XDR API Reporting
professional services api reporting
Overview ⫘
XDR has reporting capabilities that support operational needs via Advanced Search and Executive Summary reports within the standard report library. Recognizing that some businesses have unique reporting needs that extend beyond the scope of pre-configured options, Professional Services offers tailored reporting with customized outcomes.
Leveraging the XDR API's, Professional Services integrates data from various sources including both on-premise appliances and cloud-based platforms. This integration facilitates the creation of unified reports or dashboards, enabling organizations to gain a more cohesive understanding of their data, which may have previously been segmented or isolated.
To support our customers in achieving these reporting goals, our highly skilled Professional Services team is able to design, create, and assist in the deployment of reporting solutions using widely available visualization tools like Microsoft's PowerBI. Some examples of report categories are:
- Situational awareness solutions for Security Operations Centers
- Event drilldown visualizations for Security Operations Centers
- Security Alert or Investigation trending solutions for Security Leaders
- XDR-integrated data source reporting for Infrastructure Teams
Our custom solutions build upon the available PowerBi template for those customers with differentiated reporting requirements or who require greater flexibility in how their data is handled. The table below provides a high-level insight into the main differences between the two solutions:
Outcome | Power BI Template | Professional Services Solutions |
---|---|---|
Available Refresh | Limited (8 times per day) | Variable (min. interval of 5 minutes 24x7*) |
Visualization Software Support | Power Bi Only | Various |
Deployment Options | Single (PowerBI gateway) | Various (Depending on Solution) |
Multi-Tenancy Support | No | Yes |
Ability to merge different data sets? | No | Yes |
In life support? | No | Yes |
Taegis SDK Support | No | Yes |
*Depending on query sizes and visualization software options
Solution Components ⫘
Our flexible API reporting solutions are designed to be modular and utilize existing business tooling and applications. Although solutions differ depending on customer requirements, the core of our solution is built upon three main components:
Our solutions also provide multiple possibilities for deployment options to fit your business technologies. On-premise, cloud VM, serverless utilizing cloud functions, and cloud database services are all possible.
Python Scripts ⫘
Utilizing Python scripts provides our solutions with the versatility to adapt, evolve, and easily update should there be a need for additional reporting requirements after initial deployment. This tooling is used to authenticate and query the Taegis GraphQL APIs, format the data and then authenticate and load it into the database.
SQL Compatible Database ⫘
Integrating an SQL-compatible database achieves key objectives for our reporting solution:
- Reduced Data Refresh Intervals — By leveraging an SQL-compatible database, we decrease the time required to update the data within our reports, ensuring that users have access to the most current information.
- Historical Data Reporting — Our solution supports the generation of reports that encompass historical data, providing a view of trends and patterns over time.
- Compatibility with Visualization Tools — The SQL-compatible nature of this solution ensures interoperability with a wide range of data visualization software, enhancing the versatility of our reporting capabilities.
The database infrastructure facilitates various connection methods, such as Power BI's Direct Query, which enables enhanced data refresh rates, with near-real-time updates. This approach is inherently more robust and adaptable compared to a direct API-to-visualization model, offering a scalable and efficient solution for the data extraction, transformation, and loading (ETL) processes.
Visualization Software ⫘
Many existing reporting tools that support SQL database connections can be used to create Taegis data dashboards, potentially reducing deployment costs. The data populated into the database can be customized and transformed to suit the requirements of the desired visualization software and reporting outcomes.
Example Reporting ⫘
The following are examples of possible reporting solutions:
Situational Awareness ⫘
Our Professional Services Situational Awareness solutions can cater to Taegis multi-tenant and single-tenant Customers, while providing customized views to meet requirements. The following screenshots provide examples of the types of dashboards that are possible to create for our customers:
Taegis Single Tenant Overview
Taegis Multi Tenant Overview
Event Drill Down ⫘
XDR collects and stores event and alert data for extended periods of time within the data lake. This data is invaluable for understanding how the environment is performing and understanding user behaviors. Building visualizations of this data helps security operations teams understand and react to changes in the environment that may not otherwise be detected via alerting.
The image below shows a Taegis Netflow schema-based dashboard that captures IP, port, and geolocation information. It is possible to create visualizations for any of the Taegis schema types to help better understand the events occurring within your environment.
Netflow Event Data Dashboard
Scoping ⫘
We understand that business reporting needs differ based on various factors including size of business, type of industry, and regulation and compliance requirements. These factors ultimately influence the design and creation of the solution. To ensure that we provide the correct outcomes, we treat each project as a custom engagement. The first stage in each of these projects will be a scoping session where we seek to understand:
- Reporting use cases
- Storyboarding and visualization requirements
- Data requirements
- Refresh requirements
- Expected deployment model (On-Premise, Cloud VM deployment, Cloud function utilization)
Once we understand the reporting requirements, we will be able to provide an estimate of effort to create your solution.
Scheduling and Booking Information ⫘
To find out more or to book an API Reporting engagement, contact your Account Manager or Customer Success Manager.