Create a Report

Create a Report

You are viewing classic reports documentation. When Reports (New Experience) is no longer in BETA, the classic reports documentation will be replaced with “Reports” documentation, aka Reports (New Experience).

A report can include a combination of new and predefined widgets and saved queries. For example, a cloud risk assessment report can include lists and widgets (table, bar, column, pie, line) side-by-side to help you analyze a wide range of data more easily. 

There are three ways to create a report:

  • Use a template from the Template Library
  • Clone a template from existing reports, located in the Created by Me or Shared with Me reports list
  • Build a template from scratch

To create a report: Note, all data is saved automatically 

  1. Login to Netskope UI and go to Reports.
  2. Click New Report. Enter a report name, an optional report description. Click the numbered steps below the report name to move to a different step in report creation, at any time. 
  3. Select a date range. The default is Last 30 Days. This time range is applied to all widgets in this template. Time ranges configured in individual widgets will always override the template time range. 
  4. To create a new chart, select Add Widget to open the Add Widget side panel which guides you through the process. Each widget you create is based on the event, format, and value options you select. You can add up to 20 widgets per template. The key parameters for the Add Widget page are:
    Widget NameEnter a name that describes this widget.
    Query Event TypeChoose to query an alert event, application event, network event, or page event from the Query dropdown list:
    • Alert: Alerts are generated when a policy, DLP, or watchlist is matched. For log discovery using PAN firewall logs, alerts show the list of apps blocked by the PAN firewall. For every event blocked by PAN we generate a corresponding alert.
    • Application: Application events record more details of the user activity inside the cloud app. For log discovery using PAN firewall logs, this is identified using the URL recorded in the PAN logs.
    • Network: Network events are generated when there is a policy match to allow or block apps with Netskope Private Access.
    • Page: Page events are generated for the actual HTTP connection and contain app, appcategory, ccl, source, destination, bytes and latency details. For log discovery using PAN firewall logs, page events also show the details of all the cloud apps that are allowed in the network.
    QueryEnter a query to execute. For example, if you want to query the users who use Box, enter app eq Box in the query field. When you enter words in the query field, a list of options opens and changes to help you find the specific code strings needed to create a query. You can also choose from your saved queries. Click the Choose from Saved Queries link to open a dialog box which lists your saved queries, you can search for specific queries as well.
    TimeSpecify the time period. Choose 30 days, 7 days, 24 hours, or a custom time period. Click Override Time Range to change the default range of last 7 days.
    Widget TypeReports can be in a line chart, pie chart, table format, plus multi-axis column or stacked bar graph. Table format allows displaying up to 100 lines in the report UI.
    Summarize ByYou can summarize the data by Application, Access Method, Browser, CCL, Category, Destination Country, Destination Location, Device Classification, Group, Organizational Site, User, CCL, Organization Unit, App Category, Device or CCI parameters, Site, Source Country, Source IP, Source Location, Timestamp (UTC), Traffic Type, CSP Hosting Provider, Hosting. Options vary depending on the Event Type selected.

    In addition, you can click the +Add Next Level Breakdown to add another value to by which to summarize. Application fields (such as application name, application description, domains, hosting, providers) are now available with the next Summarize By option picked if the first Summarize By field is Application.

    In the above example, you want to query all users using Dropbox, and choose Summarize by User.

    ShowTop (#)Specifies the total number of top values to display. Choosing Table format allows displaying the top 100 values in the UI.
  5. The Numeric and Attribute Value options vary, depending on the type of chart you are creating. For example, a table has numeric and attribute value options, but a bar chart only has total events. The key parameters are:
    Blocked EventsNumber of events that are blocked for a specific app or user. 
    Bytes DownloadedSpecifies the total bytes downloaded.
    Bytes UploadedSpecifies the total bytes uploaded.
    HTTP TransactionsNumber of requests from  a client and the corresponding response.
    SessionsSpecifies the number of sessions.
    Total BytesSpecifies the overall amount of bytes transferred.
    User AgentsThe browser identifier string.
    UsersSpecifies the number of users.
    Application NameSpecifies the application name. This is the static name and can be used as a unique identifier because this name does not change.
    CategorySpecifies the app category.
    CCISpecifies the Cloud Confidence Index (CCI) rating.
    CCLSpecifies the Cloud Confidence Level (CCL) rating.
    CSP Hosting ProviderName of the cloud service provider (host).
    First Accessed DateDate a user first accessed an app.
    HostingLocation(s) of the cloud service hosting provider (CSP Hosting Provider field). 
    Last Accessed DateDate a user last accessed an app.
    Total EventsSpecifies the total number of events.
  6. When finished, click Add. To learn about predefined widgets, refer to Widget Library.

After a widget is created it displays on the Reports page. The ellipses at the end of the report name allow you to clone, schedule report, share, rename, move to another group, or delete. Cloning a report makes it easier and quicker to create new reports. Select the clone template option to open the Clone Chart side panel. This allows you to change only certain factors to easily create similar reports instead of creating a report from scratch.

Share this Doc

Create a Report

Or copy link

In this topic ...