Creating Reports on FIM Events

Creating reports on FIM events that occur as a result of any kind of action in your file system is important as the reports enable you to visualize the collected data. You can better analyze trends in events detected, generate graphical reports, and create executive reports that provide an in-depth insight into your network's file integrity.

With FIM, you can create on-demand reports or schedule your report generation at a future date and time. Specify your reporting criteria by leveraging QQL tokens and have access to the most accurate and up-to-date event and incident data in PDF, CSV, or HTML formats.

Note: The event record limit for CSV reports is 1 million, and for HTML and PDF reports, the limit is 100,000. Records beyond this limit is truncated.

You can also create rules to create reports by defining specific critetia for events and incidents. This helps you have access to exact event data as per your business requirements.

The FIM reports are retained on the Qualys platform for seven days. It is recommended that you download your reports within seven days of generation for future reference and analysis.

You can search for reports by the report title in the Reports sub-tab. You can also email reports to specified users by using the Notification option that's available while creating a report.

To create reports on FIM events:

1. In the FIM UI, navigate to the Reports > Report Rules tab and click Create Report Rule.

2. In the Report Rule Details page, provide the report rule name, a brief description, and then click Next.

Image of the Report Rule page

3. In the Source page, select Events as the source for your reports that you want to include in the rule.

4. From the Event Source Type drop-down list and select the source of events that you want to be captured in your report.

5. Enter the relevant inputs for options and fields that are displayed depending on the event source you have selected.

Image of Event Source page

6. To define the scope of assets in the report rule, perform the following steps and then click Next:

8. In the Report Output and Notification page, perform the following steps and then click Next:

The notification email includes the link to download the report from the Qualys platform. You must provide your Qualys platform user ID and password to download the report. The report link is valid only for seven days. You must download the report before the link expires..

5. In the Report Schedule page, you have the following two options for report generation:

6. Click Run Now to run the report as soon as you confirm the report rule creation.

If you want to schedule the report generation, you can have a one-time schedule or a recurring schedule.

Steps to follow if you want to schedule the report execution:

For a one-time schedule, perform the following steps and then click Next:

- Specify and date and time for the report generation in the Start Date and Start Time fields respectively.

- In the Consider events from drop-down list, specify the duration to consider for the events to be included in the report. By default, the value selected is Today.

By default, the Start Date field displays the current date and the Start Time field displays the current time +20 minutes. You can manually change the date and time if required.

Image of the Report Schedule page

For a recurring schedule, perform the following steps and then click Next:

- Select the Recurring Job check box.

- Specify a frequency for the report execution schedule: From the Repeats drop-down list, select how frequently you want the report to be executed. The default value selected is Daily.

- Enter the relevant inputs for options and fields that are displayed depending on the value you select from the Repeats drop-down list.

- Specify a start time for the recurrent schedule: From the Start Time drop-down list.

The default value is the current time+20 minutes. You can manually change the time if required.

- Specify an end date for the recurrent schedule: Select the End Date check box and then from the drop-down list, select the last date for the recurring schedule of the report. The default value is the 10th day from the current date.

7. In the Review & Confirm page, review your input parameters.

You can click Edit icon to make changes in the respective pages if required.

Image of the Review and Confirm page

8. Click Create Report Rule.

After the report rule is created, it is listed in the Report Rules tab.

Report Rule sub-tab under Report tab

Related Topics

FIM Reports

Creating Reports on FIM Assets