Whether you're looking to monitor user sign-in activity for compliance purposes or track the activity of a particular system within your environment, schedule reports allow you to automate the process of gathering the log data you need into a handy CSV.
Before you get started
To create a scheduled report, you need to have a detection rule saved, as these are used by the report to identify the correct logs to include. If you'd like to learn how to create these, head over to this guide.
Creating a scheduled report
From the my.defense.com dashboard, select Detection from the navigation on the left-hand side
Then head to SIEM and select Log Search from the sub-navigation
From the Log Search page, you need to head over to the top right-hand corner and select Saved Detection Rules
You'll then be presented with a list of the detection rules you have saved on your account
Select the one you'd like to schedule a report for by clicking the rule name or the View action button on the right-hand side
From the detection rule show page, click + New Report in the top right-hand corner
You'll then be able to give the report a Name and Frequency at which it should run. Once you're happy with this, click Schedule at the bottom of the page
Accessing your reports
You can access the reports you've generated by selecting Detection from the my.defense.com dashboard
Next, select SIEM and then Log Search from the sub-navigation
From the Log Search page, head over to Saved Detection Rules in the top right-hand corner
Next, select Scheduled Reports in the top right-hand corner of the page
The Scheduled Reports page will give you an overview of all the reports you have scheduled. From here, you can then drill into each report to view the report history and download the report CSV by clicking the report name
From the report overview page, you can download a CSV of the log data collected by clicking the Download report action button
And that's it! You now know how to create and manage scheduled reports π