Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Reports

From Aanval Wiki
Jump to: navigation, search

Reports may be created, scheduled, displayed, managed, and emailed through the console's Reports display.

Create and Schedule

Users may create reports by utilizing the Advanced Search option at the bottom of the console or by accessing the My Reports icon.

Advanced Search

The Advanced Search tool has available various search terms and keywords designed to assist with queries and provide specified results. Once a search is complete, users may then choose to create a report from the search results using the provided link at the top-right of the menu page (Generate report from results).

Users can further input available keywords to the String / Text category on the Reports menu when creating standard or scheduled reports to generate the same specified results.

Queries can be basic and, for example, use terms to find today's events:

today:

Queries can also be more extensive and detailed, for example to include today's events that only include risk 1 events from source IP address 10.1.1.3:

today: risk:1 sip:10.1.1.3

Reports

Reports can be selected to easily and visually generate and schedule reports. After clicking the + button to create a report, users can enter source and destination IP and ports, select risk level and protocol, and enter any text to be searched, including adding Advanced Search terms.

Once the search is configured, users can then choose to Generate Report from the findings by clicking its box and also schedule the report by entering the time (24-hour clock) and days of the week to be searched, generated, and even emailed (multiple addresses can be entered, separate by a comma).

Click the Search button to search, and generate and schedule any report.

View, Email, and Manage

Once the report query has been initiated, users can click the Refresh button available on the My Reports menu. The more detailed and extensive the search, the more time will be required to create the report.

  • A clock icon will be shown on the left of the report while it is queued and being created.
  • A notebook icon will be shown when the report is available for viewing and sending.
  • A calendar icon will show when a queued/available report is also scheduled.

View

Once a report is available, users may select the format the report will be displayed. Reports are available in PDF, HTML, text, and XML formats, and can be selected for viewing from the provided drop-down box.

Email

Users are also able to email a report in PDF or text formats by clicking the desired format from the Email Report drop-down box. The report will be emailed to the email address of the user logged into the console. To email reports to multiple addresses from the console, use the scheduling options provided in the My Reports menu while creating a new report.

See Also