Refining report results

After a report is run, the output view can be used to further investigate any entity or activity included in the report results.

Sample use cases and workflows for reports can be found in this section of this documentation.

Switching between graphs

After a report has been run, the Graph dropdown allows the user to freely switch between the different graph and chart types supported by the report type.

This allows teams to highlight different aspects of a report’s results as needed for their resolution or investigation.

Modifying the time range

The current report can be re-run to cover a different time range of flow data, allowing teams to inspect activity for the same grouping criteria at different points in time.

The period of time covered by the current report configuration can be adjusted via the time range selector in the main output view or by highlighting (click and drag) an area in any timeline graph.

Editing filters

Once a report completes running, its initial filter configuration can be modified to highlight activity for specific grouping entities.

In the main output view, click the Filters button to add, modify, and/or remove filters. Additional filters can also be defined by dragging entities from the table’s grouping criteria columns into the corresponding dropzones on the left side of the page. After the new filter configuration has been set up, click the Apply button in the tray to re-run the report.

Pivoting to different report types

The Report Type dropdown in the main output view can be used to run a different report type using the current data sources, filters, and other settings. This function can be used when additional context is required to further investigate a host or activity on the network.

Additionally, a different report type can be filtered for a specific entity in any of the table’s grouping criteria columns. This is done by clicking on the entity and selecting the report to run in the Available Reports tray.