Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Leandro_Nicolet
Contributor

Smartevent R80.10 Custom Reporting

Hi all. Just looking at R80.10 SmartEvent for the first time. I'm particularly interested in the reporting side of things, but struggling with a custom report.

 

I would like to generate a 'Network Activity' report for each one of my domains (cma's), but I've not yet figured out how to do this.

 

Anyone been down this route ?

11 Replies
Alejandro_Mont1
Collaborator

I believe you are looking at a report detailing traffic from, say network A to network B correct? This would be traffic under the firewall blade- as I recall SmartEvent by default is set to detail blades such as IPS and Threat Prevention. To enable firewall events you will need to open the SmartEvent policy. In that console there should be a checkbox "enable firewall sessions" or similar that must be enabled, then install SmartEvent policy. From then on you should see this network activity in the SmartEvent pane only from the time that the option was enabled. Keep in mind this has a habit of significantly increasing CPU and memory depending on how much logging you're doing- I've seen this option alone increase CPU 50%.

0 Kudos
Maarten_Sjouw
Champion
Champion

The answer is quite simple, in the logs page of your Smartconsole (Just open any domain) and click the New Tab or the + if New Tab does not show. In the left column select Reports the list you will see shows the standard reports that are available. Now click the Network Access reports and goto the Actions button top middle and select Clone from there, name it with the first domain that you want to report on.

Now double click the name and the report will open, in the right top there is a dropdown menu button that shows Edit, select it. Now rename the reports' title with the Domain name, so when you run it you know which domain it comes from.

Now in the right top select the dropdown again and select edit filter.

Add a row by clicking the plus on the last line and search for Domain Server and enter the name of the Domain itself in the field. Not the name of the Domain management server (CMA).

If you have not done so already you will need to add all domains to the SE  server and the Correlation Unit via the old client, on the New Tab page in the bottom left you will find the link to it.

Hope this helps getting you on the way, I'm sorry I did not have access to a system while I was writing it up or I would have added some pictures as well.

Regards, Maarten
0 Kudos
Gaurav_Pandya
Advisor

Hi,

Below snap will help to get more things. You can add more TABs as per your requirements.

0 Kudos
NNhlapo
Explorer

Good Morning

 

How do i get there??

0 Kudos
Kfir_Dadosh
Collaborator

In R80.10 it is even easier to create report per domain. You don't have to clone the report per domain.

Once clicking the export to PDF on MDS environment, you will have an extra topic for multi domain, where you can select which domains (or all domain) to generate report, and it will automatically filter each report with the corresponding domain.

The default behavior would run a single report across all domains.

0 Kudos
Maarten_Sjouw
Champion
Champion

Downfall of that method is that all reports show the same front page. There is no way to distinguish the reports between them, unless you can put a variable on the first page printing the domain name? Just asking.

Regards, Maarten
0 Kudos
Kfir_Dadosh
Collaborator

I'm pretty sure domain name is written on the front page.

I will check it, and if not will fix for next version.

Thanks,

Kfir

0 Kudos
Maarten_Sjouw
Champion
Champion

Thanks Kfir,

We are running a mix of all kind of versions, MDS R77.30 with an R80 SE and a R80.10 SE and a full set of R80.10 MDS and SE.

Our biggest drawback for R80.10 is the user based privacy that we as MDS superusers not really want, same as the email setting that needs to be set per user.

Regards, Maarten
0 Kudos
Kfir_Dadosh
Collaborator

We are working on giving sharing capabilities in R80.20.

I would be happy to discuss this with you further.

Can we do a conf call about it?

0 Kudos
Maarten_Sjouw
Champion
Champion

Shure we can, Tomer has my details.

Regards, Maarten
Leandro_Nicolet
Contributor

Thanks folks. I figured it out in the end. Thanks for the info though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events