I have already tried this but somehow it still does not solve the purpose, As one signature was fired like 100 times and this returned only that signature an no other as the source IP address were distinct.
What i m looking forward to is top 10 co-relation rules fired in a given frame of time, with source IP address and Destination IP address also the Time stamp.
I aggree to you. ESM reporting capabilities seems to me very insufficient.
If you accept a suggestion of someone who is processing massive amounts of data with McAfee SIEM:
Forget the system reporting for it is not worth the pain you will go through.
I went through the pains of building a separate reporting engine using the Receiver's Data Archival platform and a number of other technologies in order to deliver a decent level of reporting. It took us a few weeks of development but my whole team agrees we will are unlikely to ever look back to the McAfee SIEM reporting capabilities.