WEBVTT 1 00:00.000 --> 00:03.090 In this video, we'll get to take a big fish look at the wonderful world of 2 00:03.090 --> 00:05.280 reports on the 40 Analyzer. 3 00:05.280 --> 00:08.000 So if somebody came up to us and said, "Okay, what is the big deal out reports 4 00:08.000 --> 00:09.120 on the 40 Analyzer?" 5 00:09.120 --> 00:14.010 To summarize it, we could say it's a high-level summary of what's happening in 6 00:14.010 --> 00:14.640 our environment 7 00:14.640 --> 00:18.160 based on all the information that the 40 Analyzer has. Now, as far as a high- 8 00:18.160 --> 00:19.280 level summary, to get 9 00:19.280 --> 00:24.590 that is pulling that information from the SQL database that the 40 Analyzer 10 00:24.590 --> 00:25.520 uses once it gets 11 00:25.520 --> 00:28.530 all the log-in of any information from all the devices. And then regarding what 12 00:28.530 --> 00:29.440 kind of reports, 13 00:29.440 --> 00:33.100 there are a whole bunch of predefined reports, and we can also create custom WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 13 00:29.440 --> 00:33.100 there are a whole bunch of predefined reports, and we can also create custom 14 00:33.100 --> 00:34.080 reports. And if we 15 00:34.080 --> 00:38.110 want to use custom reports, it's also important to be aware of some of the 16 00:38.110 --> 00:39.280 detailed ingredients that 17 00:39.280 --> 00:42.680 go into a report. So here are some of the elements. So one of the components 18 00:42.680 --> 00:43.840 that can go into our 19 00:43.840 --> 00:46.920 reports would be a chart. Now, the chart, there's lots of different types of 20 00:46.920 --> 00:48.000 charts. We get a chart 21 00:48.000 --> 00:52.410 that's a table of data, or it could be a bar chart, or a pie chart, or a line 22 00:52.410 --> 00:54.080 chart, or a donut chart. 23 00:54.080 --> 00:57.540 There's also a radar chart. And the idea behind the chart is that what is the 24 00:57.540 --> 00:59.200 best way to represent 25 00:59.200 --> 01:02.390 the information that we're presenting as part of the reports. We could have WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 25 00:59.200 --> 01:02.390 the information that we're presenting as part of the reports. We could have 26 01:02.390 --> 01:03.040 various different 27 01:03.040 --> 01:06.800 types of charts included in a report. So that's one of our ingredients is the 28 01:06.800 --> 01:07.840 chart we're going to use. 29 01:07.840 --> 01:11.680 Another element that we can use as part of our reports is called a template. 30 01:11.680 --> 01:12.320 And the benefit of 31 01:12.320 --> 01:15.140 a template, I think of it like a cookie cutter. And with a cookie cutter, every 32 01:15.140 --> 01:15.840 time you use it, 33 01:15.840 --> 01:18.160 you're going to get the same shape, for example, assuming you have the right 34 01:18.160 --> 01:19.120 dough in place. And 35 01:19.120 --> 01:22.460 you use the cookie cutter, you get the same exact type of look and feel every 36 01:22.460 --> 01:23.840 time. So if we have 37 01:23.840 --> 01:27.980 all of our details, for example, we have charts set up, and we have the layout 38 01:27.980 --> 01:28.800 organized, 39 01:28.800 --> 01:31.250 we can include that as part of a template, and then we can just use that WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 39 01:28.800 --> 01:31.250 we can include that as part of a template, and then we can just use that 40 01:31.250 --> 01:32.560 template over and over again 41 01:32.560 --> 01:36.220 anytime we want to report that has certain charts or certain elements contained 42 01:36.220 --> 01:36.640 in it. 43 01:36.640 --> 01:40.480 So in addition to having a template that includes charts based on how we want 44 01:40.480 --> 01:40.880 that 45 01:40.880 --> 01:44.320 report to look, that template is also going to include the layout information, 46 01:44.320 --> 01:44.800 for example, 47 01:44.800 --> 01:48.400 which chart goes first, which chart goes second, which text goes where, and we 48 01:48.400 --> 01:49.200 'd also include things 49 01:49.200 --> 01:52.510 like the colors that were being used, or if there's branding involved in the 50 01:52.510 --> 01:53.520 report that you want 51 01:53.520 --> 01:56.600 as part of the template representing your company, that could be included as 52 01:56.600 --> 01:57.520 part of the template. 