Having specific rules in place to generate reports can help you have a better understanding of the change events in your file system. When configured correctly, report rules can be of great help as you can have access to detailed information such as which rule has triggered the maximum number of events; which in turn, can be leveraged to fine-tune the rules to tighten the scope of event generation.
1. Navigate to Reports> Report Rules
2. Click Create Report Rules
3. On the Report Rule Details, provide the Report Rule Name and Description.
4. Click Next
You are navigated to Source.
5. You can choose the source of the report from Events or Assets.
Selecting Events allows you to select event data sources.
You can select a source from the drop-down list that includes; Asset Tag, Severity, Action, User, Process, File Path, Monitoring Profile, and Custom Query.
6. Select Asset as your report source. Select from Custom Query or Non-Communicating assets.
Note: Provide asset query when you choose Custom Query. You can check the box to get the list of non-compliant assets.
Selecting the non-communicating asset allows you to choose the report source of the assets whose last checked-in time is greater than seven days.
Once you select the option click Next.
You are navigated to Report Output. Here you can choose your output form from CSV, PDF, and HTML. You can also choose if want to compress the generated report or not.
You can send notifications by checking the Notification check box. Provide notification subject, email address to send it to, and message body.
Click Next
You are navigated to Report Schedule.
If you select Run Now the report will run at that instant.
You can also schedule the report by providing the start date and start time.
You can decide if you want this job recurring.
Click Next.
You are navigated to Review and Confirm. Review your inputs and click on Create Report Rule. Your report rule is created.