number of results per page in the report.
  3. Min Event Count: This column details the minimum number of occurrences before an event becomes a part of the report.
  4. Sum Columns and Value Columns: Utilize these columns if your report should demonstrate the sum and value for particular events.
  5. Unique Columns: This field allows you to select unique columns for your report if any. Unique Column Options let you customize the data units if required.
  6. Term Columns: This field allows you to select the data type for term column and set its row-size attribute.
  7. Order by: Results in your report can be ordered by term, count, unique, and sum. The corresponding data field can be selected from the dropdown.
  8. Graph Type: Here, you select the graph type to visualize your report data.
  9. Filter Columns: You should select the columns that will be shown in your report to filter the available data.
customize a report on Logsign SIEM
Figure 12: Rows and column details

G. Category, Tags, and Compliance

Using these fields, as the names themselves suggest, you can

  1. Select the category for your report, such as general, vendor-specific, compliance, etc.
  2. Add tags from the available list, and
  3. Select the regulations applicable for this report
customize a report on Logsign SIEM
Figure 13: Category, Tags, and Compliance (unfilled)

This is how updated category, tags, and compliance may look like for a report.

customize a report on Logsign SIEM
Figure 14: Category, Tags, and Compliance (filled)

Once done, click on the Save button to update your report settings.


Have you been able to customize reports for your organization? Get in touch with our support team today if you need any help. 

Leave a Reply

Your email address will not be published. Required fields are marked *