Creating reports on FIM events that occur as a result of any kind of action in your file system is important as the reports enable you to visualize the collected data. You can better analyze trends in events detected, generate graphical reports, and create executive reports that provide an in-depth insight into your network's file integrity.
With FIM, you can create on-demand reports or schedule your report generation at a future date and time. Specify your reporting criteria by leveraging QQL tokens and have access to the most accurate and up-to-date event and incident data in PDF, CSV, or HTML formats.
Note: The event record limit for CSV reports is 1 million, and for HTML and PDF reports, the limit is 100,000. Records beyond this limit is truncated.
You can also create rules to create reports by defining specific critetia for events and incidents. This helps you have access to exact event data as per your business requirements.
The FIM reports are retained on the Qualys platform for seven days. It is recommended that you download your reports within seven days of generation for future reference and analysis.
You can search for reports by the report title in the Reports sub-tab. You can also email reports to specified users by using the Notification option that's available while creating a report.
1. In the FIM UI, navigate to the Reports > Report Rules tab and click Create Report Rule.
2. In the Report Rule Details page, provide the report rule name, a brief description, and then click Next.
3. In the Source page, select Events as the source for your reports that you want to include in the rule.
4. From the Event Source Type drop-down list and select the source of events that you want to be captured in your report.
5. Enter the relevant inputs for options and fields that are displayed depending on the event source you have selected.
6. To define the scope of assets in the report rule, perform the following steps and then click Next:
Select Asset Tag from the Event Source Type drop-down list.
Specify assets: In the Include the Assets section, click 
to select the assets from the Select Assets page and then click Apply.
Include asset tags: In the Include hosts for the tags section, click to select asset tags from the Select Tags page and then click Apply.
8. In the Report Output and Notification page, perform the following steps and then click Next:
Specify report format: In the Output Format section, choose the format for your report.
Compress your report: Click Yes if you want the report to be compressed. Otherwise, click No.
Notify stakeholders: To send notifications when a report is generated, select Notification and enter the email IDs of the users you want to notify in the To text box. You can enter a maximum of 50 recipients. Optionally, in the Message Body text box, enter the email message to be sent along with the report.
The notification email includes the link to download the report from the Qualys platform. You must provide your Qualys platform user ID and password to download the report. The report link is valid only for seven days. You must download the report before the link expires..
5. In the Report Schedule page, you have the following two options for report generation:
6. Click Run Now to run the report as soon as you confirm the report rule creation.
If you want to schedule the report generation, you can have a one-time schedule or a recurring schedule.
For a one-time schedule, perform the following steps and then click Next:
- Specify and date and time for the report generation in the Start Date and Start Time fields respectively.
- In the Consider events from drop-down list, specify the duration to consider for the events to be included in the report. By default, the value selected is Today.
By default, the Start Date field displays the current date and the Start Time field displays the current time +20 minutes. You can manually change the date and time if required.
For a recurring schedule, perform the following steps and then click Next:
- Select the Recurring Job check box.
- Specify a frequency for the report execution schedule: From the Repeats drop-down list, select how frequently you want the report to be executed. The default value selected is Daily.
- Enter the relevant inputs for options and fields that are displayed depending on the value you select from the Repeats drop-down list.
- Specify a start time for the recurrent schedule: From the Start Time drop-down list.
The default value is the current time+20 minutes. You can manually change the time if required.
- Specify an end date for the recurrent schedule: Select the End Date check box and then from the drop-down list, select the last date for the recurring schedule of the report. The default value is the 10th day from the current date.
7. In the Review & Confirm page, review your input parameters.
You can click 
to make changes in the respective pages if required.
8. Click Create Report Rule.
After the report rule is created, it is listed in the Report Rules tab.
