This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Report based on Security Technologies

Posted on 01-23-2024 01:08 AM
paolocarrara
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi everyone,

I'm looking for a way to create a custom report that counts the number of prevented or detected actions grouped by Security Technologies.

Using the Data Table widget it's not possible to group by Security Technology.

An alternative is to create a Single Stat widget for every Security Technology, but it's not very smart in my opinion.

Any other ideas?

Thank you

Paolo

Solved Solved
1 1 143
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
chrisproudley
Staff
Reply posted on --/--/---- --:-- AM

Hi Paolo,

Currently the single stat widget is the only way to slice the data up using the built-in Report Builder functionality on a per-security technology basis. When I am creating reports in this way I duplicate the Single Stat widget each time and change the relevant security technology to streamline the process somewhat. 

Another consideration I want to highlight here is that you may wish to modify the filters for the widget to reflect not just the security technology you want to highlight, but also the action type(s) - since each action is designed to test specific elements of the stack, e.g. Host-CLI actions for EDR, Malicious File Transfer actions for NGFW/WAFs. It would not be very valuable to show what percentage of Protected Theater jobs a NGFW missed, for example, since that is not the technology we would expect to respond to the action.

Other than this, the action-by-action CSV results could be exported and manipulated in another reporting tool to get the exact breakdown you want to see.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
chrisproudley
Staff
Reply posted on --/--/---- --:-- AM

Hi Paolo,

Currently the single stat widget is the only way to slice the data up using the built-in Report Builder functionality on a per-security technology basis. When I am creating reports in this way I duplicate the Single Stat widget each time and change the relevant security technology to streamline the process somewhat. 

Another consideration I want to highlight here is that you may wish to modify the filters for the widget to reflect not just the security technology you want to highlight, but also the action type(s) - since each action is designed to test specific elements of the stack, e.g. Host-CLI actions for EDR, Malicious File Transfer actions for NGFW/WAFs. It would not be very valuable to show what percentage of Protected Theater jobs a NGFW missed, for example, since that is not the technology we would expect to respond to the action.

Other than this, the action-by-action CSV results could be exported and manipulated in another reporting tool to get the exact breakdown you want to see.

Jump to Solution