Im looking for information about the reports that I can create on the ESM. I need to create a reports with information like: Network utilization, attacks on the networks, about web navigation (urls, categories, etc), Administrators Access Summary (login, logout, configuration change, etc), inbound and outbound traffic, etc.
do you know if I can create a custom reports (adding items like: Date, source and destination IP, service, Day or days of the week, source and destination ports, etc.)?
thank you in advance
You can add a table in the Report layout each of your Contentpacks Report. Than go to the dropdown menu ent select Event Queries after this select Events. Now you have a table with(Source IP, Source Port, Destination IP, dest Port, Protocol, last time, Event suptype)
Click now on next and than on Fields. You have now the option to add or delete some fields in this table. I think this is the easiest way for you.
carlossa, thank you and one more question, could you share me print screens for threats by source and destination IP address dashboards?, if its possible. thank you in advance.