Having specific rules in place to generate reports can help you have a better understanding of the change events in your file system. When configured correctly, report rules can be of great help as they help you identify which rules have triggered the maximum number of events; which in turn, can be leveraged to fine-tune the rules to tighten the scope of event generation.
You can also create consolidated asset reports to gain visibility into your asset system. Knowing your assets at a granular level is crucial, especially for PCI compliance because as per PCI-DSS guidelines, all assets in scope must have FIM actively running on them.
With FIM, you can create a variety of reports to capture events and incidents occurring in your files as well as to capture details on assets. You can either leverage the QQLs from Qualys Query Library or make use of the saved searches, or even enter your own custom queries, based on which, change event data would be filtered and included in the FIM reports.
After a report is generated, you can download the report in PDF, CSV, or HTML format.
Important: As per PCI DSS guidelines, event data is retained for 13 months on the Qualys platform. Hence, the on-demand reports can be generated for the data collected in the past one year. Once generated, reports are purged from the Qualys platform after seven days from the day of generation.