In the last article, we discussed various types of reports a SIEM solution offers. We also threw light on how reports are arranged block-wise on Logsign SIEM along with other features. In this article, we explore how you can customize an existing report to suit your requirements. To start with, go to the Reports and Analysis section and select any report that you wish to customize.
Figure 1: Reports and Analysis section on Logsign SIEM
For this article, we have selected Page Visit Analysis – Top 50 from All Web Activity Events block.
Figure 2: Page Visit Analysis – Top 50 from All Web Activity Events
Figure 3: Report data
You can customize a report from two locations. First, as you can see in Figure 2, three icons are corresponding to each report. You can click the Edit icon to customize the selected report.
Figure 4: Schedule, Modify, and Delete
Second, when you are viewing the report data, there is an Edit button nearby the Export option. Check below the Search bar in Figure 3.
Figure 5: Edit and Export options
Clicking on the either of Edit options takes you to the same interface.
Figure 6: Customizing a report
Figure 7: Report types
You can select from the following report types:
Your report preference decides the number of input fields visible on the report customization interface.
The Index Type dropdown has three options: Log, Captive Portal, and Logsign Events.
Figure 8: Index type
In this dropdown, plenty of options are available for your security team. If you wish to change this, you can select any option as appropriate to the report you are customizing. In the present report, Time.Generated is selected.
Figure 9: Time Column
This input field is crucial in generating reports as it directs Logsign SIEM in finding the data required for the present report. If you have not been able to create custom queries for your business, our Support team can definitely help you out.
Figure 10: Query
In the Report Name field, you can modify the report name as per your requirements. Further, if you think a different block is more appropriate than the current block, you can select it from the Report Block dropdown.
Figure 11: Report name and report block
In this section, you can customize the following information:
Figure 12: Rows and column details
Using these fields, as the names themselves suggest, you can
Figure 13: Category, Tags, and Compliance (unfilled)
This is how updated category, tags, and compliance may look like for a report.
Figure 14: Category, Tags, and Compliance (filled)
Once done, click on the Save button to update your report settings.
Have you been able to customize reports for your organization? Get in touch with our support team today if you need any help.
In this article, we look at various types of reports available on a SIEM solution such as Logsign.
A Cyber Kill Chain defines all stages attackers can use to launch an attack and the SOC team can use them to identify, detect, prevent, and contain attack before it causes real damage to the organization.