Create Reports from a Template
Templates provide out-of-the-box reports that help you understand your organization’s security posture, the effectiveness of security staff, and the value of Taegis™ XDR. Leveraging Secureworks security operations expertise, these reports have been designed to address common reporting needs and can be utilized without an understanding of the Advanced Search query language.
Looking to create your own report? See Configure Custom Reports.
To create a PDF report from a template:
- From the Taegis™ XDR left-hand side navigation, select Reports.
- Select Create Report.
- Choose one of the predefined report templates and select Next.
Available Report Templates ⫘
The following predefined report templates are currently available in Taegis™ XDR.
Alert Summary Report ⫘
The Alert Summary Report provides an overview of alert activity, volume, and trends in your environment. It includes the following summary charts and statistical data:
- Alert Volume Trend by Severity — Highlights the volume of alerts over time by severity, including suppressed alerts
- Alert Trends Grouped by Status — Depicts increasing and decreasing trends in critical and high severity alerts grouped by alerts status
- Top Alert Trends by Volume — A series of charts showing Top 10 alerts names, users, host names, source IP, and target IP addresses based on alert volume
Alert Summary Report: Alert Volume Trend by Severity and Top Sensor Type
Executive Summary Report ⫘
The Executive Summary Report provides a high-level overview of the activity occurring in your environment. It includes the following summary charts and statistical data:
- Investigation Trends — Depicts trends in investigations grouped by type and status
- Alert Activity and Trends — Displays critical and high alerts trends by alerts status, alerts trends by severity and top sensor types, and the top names and usernames of critical and high alerts
- Event Trends — Depicts trends in event by destination port and block status
Executive Summary Report: Alert Activity and Trends
Investigation Summary Report ⫘
The Investigation Summary Report provides an overview of investigation activity occurring in your environment. It includes the following summary charts and statistical data:
- Investigation Overview — Depicts the funneling of events filtered through XDR from total events, to alerts, to those included in an investigation
The Event Volume by Type metric included in the Investigation Overview is calculated once daily at 08:00 AM UTC rather than in real time when the report is run.
- Investigation Trends by Status — Displays the trends in volume of investigations grouped by all statuses or by status categories, with views for those created by the customer, those created by the service provider, and the aggregate of both
- Investigation Trends by Type — Displays the trends in volume of investigations by investigation type with views for those created by the customer, those created by the service provider, and the aggregate of both
- Investigation Creators and Assignees — Displays the top investigation creators and open investigation assignees over time
Investigation Summary Report: Investigation Overview
Event Schema Grouping ⫘
In the Investigation Overview funnel chart, event schema are grouped as follows:
- Network —
- Endpoint —
- Cloud —
- Business System —
- Others — any other schemas not in the four groups above
The numbers for each grouping, which are located to the right side of the funnel, may not add up to the total event volume, which is located to the left side of the funnel. This is because events that fall into multiple schema groups get included in the count for each group.
iSensor Change Management Report ⫘
The iSensor Change Management Report displays detailed information about signature and ruleset updates made for each iSensor in your tenant, including the CVEs that map to the rules. It includes the following data:
- Ruleset Version — The version Secureworks assigned to the ruleset
- Timestamp — The date and time this particular ruleset was rolled out
- New Signatures — Total number of new signatures pushed to this iSensor in this particular ruleset rollout
- Changed Signatures — Total number of changed signatures pushed to this iSensor in this particular ruleset rollout
- Deleted Signatures — Total number of deleted signatures from this iSensor for this specific ruleset rollout
- Ruleset Description — Indicates a brief description of the rule
- Rule Status — Indicates whether this rule represents an add, change, or delete
If you run this report but have no iSensors in your tenant, the iSensor Data Sheet generates instead.
iSensor Change Management Report
Taegis™ XDR User Admin Summary Report ⫘
The Taegis™ XDR User Admin Summary Report provides an overview of Taegis™ XDR user registration status, roles, activity, and change history in your XDR tenant. It includes the following summary charts and statistical data:
- User Registration — Shows Taegis™ XDR users by registration status and changes to registration status
- User Roles — Shows Taegis™ XDR users by role and changes to user roles
- User Profiles — Shows Taegis™ XDR users whose profile data is incomplete
- User Activity — Shows the most and least active Taegis™ XDR users, as well as Taegis™ XDR login trends and details
Taegis™ XDR User Admin Summary Report: User Registration & Activity
Step 1: Configure and Preview the Report ⫘
Reports created from templates are predefined, so at this time configuration options are limited to the timeframe of the report data.
As you adjust the configuration options, the report preview image updates automatically.
Preview of the Executive Summary Report
Reports with alerts do not support data aggregation of more than 7 days if viewing All Tenants. Select an individual tenant, or reduce the timeframe.
Step 2: Schedule Report ⫘
A report can be scheduled to run at a variety of intervals as defined below. One scheduling option may be defined per report.
- Now — The report is executed immediately upon completion of the configuration process.
- Once — The report is executed once at a date and time specified by the user.
- Daily — The report is executed once every day of the week at a designated time.
- Weekly — The report is executed once per week on a specified day and time.
- Monthly — The report is executed once per month on a specified numeric day of the month and time. If the defined day is greater than the last day of the month, the report will be executed on the last day of the month.
- Annually — The report is executed once per year on a specified date and time.
The time zone field specifies what time zone a scheduled report should run; it does not affect the timestamps used throughout the report data.
Scheduling an Executive Summary Report
Step 3: Report Name and Sharing ⫘
In the last step of report configuration, define the following:
- Report Name — A name for the report, which is used as the file name, the header inside the file, and a quick reference in the Scheduled and Completed Reports tables. (255 character limit; supported characters:
/ - _ ( ) % & # ! , . ' " @ $ ^ * ~)
- Description — (Optional) Descriptive text that provides context of the contents of the report for recipients’ benefit. This is embedded in the header of the report file. (1,000 character limit)
- Users — Any Secureworks® Taegis™ XDR users within the current tenant that will receive the report. Each named user, including the report creator, will receive email notifications when the report is completed, with a link to download the report. Users you share the report with can unsubscribe if they do not wish to receive the report.
- Share with Administrators — Check this option to add the report to the Completed Reports table for Tenant Administrator users when it runs. They will not receive notifications for the report.
You automatically receive any report that you create yourself; you do not need to add yourself to the user list.
Naming and Sharing an Executive Summary Report
Available Output File Formats ⫘
Reports are generated as PDF files by default. To generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for supported reports, select the Export data to CSV and/or JSON option.
Step 4: Complete the Report ⫘
After all configuration steps are completed, select Finish. The query results page is displayed, with a banner informing you that the report is being created. You will receive an email notification when it is ready to download.