Create Reports from a Template

reports

Templates provide out-of-the-box reports that help you understand your organization’s security posture, the effectiveness of security staff, and the value of Secureworks® Taegis™ XDR. Leveraging Secureworks security operations expertise, these reports have been designed to address common reporting needs and can be utilized without an understanding of the Advanced Search query language.

To create a PDF report from a template:

1. From the XDR left-hand side navigation, select Reports.
2. Select Create Report.
3. Choose one of the predefined report templates and select Next.

Available Report Templates ⫘

The following predefined report templates are currently available in XDR.

Alert Summary Report ⫘

The Alert Summary Report provides an overview of alert activity, volume, and trends in your environment. It includes the following summary charts and statistical data:

• Alert Volume Trend by Severity — Highlights the volume of alerts over time by severity, including suppressed alerts
• Alert Trends Grouped by Status — Depicts increasing and decreasing trends in critical and high severity alerts grouped by alerts status
• Top Alert Trends by Volume — A series of charts showing Top 10 alerts names, users, host names, source IP, and target IP addresses based on alert volume

Alert Summary Report: Alert Volume Trend by Severity and Top Sensor Type

Executive Summary Report ⫘

The Executive Summary Report provides a high-level overview of the activity occurring in your environment. It includes the following summary charts and statistical data:

• Investigation Trends — Depicts trends in investigations grouped by type and status
• Alert Activity and Trends — Displays critical and high alerts trends by alerts status, alerts trends by severity and top sensor types, and the top names and usernames of critical and high alerts
• Event Trends — Depicts trends in event by destination port and block status

Executive Summary Report: Alert Activity and Trends

Investigation Summary Report ⫘

The Investigation Summary Report provides an overview of investigation activity occurring in your environment. It includes the following summary charts and statistical data:

• Investigation Overview — Depicts the funneling of events filtered through XDR from total events, to alerts, to those included in an investigation

• Investigation Trends by Status — Displays the trends in volume of investigations grouped by all statuses or by status categories, with views for those created by the customer, those created by the service provider, and the aggregate of both
• Investigation Trends by Type — Displays the trends in volume of investigations by investigation type with views for those created by the customer, those created by the service provider, and the aggregate of both
• Investigation Creators and Assignees — Displays the top investigation creators and open investigation assignees over time

Investigation Summary Report: Investigation Overview

Event Schema Grouping ⫘

In the Investigation Overview funnel chart, event schema are grouped as follows:

• Network — dnsquery, generic, netflow, auth, http, nids, dhcp
• Endpoint — dnsquery, generic, netflow, process, auth, persistence, injection.thread, managementevent, registry, filemod, process_module, apicall, script_block
• Cloud — generic, auth, cloudaudit, apicall
• Business System — email, antivirus
• Others — any other schemas not in the four groups above

iSensor Change Management Report ⫘

The iSensor Change Management Report displays detailed information about signature and ruleset updates made for each iSensor in your tenant, including the CVEs that map to the rules. It includes the following data:

• Ruleset Version — The version Secureworks assigned to the ruleset
• Timestamp — The date and time this particular ruleset was rolled out
• New Signatures — Total number of new signatures pushed to this iSensor in this particular ruleset rollout
• Changed Signatures — Total number of changed signatures pushed to this iSensor in this particular ruleset rollout
• Deleted Signatures — Total number of deleted signatures from this iSensor for this specific ruleset rollout
• Ruleset Description — Indicates a brief description of the rule
• Rule Status — Indicates whether this rule represents an add, change, or delete

iSensor Change Management Report

XDR User Admin Summary Report ⫘

The XDR User Admin Summary Report provides an overview of XDR user registration status, roles, activity, and change history in your XDR tenant. It includes the following summary charts and statistical data:

• User Registration — Shows XDR users by registration status and changes to registration status
• User Roles — Shows XDR users by role and changes to user roles
• User Profiles — Shows XDR users whose profile data is incomplete
• User Activity — Shows the most and least active XDR users, as well as XDR login trends and details

XDR User Admin Summary Report: User Registration & Activity

Step 1: Configure and Preview the Report ⫘

Reports created from templates are predefined, so at this time configuration options are limited to the timeframe of the report data.

As you adjust the configuration options, the report preview image updates automatically.

Preview of the Executive Summary Report

Step 2: Schedule Report ⫘

A report can be scheduled to run at a variety of intervals as defined below. One scheduling option may be defined per report.

• Now — The report is executed immediately upon completion of the configuration process.
• Once — The report is executed once at a date and time specified by the user.
• Daily — The report is executed once every day of the week at a designated time.
• Weekly — The report is executed once per week on a specified day and time.
• Monthly — The report is executed once per month on a specified numeric day of the month and time. If the defined day is greater than the last day of the month, the report will be executed on the last day of the month.
• Annually — The report is executed once per year on a specified date and time.

Scheduling an Executive Summary Report

Step 3: Report Name and Sharing ⫘

In the last step of report configuration, define the following:

• Report Name — A name for the report, which is used as the file name, the header inside the file, and a quick reference in the Scheduled and Completed Reports tables. (255 character limit; supported characters: / - _ ( ) % & # ! , . ' " @ $ ^ * ~)
• Description — (Optional) Descriptive text that provides context of the contents of the report for recipients’ benefit. This is embedded in the header of the report file. (1,000 character limit)
• Users — Any XDR users within the current tenant that will receive the report. Each named user, including the report creator, will receive email notifications when the report is completed, with a link to download the report. Users you share the report with can unsubscribe if they do not wish to receive the report.
• Share with Administrators — Check this option to add the report to the Completed Reports table for Tenant Administrator users when it runs. They will not receive notifications for the report.
• Language Selection — Select English or Japanese for the report language.

Naming and Sharing an Executive Summary Report

Available Output File Formats ⫘

Reports are generated as PDF files by default. To generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for supported reports, select the Export data to CSV and/or JSON option.

Step 4: Complete the Report ⫘

After all configuration steps are completed, select Finish. The query results page is displayed, with a banner informing you that the report is being created. You will receive an email notification when it is ready to download.