Creating Reports on FIM Events

Creating reports on FIM events that occur as a result of any kind of action in your file system is important as the reports enable you to visualize the collected data. You can better analyze trends in events detected, generate graphical reports, and create executive reports that provide an in-depth insight into your network's file integrity.

With FIM, you can create on-demand reports or schedule your report generation at a future date and time. Specify your reporting criteria by leveraging QQL tokens and have access to the most accurate and up-to-date event and incident data in PDF, CSV, or HTML formats.

The event record limit for CSV reports is 1 million, and for HTML and PDF reports, the limit is 100,000. Records beyond this limit is truncated.

You can also create rules to create reports by defining specific critetia for events and incidents. This helps you have access to exact event data as per your business requirements.

The FIM reports are retained on the Qualys platform for seven days. It is recommended that you download your reports within seven days of generation for future reference and analysis.

You can search for reports by the report title in the Reports sub-tab. You can also email reports to specified users by using the Notification option that's available while creating a report.

Create Reports on FIM Events

Reports that are not marked as 'Completed' can be run again. This functionality applies to all types of data sources, including event-based, asset-based, and incident-based reports.

  1. In the FIM UI, navigate to the Reports > Report Rules tab and click Create Report Rule.
  2. In the Report Rule Details page, provide the report rule name, a brief description, and then click Next.

    Image of the Report Rule page

  3. In the Source page, select Events as the source for your reports that you want to include in the rule.
  4. From the Event Source Type drop-down list and select the source of events that you want to be captured in your report.
  5. Enter the relevant inputs for options and fields that are displayed depending on the event source you have selected.

    Image of Event Source page

  6. To define the scope of assets in the report rule, perform the following steps and then click Next:
  7. Select Asset Tag from the Event Source Type drop-down list.

    • Specify assets: In the Include the Assets section, click to select the assets from the Select Assets page and then click Apply.

    • Include asset tags: In the Include hosts for the tags section, click to select asset tags from the Select Tags page and then click Apply.

  8. In the Report Output and Notification page, perform the following steps and then click Next:
    • Specify report format: In the Output Format section, choose the format for your report.

    • Compress your report: Click Yes if you want the report to be compressed. Otherwise, click No.

  9. Notify stakeholders: To send notifications when a report is generated, select Notification and enter the email IDs of the users you want to notify in the To text box. You can enter a maximum of 50 recipients. Optionally, in the Message Body text box, enter the email message to be sent along with the report.

    The notification email includes the link to download the report from the Qualys platform. You must provide your Qualys platform user ID and password to download the report, which is valid only for seven days. You must download the report before the link expires.

  10. In the Report Schedule page, you have the following two options for report generation:
    • Run Now

      Click Run Now to run the report as soon as you confirm the report rule creation.

    • Schedule

      If you want to schedule the report generation, you can have a one-time schedule or a recurring schedule.

Schedule the Report Execution

  1. For a one-time schedule, perform the following steps and then click Next:
    • Specify the date and time for the report generation in the Start Date and Start Time fields, respectively.
    • In the Consider events from the drop-down list, specify the duration to consider for the events to be included in the report. By default, the value selected is Today.

      By default, the Start Date field displays the current date, and the Start Time field displays the current time + 20 minutes. You can manually change the date and time if necessary.

      Image of the Report Schedule page

  2. For a recurring schedule, perform the following steps and then click Next:
    • Select the Recurring Job check box.
    • Specify a frequency for the report execution schedule: From the Repeats drop-down list, select how frequently you want the report to be executed. The default value selected is Daily.
    • Enter the relevant inputs for options and fields that are displayed depending on the value you select from the Repeats drop-down list.
    • Specify a start time for the recurrent schedule: From the Start Time drop-down list.

      The default value is the current time+20 minutes. You can manually change the time if required.

    • Specify the end date for the recurrent schedule: Select the End Date check box and then from the drop-down list, select the last date for the recurring schedule of the report. The default value is the 10th day from the current date.
  3. Click Edit icon to make changes in the respective pages if required.

    Image of the Review and Confirm page

  4. Click Create Report Rule.

    After the report rule is created, it is listed in the Report Rules tab.

    Report Rule sub-tab under Report tab

    Reports that are not marked as 'Completed' can be run again. This functionality applies to all types of data sources, including event-based, asset-based, and incident-based reports.

Related Topics

FIM Reports

Creating Reports on FIM Assets