View and Manage Alert Reports

You can view and manage alert reports.

View an Alerts Report

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Select a report from the list.

Modifying Columns in an Alerts Report

To add or remove columns in the report, do the following:

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Select a predefined or custom alerts report.

4. Select the manage columns icon, .

   The Manage Columns window appears.

5. Select columns that you want displayed in the report.
6. Deselect columns that you want to hide in the report.
7. Click Apply Changes.

Basic Filtering in an Alerts Report

To apply basic filters in the report, do the following:

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Select a custom or predefined alerts report.
4. Under the Actions menu, select Filter alerts.
5. Add or remove filters are desired.
6. Click Update.

Advanced Filtering in an Alerts Report

Advanced filtering of alert data can provide flexibility in the way that data is analyzed and reviewed, by allowing organizations to specify complex conditions and multiple criteria that must be met in order for data to be included or excluded from the analysis.

To apply advanced filters in the report, do the following:

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Select a predefined or custom alerts report.
4. Under the Actions menu, select Filter alerts.
5. Select Show Advanced SCIM Query Builder.
6. Use the provided filter builder and dropdowns to type in your filter(s). Advanced filtering uses System for Cross-Domain Identity Management (SCIM) syntax and supported operators include:
   • co: matches resources with an attribute that contains a given string
   • eq: matches resources with an attribute that is equal to a given value (not case sensitive)
   • eq_cs: matches resources with an attribute that is equal to a given value (case sensitive)
   • ew: matches resources with an attribute that ends with a given string
   • ge: matches resources with an attribute that is greater than or equal to a given value
   • gt: matches resources with an attribute that is greater than a given value
   • in: matches resources with an attribute that is equal to any of given values in list
   • le: matches resources with an attribute that is less than or equal to a given value
   • lt: matches resources with an attribute that is less than a given value
   • ne: matches resources with an attribute that is not equal to a given value
   • not_in : matches resources with an attribute that is not equal to any of given values in list
   • pr: matches resources with an attribute if it has a given value
   • sw: matches resources with an attribute that starts with a given string

   Operators can be grouped using parentheses to specify the order.

   Filters can also be combined using logical operators such as and and or.

   Note:

   If you have any basic filters currently applied they will appear in the query builder as well.
7. Select Update.

To clear the query builder, select Clear. This will clear any basic filters applied as well.

For more information about SCIM, see the protocol documentation at https://www.rfceditor.org/rfc/rfc7644.

For more information about filtering in SCIM, see the filtering section of the protocol documentation at https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2.

Example 5-1 Critical or high severity alert advanced filter

((severity  eq "CRITICAL" or severity eq "HIGH") and status eq "OPEN")

Example 5-2 Critical alerts not on a virtual machine advanced filter

(featureDetails.clientHostname ne "vm") and (severity eq "Critical")

Example 5-3 Critical alerts on two target databases advanced filter

((targetNames eq "ATP01" or targetNames eq "ATP02") and (severity eq "Critical"))

Create or Change a Schedule for Alert Reports

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Click the name of the report you would like to view.
4. Under the Actions menu, select the Manage Report Schedule.
   The Manage Report Schedule panel appears. It will be pre-loaded with either the existing schedule or the default schedule.
5. Change the Schedule Report Name if desired.
6. Change the Compartment the report is stored in if desired.
7. For Report Format select either a PDF or XLS output.
8. Select the Schedule Frequency.
   1. If you selected weekly for the schedule frequency, select the day of the week the schedule will run in the Every field.
   2. If you selected monthly for the schedule frequency, select the day of the month the schedule will run in the Day field.
9. In Time (in UTC) select a time.
10. In Events Time Span select the time span for which events will be included in the report. For example, selecting Last Months and entering 14 will always pull events from the last 14 months from the time the report is run.
11. Select a Row Limit. If unspecified, the default row limit is 200 rows.
12. Click Save Schedule.

Generate and Download a PDF or XLS Version of an Alerts Report

You can generate and download a PDF or XLS version of your alerts report. The downloaded report includes the details that you are currently viewing on screen.

