Understanding SOAR Reports

Reports are useful for justifying Return on Investment (ROI) to upper management and to achieve transparency and accountability to customers and colleagues. 

Google Security Operations provides analysts with four predefined reports and the option to create new ones. You can also export and import reports to other platforms.

The predefined reports are:

• Management – Soc Status
• Management – Closed Cases
• Tier 1 – Open Cases
• ROI – Analysts Benchmark

Generate a report

1. Go to Dashboards and Reports > SOAR Reports.
2. Click Generate under the Generate Report column.
3. In the Generate report dialog, select the required environments to be included in the report, timeframe and the document type (Word or PDF).
4. Click Download.
   

Schedule a report

1. Select the required report.
2. Select the Scheduler tab and then, click add .
   
3. Switch the Enable toggle on, and enter the relevant information in the New Schedule dialog.
   
4. Click Save.

Add a new report

1. Click add Add new template. The New report template dialog appears.
2. Enter a relevant name, and select a Category from the drop-down.
3. Click Create. The report appears in the list of reports.

Edit a report

1. Select the required report from the list of reports.
2. Select the Edit tab.
   
3. Click add and choose one of the following formats: Editor, Pie Chart, Table, or Vertical Bar. A dialog will appear based on the selected format. For this example, select Pie Chart.
4. Enter the relevant information. Note that whether you choose Alerts or Cases will affect the options in the other fields. In this example, we have created a report based on alerts coming from products whereby the case was closed as malicious, and the root cause was an external attack.
   
5. Click Save.