3 Replies Latest reply on Aug 20, 2014 7:04 PM by mscott

    Total Event Count for ESM in a report?

    infosec_wizard

      Is there a certain query or a way for me to include the total event count for a specified time frame seen in ESM within a report? I am not looking for details of the events - just a number of all events  for the time period. I've tried to use the "count" query in ESM, but that gives a line item for each device / data source. I've also tried selecting ESM as the device in the filter and setting the query limit, but no go.

       

      Any ideas?

        • 1. Re: Total Event Count for ESM in a report?
          rcavey

          Basically the screen view of a Summary query includes the total event count in the upper right corner based on your time and device selection but that total count does not show up in a report that I can see.  If you can get away it, looks like you only have the choice of either a screenshot/printing a PDF of the ESM "Default Summary" -> "Event Summary" window section which does report the total count.

          • 2. Re: Total Event Count for ESM in a report?
            dcobes

            Create new view > Select first icon (dial control) > select event query "Total Events" or "Total Event Collection Rate"

             

            Then choose the rate you wish to view: per second, per minute, per hour, per day, per week, per month

             

            example_SIEM_Dial.png

            • 3. Re: Total Event Count for ESM in a report?
              mscott

              If you have a dashboard set up with the information you would like to include with the report you may choose to create a report as a dashboard report. It's a way to turn any dashboard into a pdf report that can be retrieved. Alternatively when creating the report you can use a similar query as any of the event count bars in the dashboard. IE SUM* should show total event counts.