The reports table allows users to group event buckets together so all the graphs and data are visible on one page to view side by side. In the dropdown on the top left corner is a list of all the defined reports. Click the pencil icon next to a report to edit it. Click the settings gear icon to go to the Eventwatch Reports page, where all the reports can be viewed and configured.
Eventwatch Report Table
This table lists every eventwatch report that is currently configured. All report configuration can be done from this page.
The leftmost column of the table contains the “Status” toggles. Reports can be toggled on and off using these toggles.
The rightmost column of the table contains three “Action” buttons. The first button, a graph icon, takes the user to the corresponding graph on the Reports page. The second button, a pencil icon, allows the user to edit the bucket. The third button, a trash can icon, deletes the bucket.
The “IMPORT” button in the top right corner of the table can be used to import a JSON file containing reports that have already been configured. Likewise, the “EXPORT” button can be used to export all currently configured eventwatch reports as a JSON file. The “CREATE” button will redirect the user to the “Event Watch Report” page to add a new eventwatch report.
Adding a Report
As an example, we will make a report containing all the Webroot event buckets. Give the report a name and description. In this case, the name of the report is “Webroot_DataAnalysis.”
In the Bucket Aggregation section, click the “Bucket” field. This will open a dropdown menu containing all the configured buckets from the Event Watch page. Typing in the field will search through the buckets for matches. Since we are creating a Webroot report, we will select the first Webroot bucket from the list.
After selecting the bucket, the duration (time range) and graph type can be set. The default duration is two days. In this case, we want a histogram of the bucket. Press “+ ADD” to add the aggregation.
The trash can icon under the “Action” column to the right of the table allows the user to delete any unwanted aggregations. Add as many aggregations as desired, following the same process as above.
The other buckets show examples of other types of graphs. The second, third, and fourth buckets have “topn” selected as the type of graph. This will display a histogram but only with the top 10 corresponding data pieces, as opposed to all of them. The last bucket is called “Webroot_MaliciousHitsByDestIP” with “geoIP” selected as the graph type. This will display the data as points on a map based off the destination IP addresses from the event bucket. Once all the desired event buckets have been added, click “SAVE” to save this report.
The report now appears in the table. Click the graph symbol in the action column to return to the Reports page.
All the Webroot graphs now appear in this report so that all the Webroot data can be viewed together. As shown at the top of the page, many reports can be defined in order to allow the user to group graphs in any way desired.