Refining a report¶

After any report is run, one or more of its settings can modified to further inspect into any included or adjacent data element. This allows the user to create varying levels of visibility from multiple angles and extract deeper insight on the hosts and/or behaviors being investigated.

Editing basic report settings

In the report output view, the report’s basic settings can be modified as follows:

Setting	Edit from	Effect
Report Type	Main view (dropdown)	Changes the base Report Type but retains all other applicable settings
Time range	Main view (calendar button)	Defines a new period of time to be covered by the Report
Graph	Main view (dropdown)	Changes or hides the graph/chart used to model the Report data

Hint

The Options (gear button) tray contains additional settings/options to customize how the report is displayed. Report thresholds can also be added from this tray.

Adding/removing filters

As part of refining a report, filters added, edited, or removed. By layering the appropriate filters, the user can limit the scope of the report to only hosts and/or traffic relevant to their current investigation.

Note

Devices and interfaces, including those that were initially selected when creating the report, are considered filters and can be edited from the Filters tray.

To add a new filter:

Click the Filters button to open the tray.
In the tray, click the + button.
Select a filter type for the new filter.
Configure the additional settings for the filter (varies by filter type)
Verify that the settings are correct and click the Add button.
In the primary tray, click the Apply button to re-run the Report with the new filter(s) applied.

Current filters can be modified by clicking the edit (pencil) button and making the necessary changes before clicking the Save button. To remove a filter, click the delete (bin) button next to it in the list.

Hint

To avoid having to re-run the Report more than once, add all necessary filters before clicking the Apply button.

Inclusion/exclusion dropzones

Data elements in the results table can be dragged into inclusion/exclusion dropzones to the left of the page to automatically add them as filters.

This can be repeated as many times as necessary to set up the appropriate filters before re-running the report.

Note

Dropping an element into the inclusion or exclusion dropzone automatically opens the Filters tray, if it was not already open.

Pivoting to different report types

Clickable data elements in the results table open a tray listing all report types (sorted into their respective categories) that can be run using that element. This allows the user to inspect all associated activity using the context best suited for the investigation.