- Using Oracle CASB Cloud Service
- Monitoring Cloud Applications
- Creating and Running Reports
- Running an Ad Hoc Report: Report Builder
Running an Ad Hoc Report: Report Builder
Use the Report Builder to create an ad hoc query report using many of the variables available in the predefined reports.
If you don't see the report you want in the Reports page, and the New Report wizard doesn't provide enough flexibility, then try the Report Builder
As an example of using Report Builder, if the Users page shows a high risk score for a particular user, then you might want to create a unique report to focus on actions that this user has performed in a particular cloud service in a particular time frame.
- Select Reports from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon
to display it.
- In the Reports page click the Report Builder button at the top of the page.
- In the Report Builder page, a filter on Date is displayed by default. The date in the From field is set to two days before the current date and the date in the To field is set to the current date. You can change the dates in these fields to display data over a maximum period of 90 days.
- In the Report Builder page, click the Add Filter
icon, select the first variable of interest in the report (for example, User), and then enter selection criteria for the variable (for example, a username or partial username).
Tip: For many reports, it's practical to start with the most general variable (Application or User) before selecting a more specific one (for example, an action).
Filter Name Description Action: App Native
The name of an action taken in the cloud application or service. Example: LOGIN_SUCCESS.
This list includes all actions, sorted by cloud service type. The name of the related service is shown in a green bar at the top of the drop-down list of actions.
If you select this action type and the report applies to more than one cloud application or service type, then it can be helpful to display both the Action: App Native and Action: Normalized as report columns (see Step 4).
Action: Normalized
A common name for an action that can be taken in multiple cloud services. Example: Console login.
If you select this action type and the report applies to more than one cloud application or service type, then it can be helpful to display both the Action: App Native and Action: Normalized as report columns (see Step 4).
Application
The name of a cloud application or service.
Application Sub-type
For services that have sub types, this is the name of a sub type.
Classification
An IP address classification: Normal or Suspicious.
Country
The country in which an action is detected.
Date
The date range for the information in the report.
Device Type
The access device (a physical device, such as a desktop computer, or a program).
IP Address
Typically, this is the source IP address (the location of the user or agent performing an action).
Instance
The name of the registered application instance.
Resource
The name of the item being acted upon, for example, a file name, a folder name, or a repository name.
Resource Type
A resource classification, for example, a token (for user authorization).
User
A user identifier (for example, a full or partial user name).
- To further restrict the amount of data being displayed, click the Add Filter
icon and then select an additional filter.
For example, you can select Date and then set a date range filter.
- Click Search to apply the filters selected.
- In the Display/Hide Columns drop-down list, select the report columns that you want to view.
- Click Reset to remove the filters and set the date fields to the default value.