Reports on events are used to collect structured event information for analysis and detection of potential attacks on vulnerable objects.

You can generate the following two groups of reports.

Detailed reports on events

Detailed reports on events are created from displayed event data according to selected filters.

Detailed reports on events support XLSX, CSV formats.

A detailed report on events represents a table:

• Title contains columns displayed according to the selected filter.
• Event information contains a set of events that form a report on all events according to the Source data items. If a custom filter is edited but not saved, the report displays the filter as a PDQL string; a report on selected events contains a set of events selected by the user.

Fields of each event are exported according to the selected filter. Event sorting is also based on the selected filter.

Reports on event statistics

Reports on event statistics are created on the basis of event distribution by source, user, registered outgoing or incoming connection.

Reports on event statistics support PDF, MHT, DOCX formats and consist of several sections:

• Report parameters displays the name of the selected report, the selected group of assets or all assets, and the selected time interval and filter.
• Distribution of events by time is a chart that shows the number of events by date, hour, and minute according to the selected time interval. If you generate Event statistics by users reports, this section has the following subsections: User actions, Actions on users, User interactions. The first two sections contain charts by user and events count and a tabular representation. The third section is a tabular representation of users, which specifies the total number of actions in the system. The sections are populated if the values of the subject.name and object.name fields are the same as of the account field.

Generating a report