KSA-ECC User Guide – Reports and Reporting Packages
Summary and Detail Reports
KSA-ECC reporting is broken into summary and detailed reports to present various audiences with appropriate forensic log data. Summary reports provide a higher level of information that may be appropriate for some audit and executive management requests. Detail reports provide additional information, sometimes including raw log data, to facilitate IT and security operations. Additionally, any report can be run as an investigation to delve into forensic information around the activity of interest.
Reports serve as a good source of record for audit requests and can even be used for sample selection from a population of events. If you use reports for audit activities, you may be asked to trace report data back to the original log file to ensure the data is complete and accurate. You can also clone and modify reports to accommodate requests or assign them to reporting packages to meet the needs of a given audience.
Reporting Packages
LogRhythm administrators can easily create or modify reporting packages to provide needed content for auditors, executive management, or other audiences who require output for assessment. Within the KSA-ECC module, there are four (4) reporting package templates that you can modify to align with auditing and organizational requirements.
Report Package Name | Description | ID |
---|---|---|
CCF: Executive Reporting Package | This reporting package is a template to deliver pertinent content for executives on a monthly basis. | 87 |
CCF: Weekly Audit Reporting Package | This Reporting Package is a template to deliver pertinent content for internal and/or external audit groups on a weekly basis. | 88 |
CCF: Daily IT Operations Reporting Package | This Reporting Package is a template to deliver pertinent content for IT operations on a daily basis. | 89 |
CCF: Daily IT Security Reporting Package | This Reporting Package is a template to deliver pertinent content for IT security on a daily basis. | 90 |
To create a new Reporting Package to be used at your discretion:
- On the main toolbar, click the Report Center.
- Click the Report Packages tab.
- Right-click the grid and click New Report Package.
- Within the Select Reports window, select the CCF reports you want to include in this reporting package, and then click Next.
Click Next on the Override Log Source Criteria without making any changes.
Do not override log source criteria.
- Select the frequency for which the reporting package will be produced and the timeframe.
- Configure additional settings for report delivery options, and then click Next.
- Add the name and description of the new ECC reporting package, and then click OK.
To create a cloned Reporting Package to apply the CCF Log Source List:
- On the main toolbar, click the Report Center.
- Click the Report Packages tab.
- Right-click on the reporting package you want, and then click Clone.
- Ensure the correct reports are selected within the reporting package.
- Click Next until you reach the Override Log Source Criteria.
- Select Selected Log Source List and type CCF in the Name search field.
- Select the CCF: All Log Sources check box.
- Select Next until you reach Package Details, and then change the Package Name.
- Set Report Package Permissions, and then click OK or Apply to save.