Network Security Manager Reports and Analytics

Technical Documentation>  Reports>  Rules>  Creating a Report Rule>  Creating a Rule for Reporting and Analytics Reports>  Creating a Rule for Firewall Reports>  Creating a Rule for Firewall Reports with Custom Categories
Table of Contents

Creating a Rule for Firewall Reports with Custom Categories

Firewall report can be generated only for firewalls with NSM advanced license.

You can add a report rule at Tenant level only.

To create a firewall report rule with custom categories

  1. Navigate to Manager View | Home > Reports > Rules page.
  2. Click the Add icon.
  3. Select the Reporting And Analytics > Firewall Logs > Custom as a report type.
  4. Click Next.

  5. Enter basic information.

    1. Enter a unique Report Title to identify in the list.

    2. Select the Run Type:

      • Select Scheduled to take auto backup of the device configuration at a specific time interval.
      • Select On-Demand to create configuration and Run the schedule manually as and when needed.

    3. Set the Time Period.

      You can set the slider anywhere between 15 minutes to 30 days.

    4. Select the Report Data Time Zone.

      The time zone set here is used to fetch report data.

    5. Add Description of the report. This is optional.

    6. Set the Delivery Type.

      You can select both options also.

      Save Report By the default, Save Report is selected. If you select this option, report will be generated per the schedule and store the report under Saved Reports.
      Email

      If you select this option, report will be generated in PDF format according to the schedule and send the report to the email defined in Email Destination field.

      Reports (PDF files) exceeding 10 MB cannot be attached to email notifications. You can download Reports (PDF files) exceeding 10 MB from the Saved Reports.

    7. Enter the following information if you select Delivery Type as Email or both.

      • Select the Email Destination to receive the reports.

        Administrator By the default, Administrator is selected. You can leave as it is if you want to send the reports to the Administrator.
        AdhocUser Select AdhocUser if you want add other users to send reports. You can add multiple email addresses separated by a comma in the Email ID field.
      • Enter Email Subject.

      • Enter Email Body of the report.

      • Enable Zip Report to receive the compressed report in the email.

    8. Enable Password Protect to add security for the report.

      Enter and confirm the password when asked.

    9. Click the Edit icon of the Logo to have a custom logo in your reports.

      Upload a logo from your local system.

      Only .png type images with 160x200 pixels are allowed.

  6. Click Next.

  7. Setup rule section.

    You can add multiple sections with Session Logs and Predefined filters.

    1. Enter a Section title.

    2. Edit the Scope to change to tenant, group, or device.

      The scope selector option is available only on custom reports from the Manager View and not the Firewall View.

    3. Add the filters in one of the following ways:

      Add a filter from Session Logs filters.

      1. Select the Representation Type to visualize the data.

        Time Series Chart

        Data visualization chart representing data points at successive intervals of time. Each point on the chart corresponds to the number of data points or Total of selected item(s) at a time-point. The horizontal axis (x-axis) of the chart shows increments of time. The vertical axis (y-axis) shows the selected item(s) data points. A set of time series charts can help identify a trend quickly or spot an outlier or analyze a series of peaks and valleys for comparative analysis.

        You can use the drop down to select your data points. The data points are divided into 3 different categories i.e. Distinct Data Points, Data Points and Aggregate Data Points.

        General recommendations:

        • Select an item that is not part of a filter criterion.
        • Select items for which y-axis magnitude is comparable, or create separate charts with different y-axis scales.
        Data Table

        A tabular representation of resultant data after:

        • Applying one or more filter(s) criteria on network traffic flow logs.
        • Grouped on identical data points of the selected column(s) as a grouping criterion.
        • Aggregated values are calculated by applying a grouping criterion. The data table helps in analyzing filtered and grouped flow logs.

        This allows you to generate a report where the selected item values will be represented in a tabular manner. You have to make the appropriate selections from the list of Grouping Criterion and Aggregated Criterion to get the desired report. For example, you want a weekly report of users accessing high risk application where along with user name you need total number of connections, data send, total data transferred and total threat. To generate this report, you need to create custom filter to filter out all high risk applications and use data table custom report to generate the desired report.

        You can also choose the Number of Rows of data that you want in the report.

        For example, filter flow logs for an application category and group filtered flow logs on users and application columns. Analyze the grouped data to get bytes transferred for a unique pair of users and applications. General recommendations: Select item(s) from the Time Series chart data select or that is not part of a filter criterion. Select item for which vertical axis (y-axis) magnitude is comparable, or create separate charts with different y-axis scales. Select grouping column(s) that are not part of the filtering criterion in the data table.

        You can select a maximum of 6 columns from the Grouping Criterion and Aggregated Criterion list.

      2. Select the Time Series Data from the drop-down menu if Time Series Chart is selected.

         

        • A minimum of one data-point should be selected.

        • You can select and add multiple criteria from the drop-down menu.

        • The selected item values will be plotted in a Time Series chart. Each point on the chart corresponds to the number of data points of selected item(s) at a time-point.

      3. Define the following parameters if Data Table is selected

        1. Specify the maximum Number of rows in the grouped data table published in the PDF report.

          You can set this value between 10 to 500. The default value is 10.

        2. Specify data table column(s) as a Grouping Criterion. The data table will be grouped on identical values of selected column(s).

          You can select and add multiple criteria from the drop-down menu.

        3. Specify criterion used for aggregating values while applying grouping criterion on the data table.

          You can select and add multiple criteria from the drop-down menu.

      4. Enable Show Representation to see the sample representation based on the parameters selected.

      Add a filter from Predefined filters.

    4. Select a filter and do one of the following:

      • Scroll down and click Add Section to add more sections.

      • Click Next to view representation of the selected filters.

        At least one filter should be selected under each section. Incomplete sections are indicated with Need Input. You can either add the filter(s) or delete the section to proceed to next.

  8. Click Next to Review.

  9. Review report details and click Finish.

    A success message is displayed. The newly created report is displayed on the page.

You can also create a report rule for a firewall in the Firewall View | Home > Reports > Rules page. The procedure for creating scheduled reports in the Firewall View is similar to creating a report rule in the Manager View.