Q1 LAbs: QRadar Reports

Reports
QRadar incorporates a robust reporting engine that generates reports across all data:

  • SOC-level and NOC-level reports of actionable offenses, TopN data and network traffic volume
  • Management-level reports on overall security state
  • Reports for regulatory compliance standards such as SOX, GLBA, HIPAA, FISMA, and control frameworks like NIST and CobiT


Baseline time series reports baseline the normal behavior of network and event data and compare it to current traffic to identify changes in network behavior quickly.

  • Weekly — Data from the previous three weeks
  • Hourly — Same hour on the same day for the previous three weeks

  • Daily — Same day of the week for the previous three weeks


Delta Reports show the difference in traffic between the current interval and a past interval. They are useful for modeling how traffic patterns or security state have changed compared to the past.

Compliance Reports
Compliance reports based on CobiT, ISO and NIST frameworks. Regulatory templates for Sarbanes Oxley, Gramm Leach Bliley, and HIPAA.

  • Access control – User access management
  • Unsuccessful login attempts – User authentication
  • Remote Access – Mobile computing and teleworking
  • Performance and capacity planning
  • Violation and security activity
  • Malicious software prevention and detection
  • Problem and incident management


For more information on how QRadar can help you comply with regulatory requirements, click here


Report Wizard
QRadar's Report Wizard provides a step-by-step way to create any report for any object in QRadar. These reports, customizable with a corporate brand, can be scheduled for distribution in a variety of formats, including .pdf, .rtf, and .html. QRadar's Report Wizard is easy to learn and use. The Report Wizard:

  • Builds, edits, schedules and distributes reports
  • Offers a variety of templates and graph Types
  • Offers a variety of formats: HTML, PDF, RTF


A single report supports multiple data sets for a comparative view of the data. This is particularly helpful for operational and executive-level reports.