Create a Report
Create a Report
A report can include a combination of new and predefined widgets and saved queries. For example, a cloud risk assessment report can include lists and widgets (table, bar, column, pie, line) side-by-side to help you analyze a wide range of data more easily.
There are three ways to create a report:
- Use a template from the Template Library
- Clone a template from existing reports, located in the Created by Me or Shared with Me reports list
- Build a template from scratch
To create a report: Note, all data is saved automatically
- Login to Netskope UI and go to Reports.
- Click New Report. Enter a report name, an optional report description. Click the numbered steps below the report name to move to a different step in report creation, at any time.
- Select a date range. The default is Last 30 Days. This time range is applied to all widgets in this template. Time ranges configured in individual widgets will always override the template time range.
- To create a new chart, select Add Widget to open the Add Widget side panel which guides you through the process. Each widget you create is based on the event, format, and value options you select. You can add up to 20 widgets per template. The key parameters for the Add Widget page are:
Parameters Description Widget Name Enter a name that describes this widget. Query Event Type Choose to query an alert event, application event, network event, or page event from the Query dropdown list:
- Alert: Alerts are generated when a policy, DLP, or watchlist is matched. For log discovery using PAN firewall logs, alerts show the list of apps blocked by the PAN firewall. For every event blocked by PAN we generate a corresponding alert.
- Application: Application events record more details of the user activity inside the cloud app. For log discovery using PAN firewall logs, this is identified using the URL recorded in the PAN logs.
- Network: Network events are generated when there is a policy match to allow or block apps with Netskope Private Access.
- Page: Page events are generated for the actual HTTP connection and contain app, appcategory, ccl, source, destination, bytes and latency details. For log discovery using PAN firewall logs, page events also show the details of all the cloud apps that are allowed in the network.
Query Enter a query to execute. For example, if you want to query the users who use Box, enter
app eq Boxin the query field. When you enter words in the query field, a list of options opens and changes to help you find the specific code strings needed to create a query. You can also choose from your saved queries. Click the Choose from Saved Queries link to open a dialog box which lists your saved queries, you can search for specific queries as well.
Time Specify the time period. Choose 30 days, 7 days, 24 hours, or a custom time period. Click Override Time Range to change the default range of last 7 days. Widget Type Reports can be in a line chart, pie chart, table format, plus multi-axis column or stacked bar graph. Table format allows displaying up to 100 lines in the report UI. Summarize By You can summarize the data by Application, Access Method, Browser, CCL, Category, Destination Country, Destination Location, Device Classification, Group, Organizational Site, User, CCL, Organization Unit, App Category, Device or CCI parameters, Site, Source Country, Source IP, Source Location, Timestamp (UTC), Traffic Type, CSP Hosting Provider, Hosting. Options vary depending on the Event Type selected.
In addition, you can click the +Add Next Level Breakdown to add another value to by which to summarize. Application fields (such as application name, application description, domains, hosting, providers) are now available with the next Summarize By option picked if the first Summarize By field is Application.
In the above example, you want to query all users using Dropbox, and choose Summarize by User.
ShowTop (#) Specifies the total number of top values to display. Choosing Table format allows displaying the top 100 values in the UI.
- The Numeric and Attribute Value options vary, depending on the type of chart you are creating. For example, a table has numeric and attribute value options, but a bar chart only has total events. The key parameters are:
Parameters Description Blocked Events Number of events that are blocked for a specific app or user. Bytes Downloaded Specifies the total bytes downloaded. Bytes Uploaded Specifies the total bytes uploaded. HTTP Transactions Number of requests from a client and the corresponding response. Sessions Specifies the number of sessions. Total Bytes Specifies the overall amount of bytes transferred. User Agents The browser identifier string. Users Specifies the number of users. Application Name Specifies the application name. This is the static name and can be used as a unique identifier because this name does not change. Category Specifies the app category. CCI Specifies the Cloud Confidence Index (CCI) rating. CCL Specifies the Cloud Confidence Level (CCL) rating. CSP Hosting Provider Name of the cloud service provider (host). First Accessed Date Date a user first accessed an app. Hosting Location(s) of the cloud service hosting provider (CSP Hosting Provider field). Last Accessed Date Date a user last accessed an app. Total Events Specifies the total number of events.
- When finished, click Add. To learn about predefined widgets, refer to Widget Library.
After a widget is created it displays on the Reports page. The ellipses at the end of the report name allow you to clone, schedule report, share, rename, move to another group, or delete. Cloning a report makes it easier and quicker to create new reports. Select the clone template option to open the Clone Chart side panel. This allows you to change only certain factors to easily create similar reports instead of creating a report from scratch.