🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Create Reports from a Template

reports


Templates provide out-of-the-box reports that help you understand your organization’s security posture, the effectiveness of security staff, and the value of Taegis™ XDR. Leveraging Secureworks security operations expertise, these reports have been designed to address common reporting needs and can be utilized without an understanding of the Advanced Search query language.

Tip

Looking to create your own report? See Configure Custom Reports.

To create a PDF report from a template:

  1. From the Taegis™ XDR left-hand side navigation, select Reports.
  2. Select Create Report.
  3. Choose one of the predefined report templates and select Next.

Available Report Templates

The following predefined report templates are currently available in Taegis™ XDR.

Alert Summary Report

The Alert Summary Report provides an overview of alert activity, volume, and trends in your environment. It includes the following summary charts and statistical data:

Alert Summary Report: Alert Volume Trend by Severity and Top Sensor Type

Alert Summary Report: Alert Volume Trend by Severity and Top Sensor Type

Executive Summary Report

The Executive Summary Report provides a high-level overview of the activity occurring in your environment. It includes the following summary charts and statistical data:

Executive Summary Report: Alert Activity and Trends

Executive Summary Report: Alert Activity and Trends

Investigation Summary Report

The Investigation Summary Report provides an overview of investigation activity occurring in your environment. It includes the following summary charts and statistical data:

Note

The Event Volume by Type metric included in the Investigation Overview is calculated once daily at 08:00 AM UTC rather than in real time when the report is run.

Investigation Summary Report: Investigation Overview

Investigation Summary Report: Investigation Overview

Event Schema Grouping

In the Investigation Overview funnel chart, event schema are grouped as follows:

Note

The numbers for each grouping, which are located to the right side of the funnel, may not add up to the total event volume, which is located to the left side of the funnel. This is because events that fall into multiple schema groups get included in the count for each group.

iSensor Change Management Report

The iSensor Change Management Report displays detailed information about signature and ruleset updates made for each iSensor in your tenant, including the CVEs that map to the rules. It includes the following data:

Note

If you run this report but have no iSensors in your tenant, the iSensor Data Sheet generates instead.

iSensor Change Management Report

iSensor Change Management Report

Taegis™ XDR User Admin Summary Report

The Taegis™ XDR User Admin Summary Report provides an overview of Taegis™ XDR user registration status, roles, activity, and change history in your XDR tenant. It includes the following summary charts and statistical data:

Taegis™ XDR User Admin Summary Report: User Registration & Activity

Taegis™ XDR User Admin Summary Report: User Registration & Activity

Step 1: Configure and Preview the Report

Reports created from templates are predefined, so at this time configuration options are limited to the timeframe of the report data.

As you adjust the configuration options, the report preview image updates automatically.

Preview of the Executive Summary Report

Preview of the Executive Summary Report

Note

Reports with alerts do not support data aggregation of more than 7 days if viewing All Tenants. Select an individual tenant, or reduce the timeframe.

Step 2: Schedule Report

A report can be scheduled to run at a variety of intervals as defined below. One scheduling option may be defined per report.

Note

The time zone field specifies what time zone a scheduled report should run; it does not affect the timestamps used throughout the report data.

Scheduling an Executive Summary Report

Scheduling an Executive Summary Report

Step 3: Report Name and Sharing

In the last step of report configuration, define the following:

Note

You automatically receive any report that you create yourself; you do not need to add yourself to the user list.

Naming and Sharing an Executive Summary Report

Naming and Sharing an Executive Summary Report

Available Output File Formats

Reports are generated as PDF files by default. To generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for supported reports, select the Export data to CSV and/or JSON option.

Step 4: Complete the Report

After all configuration steps are completed, select Finish. The query results page is displayed, with a banner informing you that the report is being created. You will receive an email notification when it is ready to download.

 

On this page: