Reports are defined from the Reports menu. There are three types of reports:
- Overview reports - reports general system statistics, including top sources, alerts, actors and activity charts
- Saved search reports - reports based on saved searches are flexible regularly executed reports based on search queries
- Group by reports - reports defined through the "Reports" tab based on one or two aggregation fields
Apart from overview reports, the others contain the raw data as well a set of configured charts.
Reports can be generated in multiple formats: JSON, CSV, XLS, PDF, HTML.
Raw data is not included in PDF reports; charts are not available in JSON and CSV reports.
Each report can be executed regularly at specified times. "Daily", "weekly", "monthly" and "yearly" reports are supported.
Each report can be sent to multiple destinations:
- Email (useful for overview reports as well as PDF reports)
- File push - SCP, FTP, SFTP or S3 bucket - report data is pushed to external storage
- Local - reports are saved locally on the SIEM server