Generate Reports

Vulnerability ProtectionDeep Security Manager produces reports in PDF, or RTF formats. Most of the reports generated by the Generate Reports page have configurable parameters such as date range or reporting by computer group. Parameter options will be disabled for reports to which they don't apply.

Single Report

Report

The various reports can be output to PDF or RTF format, with the exception of the "Security Module Usage Report" and "Security Module Usage Cumulative Report", which are output as CSV files.

Depending on which protection modules you are using, these reports may be available:

Alert Report: List of the most common alerts
Anti-Malware Report: List of the top 25 infected computers
Attack Report: Summary table with analysis activity, divided by mode
Computer Report: Summary of each computer listed on the Computers tab
DPI Rule Recommendation Report: Intrusion Prevention rule recommentations. This report can be run for only one security policy or computer at a time.
Firewall Report: Record of Firewall Rule and Stateful Configuration activity
Forensic Computer Audit Report: Configuration of an Agent on a computer
Integrity Monitoring Baseline Report: Baseline of the host(s) at a particular time, showing Type, Key, and Fingerprinted Date.
Integrity Monitoring Detailed Change Report: Details about the changes detected
Integrity Monitoring Report: Summary of the changes detected
Intrusion Prevention Report: Record of Intrusion Prevention rule activity
Log Inspection Detailed Report: Details of log data that has been collected
Log Inspection Report: Summary of log data that has been collected
Recommendation Report: Record of recommendation scan activity
Security Module Usage Cumulative Report: Current computer usage of protection modules, including a cumulative total and the total in blocks of 100
Security Module Usage Report: Current computer usage of protection modules
Summary Report: Consolidated summary of Vulnerability ProtectionDeep Security activity
Suspicious Application Activity Report: Information about suspected malicious activity
System Event Report: Record of system (non-security) activity
System Report: Overview of Computers, Contacts, and Users
User and Contact Report: Content and activity detail for Users and Contacts
Web Reputation Report: List of computers with the most web reputation events

You can also add an optional Classification to PDF or RTF reports: BLANK, TOP SECRET, SECRET, CONFIDENTIAL, FOR OFFICIAL USE ONLY, LAW ENFORCEMENT SENSITIVE (LES), LIMITED DISTRIBUTION, UNCLASSIFIED, INTERNAL USE ONLY.

Tag Filter

When you select a report that contains event data, you have the option to filter the report data using Event Tags. Select All for all events, Untagged for only untagged events, or select Tag(s) and specify one or more tags to include only those events with your selected tag(s).

Time Filter

You can set the time filter for any period for which records exist. This is useful for security audits.

Time filter options:

Last 24 Hours: Includes events from the past 24 hours, starting and ending at the top of the hour. For example if you generate a report on December 5th at 10:14am, you will get a report for events that occured between December 4th at 10:00am and December 5th at 10:00am.
Last 7 Days: Includes events from the past week, ending at midnight of the current day. For example if you generate a report on December 5th at 10:14am, you will get a report for events that occured between November 28th at 0:00am and December 5th at 0:00am.
Previous Month: Includes events from the last full calendar month, starting and ending at midnight (00:00). For example, if you select this option on November 15, you will receive a report for events that occurred between midnight October 1 to midnight November 1.
Custom Range: Enables you to specify your own date and time range for the report. In the report, the start time may changed to midnight if the start date is more than two days ago.

Reports use data stored in counters. Counters are data aggregated periodically from Events. Counter data is aggregated on an hourly basis for the most recent three days. Data from the current hour is not included in reports. Data older than three days is stored in counters that are aggregated on a daily basis. For this reason, the time period covered by reports for the last three days can be specified at an hourly level of granularity, but beyond three days, the time period can only be specified on a daily level of granularity.

Computer Filter

Set the computers whose data will be included in the report. You can include any computer for which you have viewing rights. Viewing rights are specified on the Computer Rights tab for a Role. (see Roles for more information.)

Computer filter options:

All Computers: If your viewing rights allow you to see all computers managed by Vulnerability ProtectionDeep Security, you can select this option to include all computers in the report.
My Computers: If your viewing rights allow you to see only certain computers, you can select this option to include all of the computers that you can view.
In Group: Enables you to limit the report to computers that belong to a selected Group (and optionally, its sub-Groups).
Using Policy: Enables you to limit the report to computers that are using a selected Policy (and optionally, its sub-Policies).
Computer: Enables you to limit the report to just one selected computer.

To generate a report on specific computers from multiple computer groups, create a User who has viewing rights only to the computers in question and then either create a Scheduled Task to regularly generate an "All Computers" report for that User or sign in as that User and run an "All Computers" report. Only the computers to which that User has viewing rights will be included in the report.

Encryption

You can protect the report with a password.

Encryption options:

Disable Report Password: The report will not be password-protected.
Use Current User's Report Password: The report will be protected with the password of the currently signed in User. This option is not available if your role is Full Access.
Use custom Report Password: The report will be protected with the password that you enter in the Use custom Report Password and Confirm Password boxes. The password does not have any complexity requirements.

Recurring Reports

Recurring Reports are simply Scheduled Tasks that periodically generate and distribute Reports to any number of Users and Contacts. Most of the options are identical to those for single reports, with the exception of Time Filter, which looks like this:

Last [N] Hour(s): When [N] is less than 60, the start and end times will be at the top of the specified hour. When [N] is more than 60, hourly data is not available for the beginning of the time range, so the start time in the report will be changed to midnight (00:00) of the start day.
Last [N] Day(s): Includes data from midnight [N] days ago to midnight of the current day.
Last [N] Week(s): Includes events from the last [N] weeks, starting and ending at midnight (00:00).
Last [N] Month(s): Includes events from the last [N] full calendar month, starting and ending at midnight (00:00). For example, if you select "Last 1 Month(s)" on November 15, you will receive a report for events that occurred between midnight October 1 to midnight November 1.

For more information on Scheduled Tasks, go to Administration > Scheduled Tasks.