53 01:57.520 --> 01:59.920 And one other element here would be, for example, the font that's going to be 54 01:59.920 --> 02:01.040 used that'd be part WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 54 01:59.920 --> 02:01.040 used that'd be part 55 02:01.040 --> 02:05.280 of the template. And I have a little arrow here that the charts can be included 56 02:05.280 --> 02:06.000 as part 57 02:06.000 --> 02:09.730 of the template. So if we choose a template that's currently using one or more 58 02:09.730 --> 02:10.560 of these charts, 59 02:10.560 --> 02:13.910 it would be included as part of the final report. Now another question is, okay 60 02:13.910 --> 02:14.880 , what exact data 61 02:14.880 --> 02:18.270 we're playing from as we, you know, use the charts and templates and build 62 02:18.270 --> 02:19.520 these reports. Well, 63 02:19.520 --> 02:24.110 we can control what data is being pulled by another element called a dataset. 64 02:24.110 --> 02:24.640 And when you see the 65 02:24.640 --> 02:29.920 word dataset, think of a SQL query. And let's break that down for a moment. 66 02:29.920 --> 02:31.600 Many decades ago, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 66 02:29.920 --> 02:31.600 Many decades ago, 67 02:31.600 --> 02:35.040 when I was first introduced to structured query language, or as its friends 68 02:35.040 --> 02:36.720 call it SQL, I learned 69 02:36.720 --> 02:41.830 back in the day, the commands we would use to query or make requests from a SQL 70 02:41.830 --> 02:42.640 database. And 71 02:42.640 --> 02:46.720 again, that SQL database is being maintained over here at the 40 analyzer, 72 02:46.720 --> 02:47.760 based on logging events 73 02:47.760 --> 02:51.450 and other information it receives from the devices. And it inserts that into a 74 02:51.450 --> 02:52.640 SQL database. So the 75 02:52.640 --> 02:56.710 dataset represents the actual SQL commands that we would use to request certain 76 02:56.710 --> 02:57.680 information from 77 02:57.680 --> 03:01.680 that database. And here's a high level example. Let's imagine that we want to WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 77 02:57.680 --> 03:01.680 that database. And here's a high level example. Let's imagine that we want to 78 03:01.680 --> 03:02.800 pull from the SQL 79 03:02.800 --> 03:07.380 database, we want to pull information from the log files. So we'll say from log 80 03:07.380 --> 03:08.640 files. And inside 81 03:08.640 --> 03:11.180 the SQL statement, we'd actually put a dollar sign in front of that to 82 03:11.180 --> 03:12.080 represent the log files 83 03:12.080 --> 03:14.460 that we're going to pull from. And then we could also limit that by saying we 84 03:14.460 --> 03:15.200 only want to pull 85 03:15.200 --> 03:19.110 the category description, for example, proxy avoidance, or, you know, some 86 03:19.110 --> 03:20.080 other category that 87 03:20.080 --> 03:23.760 we're looking for. So I'll put XYZ as an example for the category description, 88 03:23.760 --> 03:24.480 assuming there was a 89 03:24.480 --> 03:28.640 category for websites of XYZ. Then as part of our dataset, we also have the 90 03:28.640 --> 03:30.000 options of specifying WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 90 03:28.640 --> 03:30.000 options of specifying 91 03:30.000 --> 03:33.840 how we want to group that information and how we want to order that information 92 03:33.840 --> 03:34.880 . So regarding a 93 03:34.880 --> 03:38.840 report that we want to actually be able to use, that report could be based on a 94 03:38.840 --> 03:39.680 template that's 95 03:39.680 --> 03:42.830 going to specify, for example, what charts based on the charts we have 96 03:42.830 --> 03:44.160 available. And that report 97 03:44.160 --> 03:48.880 is also going to include the dataset specifying what to pull, what information 98 03:48.880 --> 03:49.680 to query from the 99 03:49.680 --> 03:53.450 SQL database. And then when we run that report, it's like an orchestra, where 100 03:53.450 --> 03:54.560 we have the dataset 101 03:54.560 --> 03:58.010 querying and pulling the data, we have the template with the respective charts 102 03:58.010 --> 03:58.720 and the ordering and 103 03:58.720 --> 04:02.430 the layout and so forth, that's controlling how that information is going to WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 103 03:58.720 --> 04:02.430 the layout and so forth, that's controlling how that information is going to 104 04:02.430 --> 04:03.440 look in the charts, 105 04:03.440 --> 04:06.930 in the tables and so forth, in the final report. There's also one other 106 04:06.930 --> 04:08.240 component here that's very 107 04:08.240 --> 04:12.710 closely related to datasets, and then it's called a macro. And think of a macro 108 04:12.710 --> 04:14.160 like a predefined 109 04:14.160 --> 04:18.770 itty bitty little dataset identifying what information you want to pull. And 110 04:18.770 --> 04:19.920 for most of the reporting 111 04:19.920 --> 04:23.030 