1. Using Oracle CASB Cloud Service
  2. Monitoring Cloud Applications
  3. Creating and Running Reports
  4. Running an Ad Hoc Report: Report Builder

Running an Ad Hoc Report: Report Builder

Use the Report Builder to create an ad hoc query report using many of the variables available in the predefined reports.

If you don't see the report you want in the Reports page, and the New Report wizard doesn't provide enough flexibility, then try the Report Builder

As an example of using Report Builder, if the Users page shows a high risk score for a particular user, then you might want to create a unique report to focus on actions that this user has performed in a particular cloud service in a particular time frame.

  1. Select Reports from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. In the Reports page click the Report Builder button at the top of the page.
  3. In the Report Builder page, a filter on Date is displayed by default. The date in the From field is set to two days before the current date and the date in the To field is set to the current date. You can change the dates in these fields to display data over a maximum period of 90 days.
  4. In the Report Builder page, click the Add Filter Image of Add Filter icon icon, select the first variable of interest in the report (for example, User), and then enter selection criteria for the variable (for example, a username or partial username).

    Tip: For many reports, it's practical to start with the most general variable (Application or User) before selecting a more specific one (for example, an action).

    Filter Name Description

    Action: App Native

    The name of an action taken in the cloud application or service. Example: LOGIN_SUCCESS.

    This list includes all actions, sorted by cloud service type. The name of the related service is shown in a green bar at the top of the drop-down list of actions.

    If you select this action type and the report applies to more than one cloud application or service type, then it can be helpful to display both the Action: App Native and Action: Normalized as report columns (see Step 4).

    Action: Normalized

    A common name for an action that can be taken in multiple cloud services. Example: Console login.

    If you select this action type and the report applies to more than one cloud application or service type, then it can be helpful to display both the Action: App Native and Action: Normalized as report columns (see Step 4).

    Application

    The name of a cloud application or service.

    Application Sub-type

    For services that have sub types, this is the name of a sub type.

    Classification

    An IP address classification: Normal or Suspicious.

    Country

    The country in which an action is detected.

    Date

    The date range for the information in the report.

    Device Type

    The access device (a physical device, such as a desktop computer, or a program).

    IP Address

    Typically, this is the source IP address (the location of the user or agent performing an action).

    Instance

    The name of the registered application instance.

    Resource

    The name of the item being acted upon, for example, a file name, a folder name, or a repository name.

    Resource Type

    A resource classification, for example, a token (for user authorization).

    User

    A user identifier (for example, a full or partial user name).
  5. To further restrict the amount of data being displayed, click the Add Filter Image of Add Filter icon icon and then select an additional filter.

    For example, you can select Date and then set a date range filter.

  6. Click Search to apply the filters selected.
  7. In the Display/Hide Columns drop-down list, select the report columns that you want to view.
  8. Click Reset to remove the filters and set the date fields to the default value.