ASD User Guide – Reports and Reporting Packages
Summary and Detail Reports
ASD-ISM reporting is broken into summary and detailed reports to present various audiences with appropriate forensic log data. Summary reports provide a higher level of information that may be appropriate for some audit and executive management requests. On the other hand, detailed reports provide additional information and, in some reports, raw log data to facilitate IT Security and Operations. Keep in mind any report can be run as an investigation to deep-dive into forensic information around the activity of interest.
Reports serve as a good source of record for audit requests and can even be used for sample selection from a population of events. If reports are being used for audit activities, you may be requested to trace report data back to the original log file to ensure the data is complete and accurate. Reports can be cloned to adjust for a given request and reports can also be assigned to reporting packages to better serve the requests of a given audience.
Reporting Packages
Reporting packages can be easily created or adjusted by a LogRhythm Admin to provide needed content for Audit, Executive Management, or other audiences who require output for assessment. Within the ASD Compliance Automaton Suite, there are four (4) reporting package templates that can be adjusted according to audit and organizational needs.
Report Package Name | Description | ID |
---|---|---|
CCF: Executive Reporting Package | This reporting package is a template to deliver pertinent content for Executives on a monthly basis. | 87 |
CCF: Weekly Audit Reporting Package | This Reporting Package is a template to deliver pertinent content for Internal and/or External Audit groups on a weekly basis. | 88 |
CCF: Daily IT Operations Reporting Package | This Reporting Package is a template to deliver pertinent content for IT Operations on a daily basis. | 89 |
CCF: Daily IT Security Reporting Package | This Reporting Package is a template to deliver pertinent content for IT Security on a daily basis. | 90 |
To create a new Reporting Package to be used at your discretion:
- On the main toolbar, click the Report Center.
- Click the Report Packages tab.
- Right-click the grid and click New Report Package.
- Within the Select Reports window, select the CCF reports you want to include in this reporting package, and then click Next.
Click Next on the Override Log Source Criteria without making any changes.
Do not override log source criteria.
- Select the frequency for which the reporting package will be produced and the timeframe.
- Configure additional settings for report delivery options, and then click Next.
- Add the name and description of the new ASD reporting package, and then click OK.
To create a cloned Reporting Package to apply the ASD Log Source List:
- On the main toolbar, click the Report Center.
- Click the Report Packages tab.
- Right-click on the reporting package you want, and then click Clone.
- Ensure the correct reports are selected within the reporting package.
- Click Next until you reach the Override Log Source Criteria.
- Select Selected Log Source List and type ASD in the Name search field.
- Select the ASD: All Log Sources check box.
- Select Next until you reach Package Details, and then change the Package Name.
- Set Report Package Permissions, and then click OK or Apply to save.