Creating Reports on FIM Events

Creating reports on FIM events that occur as a result of any kind of action in your file system is important as the reports enable you to visualize the collected data. You can better analyze trends in events detected, generate graphical reports, and create executive reports that provide an in-depth insight into your network's file integrity.

With FIM, you can create on-demand reports or schedule your report generation at a future date and time. Specify your reporting criteria by leveraging QQL tokens and have access to the most accurate and up-to-date event and incident data in PDF, CSV, or HTML formats.

The event record limit for CSV reports is 1 million, and for HTML and PDF reports, the limit is 100,000. Records beyond this limit is truncated.

You can also create rules to create reports by defining specific critetia for events and incidents. This helps you have access to exact event data as per your business requirements.

The FIM reports are retained on the Qualys platform for seven days. It is recommended that you download your reports within seven days of generation for future reference and analysis.

You can search for reports by the report title in the Reports sub-tab. You can also email reports to specified users by using the Notification option that's available while creating a report.

Create Reports on FIM Events

Reports that are not marked as 'Completed' can be run again. This functionality applies to all types of data sources, including event-based, asset-based, and incident-based reports.

1. Navigate to the Reports > Report Rules tab.
2. Click Create Report Rule to view the Report Rule Details page.
3. Enter the Report Rule Name and Description.

   

4. Click Next to view the Source page.
5. Select Report Source as Events that you want to include in the rule.
6. Select a Event Source Type from the list that you want to capture in your report.
7. Select/enter the relevant inputs for options and fields displayed depending on your selected event source.

   

8. If you want to define the scope of assets in the report rule, follow these steps:

   1. Select Asset Tag from the Event Source Type list.

   2. In the Include Assets section, click to select the assets from the Select Assets page and click Apply.

   3. In the Include hosts for the tags section, click to select asset tags from the Select Tags page and click Add Tag.

      

9. Click Next to view the Report Output and Notification page.
10. In the Report Output and Notification page, perform the following steps:
    1. Select the desired report Output Format, (CSV, PDF, or HTML) for your report.
    2. Select Yes if you want the report to be compressed. Otherwise, click No.

       

    3. If you want to send notification to stakeholders when a report is generated, select the Notification checkbox.

    4. Enter a Notification Subject.

    5. Enter the email IDs of the stakeholders you want to notify in the To text box.
       You can enter a maximum of 10 recipients.

    6. Optionally, in the Message Body text box, enter the email message to be sent along with the report.
       The notification email includes the link to download the report from the Qualys platform.

       

       The Qualys user ID and password are required to download the report, which is valid for seven days. Ensure the report is downloaded before the link expires.

11. Click Next to view the Report Schedule page.
    In the Report Schedule page, if you want to schedule the report generation, you can have a one-time schedule or a recurring schedule. For more information, refer to Schedule the Report Execution.

Schedule the Report Execution

On the Report Schedule page, you can choose one of the following options to generate reports:

• Run Now: Generate the report immediately after confirming the report rule.
• Schedule: Set up a recurring schedule to run the report automatically at specified intervals.

To schedule the report, follow these steps:

1. To generate the report without a schedule, follow these steps:
   1. Click the Run Now tab.
   2. In the Consider events from list select a specific time frame, such as Today, Yesterday, Last 7 Days, or Last 30 Days for events to include in the report. Selecting Specific Date allows you to choose a custom date range. By default, the value selected is Today.

      

2. To set up a schedule, follow these steps:

   1. Click the Schedule tab.

   2. To generate the report of a specific duration, such as Today, Yesterday, Last 7 Days, or Last 30 Days, select a duration from the Consider events from list.
      Selecting Specific Date allows you to choose a custom date range. By default, the value selected is Today.

      

   3. To schedule the report generation, select the Recurring Job checkbox.

   4. From the Repeats drop-down list, select a schedule for the report execution.
      The default value selected is Daily.

      

   5. Select/enter the relevant inputs for options and fields that are displayed depending on the schedule you select from the Repeats drop-down list.

      Schedule	Options
      Daily	Select this option to schedule the report to run daily on the selected Start Date and Start Time.
      Weekly	Select this option to schedule the report to run every week on the selected day. The Start Date and Start Time indicate when the schedule begins.
      Monthly	Select this option to schedule the report to run every month on the selected date. The Recurrence Date denotes the date the report is generated. The Start Date and Start Time indicate when the schedule begins.
      Quarterly	Select this option to schedule the report to run on the first day of every quarter.  The Start Date and Start Time indicate when the schedule begins. For example, when you select a start date of January 1, 2025, the system generates the report for the first quarter, which spans from January to March 2025, at the beginning of the subsequent quarter, specifically on April 1, 2025.
      Yearly	Select this option to schedule the report to run yearly on a specific day of a selected month. The Recurrence Date and Month specify when the report is generated. The Start Date and Start Time indicate when the schedule begins.

      The default value of the Start Time is the current time +20 minutes. You can manually change the time if required.

   6. Select the End Date check box and specify the end date for the recurring schedule of the report.
      The default value is the 10th day from the current date.
3. Click Next to view the Review & Confirm page.
4. Click to make changes in the respective pages if required.

   

5. Click Create Report Rule.

   After the report rule is created, it is listed in the Report Rules tab.

   

   Generated reports are displayed with the Completed status in the Reports tab. You can download the report from the Quick Actions menu. 

   

   Reports with status other than Completed can be rerun. This functionality applies to all types of data sources, including event-based, asset-based, and incident-based reports.

Related Topics

FIM Reports

Creating Reports on FIM Assets