Create a New Report - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2023-12-27
Last date published
2024-03-25
Category
User Guide
Solution
Cloud
Abstract

You can create a new report from scratch or by modifying an existing report template.

You can create a new report from scratch or by modifying an existing report template.

  1. Go to DashboardsDashboards Manager and select +New Template.

  2. Enter a unique Report Name and an optional Description of the report.

  3. Select the Data Timeframe for your report.

    You can choose Last 24H (day), Last 7D (week), Last 1M (month), or you can choose a custom timeframe.

    Note

    The custom timeframe is limited to one month.

  4. Choose the Report Type.

    You can use an existing template, or you can build a new report from scratch.

  5. Click Next.

  6. Customize your report.

    To get a feel for how the data will look, Cortex Xpanse provides mock data. To see how the report would look with real data in your environment, you can use the toggle above the report to use Real Data. Select Preview A4 to view how the report is displayed in an A4 format.

    Drag and drop widgets from the widget library to their desired position.

    If necessary, remove unwanted widgets from the template. To remove a widget, select the menu in the top right corner, and select Remove widget.

    For incident-related widgets, you can also select the star to include only incidents that match an incident starring configuration in your report. A purple star indicates that the widget is displaying only starred incidents.

  7. When you have finished customizing your report template, click Next.

  8. If you are ready to run the report, select Generate now.

  9. To run the report on a regular Schedule, you can specify the time and frequency that Cortex Xpanse will run the report.

  10. (Optional) Enter an Email Distribution list or Slack workspace to send a PDF version of your report.

    Select Add password used to access report sent by email and Slack to set password encryption.

    Note

    Password encryption is only available in PDF format.

  11. (Optional) Attach CSV file of your XQL query widget to a report.

    From the drop-down menu, search and select one or more of your custom widgets to attach to the report. The XQL query widget is attached to the report as a CSV file along with the customized PDF. Depending on how you selected to send the report, the CSV file is attached as follows:

    • Email—Sent as separate attachments for each widget. The total size of the attachment in the email cannot exceed 20MB.

    • Slack—Sent within a ZIP file that includes the PDF file.

  12. Save Template.

  13. After your report completes, you can download it from the ReportScheduled Reports page.

    In the Name field, reports with multiple files, PDF and CSV files, are marked with a report-zip.png icon, while reports with a single PDF are marked with a report-pdf.png icon.