that we're going to be doing with the 40 analyzer, even though we can create 112 04:23.030 --> 04:24.000 custom charts and we 113 04:24.000 --> 04:28.700 can create custom templates and we can create custom reports, and we can create 114 04:28.700 --> 04:29.280 custom datasets 115 04:29.280 --> 04:34.000 and macros, most of the time, because there's so many prebuilt and ready to go, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 115 04:29.280 --> 04:34.000 and macros, most of the time, because there's so many prebuilt and ready to go, 116 04:34.000 --> 04:34.880 datasets, templates 117 04:34.880 --> 04:38.910 and charts, most of the time we just run a report that's already been pred 118 04:38.910 --> 04:40.080 efined by FordNet. However, 119 04:40.080 --> 04:43.200 on the other side of that coin, if we need to customize something, we also have 120 04:43.200 --> 04:44.000 the ability to 121 04:44.000 --> 04:46.880 customize it as well. So let me clean this up a little bit and let's chat a 122 04:46.880 --> 04:47.840 little bit further 123 04:47.840 --> 04:52.240 about reports in general. A few things we want to consider regarding reports. 124 04:52.240 --> 04:53.120 Number one, 125 04:53.120 --> 04:57.680 who is the audience for that report? For example, is it the engineering team, 126 04:57.680 --> 05:01.900 is it the security operations center, is it for an executive? So we want to WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 126 04:57.680 --> 05:01.900 is it the security operations center, is it for an executive? So we want to 127 05:01.900 --> 05:03.040 consider the audience 128 05:03.040 --> 05:06.560 and make sure we're giving them the right reports based on what they need to 129 05:06.560 --> 05:07.200 see. And that would 130 05:07.200 --> 05:10.310 also include considering the purpose of that report, because if we know what 131 05:10.310 --> 05:10.960 the intent is, 132 05:10.960 --> 05:13.930 that's also going to help us in choosing the correct report or creating the 133 05:13.930 --> 05:14.880 correct report. 134 05:14.880 --> 05:17.980 And another factor that ties into all this is what level of detail do we want 135 05:17.980 --> 05:18.640 to include. 136 05:18.640 --> 05:22.240 For example, an executive probably doesn't need a report with the individual 137 05:22.240 --> 05:24.320 MAC address, for example, 138 05:24.320 --> 05:27.000 of a device on the network that's having a problem. However, that same 139 05:27.000 --> 05:27.520 information, 140 05:27.520 --> 05:30.640 that MAC address might be really important for somebody who is, you know, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 140 05:27.520 --> 05:30.640 that MAC address might be really important for somebody who is, you know, 141 05:30.640 --> 05:31.520 working on an incident 142 05:31.520 --> 05:35.090 and troubleshooting and trying to find out or get to the root of a problem. So 143 05:35.090 --> 05:35.840 again, consider the 144 05:35.840 --> 05:39.960 audience regarding reports. And then one other consideration is the format. So 145 05:39.960 --> 05:40.400 we can have 146 05:40.400 --> 05:44.720 reports that are HTML based or PDF based, there's other options as well. So you 147 05:44.720 --> 05:45.840 just want to consider 148 05:45.840 --> 05:49.600 how the customer or the end user or the end person who's going to look at the 149 05:49.600 --> 05:50.080 report, 150 05:50.080 --> 05:53.180 how they're going to ingest that or consume that and make it easy for them to 151 05:53.180 --> 05:53.680 get to. 152 05:53.680 --> 05:57.440 And one other cool thing about reports is that if we have a report that we want 153 05:57.440 --> 05:58.240 run, for example, 154 05:58.240 --> 06:02.800 every week or every day, we can also automate that. And that way those reports WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 154 05:58.240 --> 06:02.800 every week or every day, we can also automate that. And that way those reports 155 06:02.800 --> 06:03.760 can be generated, 156 06:03.760 --> 06:07.360 we can have notifications sent out as well. And that way those reports are 157 06:07.360 --> 06:07.920 sitting there 158 06:07.920 --> 06:12.160 where we store them whenever they're needed. Sorry, help put automate slash 159 06:12.160 --> 06:13.440 schedule reports. 160 06:13.440 --> 06:17.040 So with this in mind, in the next video, let's take a look at the 40 analyzer 161 06:17.040 --> 06:17.760 and some of the 162 06:17.760 --> 06:22.980 pre built ready to rock reports that Fortinet has provided for us on the 40 163 06:22.980 --> 06:24.160 analyzer. So we'll do 164 06:24.160 --> 06:27.040 that in the next video. I'll see you there in just a moment.