Creating Report Rules
Having specific rules in place to generate reports can help you have a better understanding of the change events in your file system. When configured correctly, report rules can be of great help as you can have access to detailed information such as which rule has triggered the maximum number of events; which in turn, can be leveraged to fine-tune the rules to tighten the scope of event generation.
Let us see an example of creating report rules with a report source as Assets.
Create Report Rules
Follow these steps to create rule
- Navigate to Reports> Report Rules
- Click Create Report Rules
- On the Report Rule Details, provide the Report Rule Name and Description.
- Click Next
You are navigated to Source.
- Choose the source of the report from Events or Assets.
Selecting Events allows you to select event data sources.
You can select a source from the drop-down list that includes; Asset Tag, Severity, Action, User, Process, File Path, Monitoring Profile, and Custom Query.
- Select Asset as your report source. Select from Custom Query or Non-Communicating assets.
Provide asset query when you choose Custom Query. You can check the box to get the list of non-compliant assets.
Selecting the non-communicating asset allows you to choose the report source of the assets whose last checked-in time is greater than seven days.
- Once you select the option click Next.
You are navigated to Report Output. Here you can choose your output form from CSV, PDF, and HTML. You can also choose if want to compress the generated report or not.
You can send notifications by checking the Notification check box. Provide notification subject, email address to send it to, and message body.
- Click Next
You are navigated to Report Schedule.
If you select Run Now the report runs at that instant.
You can also schedule the report by providing the start date and start time.
You can decide if you want this job recurring.
- Click Next.
You are navigated to Review and Confirm. Review your inputs and click on Create Report Rule. Your report rule is created.
Reports that are not marked as 'Completed' can be run again. This functionality applies to all types of data sources, including event-based, asset-based, and incident-based reports.