Introduction
Logsign Unified SecOps Platform provides approximately 1000 different Reports that are out-of-the-box with all categories. In this document "Out-of-the-box Reports Installation" and "Creating Sophisticated Reports" subjects will be explained.
Installation of Out-of-the-box Reports
The out-of-the-box reports can be installed with move your mouse curser toward Reports tab -> Install Reports.
Different types of vendors can be filtered from the left side of the page as shown above and report categories can be installed with the "+" button.
Defining / Creating Sophisticated Reports
Several types of reports can be created on Logsign Unified SecOps Platform according to the sources added in your system. A few of these will be shown through exemplification. It is assumed that a few sources, such as firewall, active directory, domain controller, file server, endpoint security center, etc., are used in a standardized corporation. If it is sorted out, the report creation will be easier by having a little knowledge of what logs have passed through which source. The Search tab is clicked on in the Logsign Unified SecOps Platform, and the search platform that can be queried will come up. The query of the event that the report is desired to be created on is written on the Search platform. If desired, the information of the event (IP address, port information, user name, etc.) that the report is desired to be created for can be filled in directly from the search filter columns on the left side, or a query for the search platform can be written.
Here, a report of the users who perform the most downloading operation during the day will be created. After writing DataType:"log" EventMap.Type:Session to the Search platform or selecting Session from the small menu that comes up after selecting EventMap.Type from the search filter columns on the left side, Search is clicked, and the traffic session information will come up. To be more descriptive, all the logs about session traffic in the user's network environment can be seen.
Then, the "+Report" button on the left side of the Search button is clicked. This will bring up a page where the template can be edited. On this page, the materials that are desired to appear in the report will be added and edited.
Report Type: The types of reports that can be generated can be chosen based on the desired reports found here. For calculating the amount of traffic that users have on the network, the Grouped Plus option is selected. It is useful to select the template that best fits the report that is desired to be created and to do the analysis correctly when choosing the report type.
- Index Type: This setting determines the type of logs to be included in the report, such as web interface events or reindexed logs from an archive.
- Time Column: This tab is used to set the time column for the report.
- Report Name: Here, the user can name their report.
- Report Block: The user selects a report block to save the report.
- Category: The user specifies which category to save the report.
- Tag: This setting can restrict access to the report to a particular user group.
- Compliance: This setting specifies the compliance criteria for the report.
After defined the parts that shown above, "Next" button is clicked and continued with the "Query" part in report.
- Query: This tab allows the user to input their query for the report.
- Grouped Column: This setting specifies the column information to be sorted first in the report.
- Rows Per Page: This determines the number of rows to be displayed per page in the report.
- Min Event Count: This setting specifies the minimum number of log messages to be included in the report.
- Sum Columns: This section allows the user to define the query for data collection.
- Sum Columns Options: Here, the user configures mathematical operations for the report, such as selecting units or converting results.
- Term Columns: This section is used to specify additional column information to be displayed in the report.
- Order By: This setting determines the order of the result based on the query content.
- Graph Type: The user selects a graphical view for the report.
- Filter Columns: Here, the user specifies how to filter the report's results.
Finally, the user can save their report in the Custom Reports report block and analyze the events in the Logsign Unified SecOps Platform.
The output page was created as an image of the previously recorded report. Additionally, in the upper left corner of the page, there is a report analysis management menu entitled "Search Filter." From this section, filtering can be performed based on the filter set that was selected in the "Filter Columns" section. By clicking on the name of the column that requires filtering, a text field is displayed. Clicking on the line to be filtered in the small window that opens will display the corresponding results.
The report that was created can be edited by clicking on the "Edit" option located under the "Search" button.
The report that was created can be edited by selecting the Edit option located under the Search button. Additionally, the report can be exported by clicking on the Export button, which provides three options: PDF, EXCEL, and HTML. If PDF is selected, the report can be exported, and a list of previously exported reports can be viewed under the Exported Reports heading.
The prepared report can be downloaded by placing the mouse cursor over it, and Download status will be displayed next to the Status column. The report can be exported by clicking on the button. The exported report, when opened, will show the first page containing the company logo, company name, address, and contact information. The contents of the report that was created will follow on the subsequent pages.