Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

SIEM Reports

SIEM Reports enable you to scan the consolidated log database for specific entries from multiple log types. This report is typically used by network administrators to track down events that pass through multiple hardward devices.

SIEM Reports optionally use Regular Expressions to parse log entries, extract values, validate subject and target accounts in Active Directory (when applicable), then, finally, filter entries using each assigned log type's native filters.

How to create a SIEM Report

  • From the Menu Bar select File | New. The Create New Object View displays.
  • From the Create New Object View, expand Reports.
  • Expand Report | Log Consolidation Reports then select SIEM Report. The Properties View displays.
    Information Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license.
  • The Properties View contains 6 configuration tabs.
    • General
    • Explicitly Assigned Logs
      Sample Windows Security Log and Linux Audit Log assignment
    • Columns
      Sample Windows/Linux Success Logon Report column definitions
      Alert If you apply regular expressions column definitions in your corresponding log consolidation templates, and the column keys are identical between log types, you do not need to re-apply the regular expressions in the report.
    • Options
    • Date/Time Range
    • Actions

The Options Tab

  • Use the Filters drop-down to select all of the filters you would like to apply to the report.
    Alert Filters are only applied to corresponding log entries types. For example, when you have assigned both an Event Log and a Text Log to the report, Event Log Filters are only applied to Event Log Entries while Text Log Filters are only applied to Text Log Entries.
    Sample regular expression driven new Windows success login filter with exclusion.
    Sample regular expression driven new Red Hat Linux success login filter with exclusion.
  • Once a filter is assigned, use the Include entries that pass drop-down to select the filter method.

    The following filter options are available:

    AllInclude each entry that passes all assigned filters of the same type.
    AnyInclude each entry that passes any filter of the same type.
    NoneInclude each entry that does not pass any of the filters of the same type.
    IgnoreInclude all entries.
    Sample SIEM Success Logon Report properties
    Sample Windows/Linux Success Logon Report

Related Topics