1. Under Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Select any report from the list.
4. Under the Actions menu, select Generate report.
5. Select a report format (PDF or XLS).
6. Enter a display name.
7. (Optional) Enter a description.
8. Select a compartment in which to store your report.
9. (Optional) Set a filter on the number of rows, the target databases, the report start time, and report end time.
10. Click Generate report.
11. Wait until the report is generated.
    A message is displayed stating that the report generation is complete.
12. Download the report. You have two options:
    • In the Generate report window you can click Download report.
    • After you close the Generate report window, you can download the report from the Actions menu.

Create a Custom Alerts Report

You can create a custom report from any alerts report, including the predefined All Alerts report. The details saved to the custom reports are those that you are currently viewing on screen. You may want to create a custom report if you want to preserve the filters and columns displayed in a report that you are viewing online. You may also want to store your custom reports in specific compartments.

1. UUnder Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Click a report name and modify it as needed. If there aren't any custom reports saved, click the All Alerts report and make changes to it.
4. Under the Actions menu, select Create custom report.
   The Create Custom Report dialog box is displayed.
5. Enter a name for your custom report.
6. (Optional) Enter a description for your custom report.
7. Select the compartment to where you want to save your custom report.
8. Click Create custom report, and wait for a message that tells you the custom report is created.
9. (Optional) To open and view your custom report, click the click here link.
10. (Optional) To return to the report displayed on the screen, click Close.
    This report is not your saved report.

Update a Custom Alerts Report

1. UUnder Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. Click the name of the custom report that you want to update.
   The report is displayed with its saved filters.
4. Modify the report as needed.
5. Open or close alerts as needed.
6. Under the Actions menu, select Save Report.
   The custom report is updated.

Delete a Custom Alerts Report

When you delete a custom alerts report, the report is permanently deleted and cannot be recovered. You cannot delete the predefined All Alerts report.

1. UUnder Data Safe - Database Security, select Alerts.
2. Under Alerts, select Reports.
3. In the Report Name column on the right, click the name of the custom report that you want to delete.
   The report is displayed with its saved filters.
4. Under the Actions menu, select Delete report.
   A Delete report dialog box is displayed, asking you to confirm the deletion.
5. Click Delete report.

View Alert Report History

When an alert report is created, either through a schedule or generated on-demand, it will be listed in Alert Report History. The history of reports will be kept for three months. During this time you can view a list of the reports that have been created, details about the reports, and download the reports from Alert Report History.

1. UUnder Data Safe - Database Security, select Alerts.
2. Under Alerts, select Alert report history.
   The Alert Report History table is displayed. It contains information regarding:

   • Report Name - The name of the alert report.
   • Lifecycle State - Either ACTIVE or UPDATING, shows if the report is currently accessible or if it is being updated.
   • Report Definition - Specifies the name of the report that provides data for this scheduled or generated report.
   • Generated Time - The date and time the report was created.
   • Report Type - Generated or Scheduled. Where generated reports are on-demand reports produced outside of the scheduling system and scheduled reports are those produced by the scheduling system.
   • File Format - PDF or XLS
   • Download Report - Option to download the report.
3. (Optional) Filter the list of results by selecting the Search and Filter field. Narrow down the report history page based on the Report definition, Report type, File format, and Created.

Move an Alert Report to a Different Compartment

Any scheduled or generated alert report from the past three months can be moved to a different compartment that you have access to from Alert Report History.

1. UUnder Data Safe - Database Security, select Alerts.
2. Under Alerts, select Alert report history.
   The Alert Report History table is displayed.
3. Click on the name of an alert report from the list.
4. Under the Actions menu, select Move Resource.
5. In the move resource dialog box, select the compartment to move the alert report to. You must have the appropriate DATA_SAFE_REPORT_MOVE permissions for the selected compartment.
6. Click Move tesource.
   The alert report and Archive Data Retrieval will be moved to the selected compartment immediately.