View and Manage Alert Reports
You can view and manage alert reports.
Modifying Columns in an Alerts Report
To add or remove columns in the report, do the following:
- View a predefined or custom alerts report.
- Click on the Actions drop down menu.
- Click Manage Columns.
The Manage Columns window is displayed.
- Select columns that you want displayed in the report.
- Deselect columns that you want to hide in the report.
- Click Save Changes.
Basic Filtering in an Alerts Report
To apply basic filters in the report, do the following:
- View a custom or predefined alerts report.
- Click Another Filter.
- Select a filter type, operator, and enter a value. All columns that are available in the report are available as filter types.
- Click Apply.
- Repeat steps two through four to apply additional filters.
To remove a filter, click the X beside the filter row.
Note:
Only some totals in your report are single-click filtersAdvanced Filtering in an Alerts Report
Advanced filtering of alert data can provide flexibility in the way that data is analyzed and reviewed, by allowing organizations to specify complex conditions and multiple criteria that must be met in order for data to be included or excluded from the analysis.
To apply advanced filters in the report, do the following:
- View a predefined or custom alerts report.
- Click Show Advanced SCIM Query Builder.
- Use the provided filter builder and
dropdowns to type in your filter(s). Advanced filtering uses System for
Cross-Domain Identity Management (SCIM) syntax and supported operators include:
co
: matches resources with an attribute that contains a given stringeq
: matches resources with an attribute that is equal to a given value (not case sensitive)eq_cs
: matches resources with an attribute that is equal to a given value (case sensitive)ew
: matches resources with an attribute that ends with a given stringge
: matches resources with an attribute that is greater than or equal to a given valuegt
: matches resources with an attribute that is greater than a given valuein
: matches resources with an attribute that is equal to any of given values in listle
: matches resources with an attribute that is less than or equal to a given valuelt
: matches resources with an attribute that is less than a given valuene
: matches resources with an attribute that is not equal to a given valuenot_in
: matches resources with an attribute that is not equal to any of given values in listpr
: matches resources with an attribute if it has a given valuesw
: matches resources with an attribute that starts with a given string
Operators can be grouped using parentheses to specify the order.
Filters can also be combined using logical operators such as
and
andor
.Note:
If you have any basic filters currently applied they will appear in the query builder as well. - Click Apply.
To clear the query builder, click Clear. This will clear any basic filters applied as well.
Example 5-1 Critical or high severity alert advanced filter
((severity eq "CRITICAL" or severity eq "HIGH") and status eq "OPEN")
Example 5-2 Critical alerts not on a virtual machine advanced filter
(featureDetails.clientHostname ne "vm") and (severity eq "Critical")
Example 5-3 Critical alerts on two target databases advanced filter
((targetNames eq "ATP01" or targetNames eq "ATP02") and (severity eq "Critical"))
Tips for Using the Filter Builder to Create Advanced Filters
- Pressing the escape key while in advanced filtering mode will clear the whole query.
- Pressing the space key will display the drop down with the list of available attributes or operators.
- Pressing the space key after entering a
value like
targetname (demo_tgt)
will enclose the string with quotes:("demo_tgt")
. - Pressing enter will close the drop down listing the operators and attribute names.
- If a value like alert name has spaces in it, typing space will enclose the first
word within quotes,
"alert name"
. You will have to move the cursor back to the enclosed string and continue typing the rest of the string value. - If you build a filter in advanced filtering that can't be displayed in basic filters, you can't switch back to basic filtering mode. For example, advanced filters with the or condition can't be displayed in basic filtering.
- A custom report with basic filter can be updated with advanced filter and saved.
For more information about SCIM, see the protocol documentation at https://www.rfc-editor.org/rfc/rfc7644.
For more information about filtering in SCIM, see the filtering section of the protocol documentation at https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2.
Generate and Download a PDF or XLS Version of an Alerts Report
You can generate and download a PDF or XLS version of your alerts report. The downloaded report includes the details that you are currently viewing on screen.
Create a Custom Alerts Report
You can create a custom report from any alerts report, including the predefined All Alerts report. The details saved to the custom reports are those that you are currently viewing on screen. You may want to create a custom report if you want to preserve the filters and columns displayed in a report that you are viewing online. You may also want to store your custom reports in specific compartments.
Delete a Custom Alerts Report
When you delete a custom alerts report, the report is permanently deleted and cannot be recovered. You cannot delete the predefined All Alerts report.
View Alert Report History
When an alert report is created, either through a schedule or generated on-demand, it will be listed in Alert Report History. The history of reports will be kept for three months. During this time you can view a list of the reports that have been created, details about the reports, and download the reports from Alert Report History.