Report Page

To access the Report page:

1. Log in to LogRhythm NDR's new UI.

2. Click System from the sidebar menu, and then click Report.
   Each tab under the Report page displays charts that map the respective date and time of the entry.
   When the user hovers over a particular chart, a tooltip with additional information like date and count is displayed.
   The Report page has tabs for Users, Hosts, Networks, Incidents, Anomaly, Intel, IDS, and ExternalEvents. By default, the Incidents tab is displayed when the Report page opens.
   Data is represented in charts for the Resolution Time, Cases Reported & Resolved, and Recent Cases. 

3. To get the number of Anomalies, click the Anomaly tab.
4. To get the number of Intel entries, click the Intel tab.
5. To get the number of IDS entries, click the IDS tab.
6. To get the number of External Events, click the ExternalEvents tab.
   The External Events page displays a table with details such as S. No, Occurred On, Country Code, City Name, Trigger, and Count. These columns can be sorted alphabetically.
7. To get the total number of users and the percentage of active users, click the Users tab.
   The Users page displays charts and tables depicting the available data. One chart represents the Users Department and the other one represents the Users Tag with information such as Demo. Read, and Admin.
8. Click Active Users CSV to export the list of active users.
9. To get the total number of hosts and the percentage of active hosts, click the Hosts tab.
   The Hosts page displays charts and tables depicting the available data. One chart represents the Hosts Device Type and the other one represents the Hosts Tag with information such as Critical and Domain Controller.
10. Click Active Hosts CSV to export the list of active hosts.
11. To get information about the Networks, click the Networks tab.
    The Networks page displays charts and tables depicting the available data. One chart represents the Network Device Type and the other one represents the Networks Tag.
12. Click Active Networks CSV to export the list of active networks.
    

Data represented in charts for the Resolution Time, Cases Reported & Resolved, and Recent Cases are available for all the tabs in the Report page.

Resolution Time

1. Click the Resolution Time chart.
   The Resolution Time section appears where a chart and a table are presented.
   The chart depicts a graph which represents the resolution time, total resolved cases, the average duration, and the total duration.
   When we hover over the graph, a tooltip with additional information is displayed.
2. Click on the legend in the graph to filter a particular entry.
   The table below the graph has data such as Occurred On, Resolved Count, Average Duration, and Total Duration.
   These columns can be sorted alphabetically.

Reported and Resolved

1. Click the Reported Resolved chart.
   The Reported Resolved section appears where a chart and a table are presented.
   The chart depicts a graph which represents the count, total resolved cases, and total reported cases.
   When we hover over the graph, a tooltip with additional information is displayed.
2. Click on the legend in the graph to filter a particular entry.
   The table below the graph has data such as Occurred On, Incident Reported, Incident Investigation, and Incident Closed.
   These columns can be sorted alphabetically.

Recent Cases

1. Click the Recent Cases chart.
   The Recent Cases section appears where a chart and a table are presented.
   The chart depicts a graph which represents the number of cases, resolved cases, and unresolved cases.
   When we hover over the graph, a tooltip with additional information is displayed.
2. Click on the legend in the graph to filter a particular entry.
   The table below the graph has data such as Occurred On, Created Cases, and Resolved Cases.
   These columns can be sorted alphabetically.