Run or Schedule Reports - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Select Dashboards & Reports → Customize → Dashboards Manager.

Right-click the dashboard from which you want to generate a report, and select Save as report template.

Enter a unique Report Name and an optional Description of the report, then Save the template.

Select Reporting → Report Templates.

Update FILTERS & INPUTS.

If the report includes Custom Cortex Query Language (XQL) widgets with predefined parameter filters, each parameter requires a Default Value. For more information about configuring FILTERS & INPUTS, see Create a Report from Scratch.

Run the report.

You can either Generate Report to run the report on-demand, or you can Edit the report template to define a schedule.

After your report completes, you can download it from the Reporting → Reports page.

Select Dashboards & Reports → Customize → Reports Templates → + New Template.

Enter a unique Report Name and an optional Description of the report.

Select the Data Timeframe for your report.

You can choose Last 24H (day), Last 7D (week), Last 1M (month), or you can choose a custom time frame.

Choose the Report Type and click Next

You can use an existing template, or you can build a new report from scratch.

Customize your report.

To get a feel for how the data will look, Cortex XSIAM provides mock data. To see how the report would look with real data in your environment, you can use the toggle above the report to use Real Data. Select Preview A4 to view how the report is displayed in an A4 format.

Add widgets to the report. From the widget library, drag and drop widgets on to the report.

1. For incident-related widgets, select the star to display only incidents that match an incident starring configuration on your dashboard, if desired. A purple star indicates that the widget is displaying only starred incidents.

2. To remove a widget, select the menu in the top right corner of the widget, and Remove widget.

Configure FILTERS & INPUTS.

If you added Custom XQL widgets with predefined parameter filters, configure the parameters. For more information about adding parameter filters to a widget, see Manage your Widget Library.

1. Select + Add Filters & Inputs.

2. On the FILTERS & INPUTS panel, +Add an input and select one of the following options:

   • Single Select to specify a single predefined value

   • Multi Select to specify multiple predefined values

   • Free text/number to specify a single free text value

3. Update the Parameter Title.

4. Select the Parameter that you want to configure.

   These values are extracted from the XQL queries of the widgets on the dashboard.

5. Specify a Default Value for the selected parameters.

   This value overwrites any predefined default values in the XQL query.

   Note

   The values must support the parameter type. For example, for $name specify characters and for $num specify numbers.

6. Save Filters & Inputs.

When you have finished customizing your report template, click Next.

If you are ready to run the report, select Generate now.

To run the report on a regular Schedule, you can specify the time and frequency that Cortex XSIAM will run the report.

(Optional) Enter an Email Distribution list or Slack workspace to send a PDF version of your report.

Select Add password used to access report sent by email and Slack to set password encryption.

(Optional) Attach CSV file of your XQL query widget to a report.

From the drop-down menu, search and select one or more of your custom widgets to attach to the report. The XQL query widget is attached to the report as a CSV file along with the customized PDF. Depending on how you selected to send the report, the CSV file is attached as follows:

Save Template.

After your report completes, you can download it from the Reporting → Reports page.

In the Name field, reports with multiple files, PDF and CSV files, are marked with a icon, while reports with a single PDF are marked with a icon.