Understanding SOAR Reports
Reports come in useful to justify Return on Investment (ROI) to upper management and to achieve transparency and accountability to customers and fellow colleagues.
Chronicle provides analysts with four predefined Reports and the option to create new ones. You can export and import Reports to other platforms.
The predefined Reports are:
- Management – SOC status
- Management – Closed Cases
- Tier 1 – Open Cases
- ROI – Analysts Benchmark
To generate a Report:
- Click on the smart_display icon under the Generate Report column.
- In the dialog box, select the required environments to be included in the Report, Time Frame and the document type (Word or PDF).
To schedule a Report:
- Select the required report.
In the right of the screen, select the Scheduler and then, click on the
Switch the toggle on and enter the relevant information in the New Schedule
- Click Save.
To add a new Report:
Click on the
icon on the top of the screen, enter a relevant name and select a Category
in the New Report template dialog box.
- Click Create. The Report appears in the list of Reports.
To edit a report:
- Click on the required report from the list of reports.
In the right pane in the screen, click Edit.
- Click on the add icon and choose one of the following formats: Pie Chart, Vertical Bar, Editor or Table. Depending on what format you choose, a different dialog box will open. For this procedure, let's choose a Pie Chart.
Enter the relevant information. Note that whether you choose Alert or Cases
will affect the options in the other fields. In this procedure, we have
created a Report based on Alerts coming from Products whereby the case was
closed as malicious and the root cause was an External Attack.
- Click Save.