| Applies to Product: |
 USM Appliance™
|
 LevelBlue OSSIM®
|
LevelBlue OSSIM Reports
LevelBlue OSSIM provides a set of simplified versions of the reports found in USM Appliance. These reports lack the flexibility, customization, and richness of information that are available with the USM Appliance reports.
You can view the LevelBlue OSSIM reports directly in the user interface as HTML, or you can export other reports as PDF documents and send them through email. For the majority of reports, you can change the data range. In a few reports, you can change other settings, such as the list of assets included in the report.
Alarms Report
The Alarms Report generates a report on top alarms based on top attackers, top attacked hosts, top ports, and alarm risk. The default date range is set to the last 30 days, but you can change this range. Select the report section you would like to see in the report by checking the checkbox next to the section name. You can select the following sections:
- Title Page
- Top 10 Attacker Host
- Top 10 Attacked Host
- Top 10 Used Ports
- Top 15 Alarms
- Top 15 Alarms by Risk
You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.
Asset Details
The asset details report function doesn't actually generate a report, but rather it allows you to observe relevant information about an asset or network. Instead it allows you to select an asset or a network and navigates you to the Asset Details or Network Details page. Once you click View Report, you can observe information about the selected asset or network.
Select an asset or network by double-clicking the input field. The system will list all assets and networks in the system. You can filter through assets or networks by typing the beginning of asset or network name or IP address into the input field.
Availability Report
The Availability Report does not actually generate a report. Instead, it allows you to select a USM Appliance Sensor and navigates you to Environment > Availability > Reporting. Once you click View Report, you can observe assets and services availability.
Choose type of availability report by selecting a section. Available options are:
- Trends
- Availability
- Event Histogram
- Event History
- Event Summary
- Notifications
- Performance Info
Business & Compliance ISO PCI Report
Business & Compliance report displays information that is required by different compliance regulations, such as PCI DSS and ISO27001. The default date range is set to the last 30 days, but you can change this range.
Select the report section you would like to see in the report by checking the checkbox left of the section name. Available sections are:
- Title Page
- Threat Overview
- Business real impact risks
- C.I.A. Potential impact
- PCI-DSS 2.0
- PCI-DSS 3.0
- Trends
- ISO27002 Potential impact
- ISO27001
You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.
Geographic Report
Geographic report creates a report on the number of alarms per geographic location. The default date range is set to the last 30 days, but you can change this range.
You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.
SIEM Events
The SIEM Events Report generates a report on top events based on top attackers, top attacked hosts, top ports, and event risk. By clicking the green plus (+) sign you can also navigate to the grouped view in the Analysis > Security Events (SIEM) page to display grouped SIEM events. The default date range is set to the last 30 days, but you can change this range.
Select the report sections you would like to see in the report by checking the checkbox left of the section name. Available sections are:
- Title Page
- Top 10 Attacker Host
- Top 10 Attacked Host
- Top 10 Used Ports
- Top 15 Events
- Top 15 Events by Risk
You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.
Threats & Vulnerabilities Database
The Threats & Vulnerabilities Database Report does not actually generate a report. Instead, it navigates you to Environment > Vulnerabilities > Threat Database to view further relevant threat and vulnerability details.
Tickets Status
The Ticket Status Report generates a report in the web interface to display:
- Number of tickets by status
- Number of tickets by user in charge
- Number of tickets by type
- Number of tickets by tags
- Closed tickets by month
- Tickets by type per month
Tickets Report
The Tickets Report lists and describes tickets that were created based on alarms, events, metrics, anomalies, and vulnerabilities. The default date range is set to the last 30 days, but you can change this range.
Select a section of a report you would like to see in the report by checking the checkbox next to the section name. Available sections are:
- Title Page
- Alarm
- Event
- Metric
- Anomaly A correlation classification of an event that exhibits abnormal behavior.
- Vulnerability
Further customizations include:
- Select ticket status — You can choose from Open, Assigned, Studying, Waiting, Testing, and Closed
- Select ticket type — You can choose from Expansion Virus, Corporative Nets Attack, Policy Violation, Security Weakness, Net Performance, Applications and Systems Failures, Anomalies, and Vulnerability
- Select ticket priority — You can select High, Medium, and/or Low
You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.
User Activity Report
The User Activity Report does not actually generate a report. Instead it navigates you to Settings > User Activity to display the web interface to view the user or action types you would like to see.
Vulnerabilities Report
The Vulnerabilities Report generates a report in the web interface that displays detected vulnerabilities for each asset.
Feedback