WEBVTT

1
00:00.000 --> 00:03.720
In this video, I'd like to walk you through working with charts.

2
00:03.720 --> 00:08.440
And we could use one of the many predefined charts as part of our templates and

3
00:08.440 --> 00:08.840
reports,

4
00:08.840 --> 00:11.040
or we could create our own charts as well.

5
00:11.040 --> 00:14.610
So we'll go down to the 40 Analyzer and let me walk you through working with

6
00:14.610 --> 00:15.040
charts.

7
00:15.040 --> 00:16.040
And here we go.

8
00:16.040 --> 00:19.680
So back at the 40 Analyzer on the left-hand side, we'll go down to reports.

9
00:19.680 --> 00:21.680
We'll click on report definitions.

10
00:21.680 --> 00:25.200
And then we'll choose this tab right here called the chart library.

11
00:25.200 --> 00:29.880
So in the bottom right-hand corner, showing as of this recording that we have 1

12
00:29.880 --> 00:31.240
,809 charts
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

12
00:29.880 --> 00:31.240
,809 charts

13
00:31.240 --> 00:35.840
to pull from, so we probably don't need to create any new custom charts.

14
00:35.840 --> 00:40.600
However, if we did, we can, or we could take one of our charts, clone it, and

15
00:40.600 --> 00:40.880
then go

16
00:40.880 --> 00:44.040
ahead and start editing and tweaking that chart.

17
00:44.040 --> 00:45.520
So let's grab one of the existing charts.

18
00:45.520 --> 00:50.490
In fact, we can do a few options and say, just show the built-in ones or the

19
00:50.490 --> 00:51.920
ForteGuard ones

20
00:51.920 --> 00:53.560
and not show you the customer vice versa.

21
00:53.560 --> 00:58.360
So currently we don't have any custom charts, so this should be empty.

22
00:58.360 --> 01:01.000
And we do have some built-in and ForteGuard charts.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

22
00:58.360 --> 01:01.000
And we do have some built-in and ForteGuard charts.

23
01:01.000 --> 01:02.000
And there they are.

24
01:02.000 --> 01:05.060
So let's put a filter in place and I'm going to put in the search filter up

25
01:05.060 --> 01:05.440
here.

26
01:05.440 --> 01:08.760
I'm going to type in avoidance, press enter.

27
01:08.760 --> 01:09.920
And there's no charts.

28
01:09.920 --> 01:11.920
By default, they have the word avoidance in them.

29
01:11.920 --> 01:14.000
So let's just grab an existing chart.

30
01:14.000 --> 01:15.000
How about this right here?

31
01:15.000 --> 01:18.520
360 degree, threats, detection, and prevention.

32
01:18.520 --> 01:19.520
So we'll double click on that.

33
01:19.520 --> 01:21.200
And here are the details for that chart.

34
01:21.200 --> 01:24.600
It's also showing us a preview with sample data.

35
01:24.600 --> 01:27.950
But the cool thing is this, if you wanted to see based on your current SQL

36
01:27.950 --> 01:28.680
database,

37
01:28.680 --> 01:32.690
some of the real data and verify that it can be populated here, what we could
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

37
01:28.680 --> 01:32.690
some of the real data and verify that it can be populated here, what we could

38
01:32.690 --> 01:33.240
do is instead

39
01:33.240 --> 01:36.310
of going to sample data, go to real data, and then specify, I'm going to

40
01:36.310 --> 01:36.920
specify for

41
01:36.920 --> 01:40.280
this demo this entire year.

42
01:40.280 --> 01:42.390
And then we'll include everything, including stuff I might have done three or

43
01:42.390 --> 01:42.760
four weeks

44
01:42.760 --> 01:43.760
ago.

45
01:43.760 --> 01:46.520
And then I'll click on go to retrieve that.

46
01:46.520 --> 01:49.360
And we'll see if we have any data that is populated here.

47
01:49.360 --> 01:50.360
Fantastic.

48
01:50.360 --> 01:54.490
So this is my actual graphic here, this chart based on my real data, critical

49
01:54.490 --> 01:55.400
and high intrusion

50
01:55.400 --> 01:58.840
attacks, malware and botnet, and malicious and phishing.

51
01:58.840 --> 02:00.400
So I'm going to go ahead and close that.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

51
01:58.840 --> 02:00.400
So I'm going to go ahead and close that.

52
02:00.400 --> 02:02.640
And we'll walk you through creating your own custom chart.

53
02:02.640 --> 02:07.120
So to do that with the chart library tab selected here, we can click on create

54
02:07.120 --> 02:07.680
new to create

55
02:07.680 --> 02:08.680
a new chart.

56
02:08.680 --> 02:11.160
And let's call this our proxy avoidance chart.

57
02:11.160 --> 02:14.410
And then for the data set, because that's what's going to use to pull the data

58
02:14.410 --> 02:14.560
in, we

59
02:14.560 --> 02:18.480
actually made a custom data set looking for proxy avoidance.

60
02:18.480 --> 02:19.640
So we can go ahead and use that.

61
02:19.640 --> 02:23.240
So it's right here, I just put in proxies and filter our data set looking for

62
02:23.240 --> 02:24.400
proxy avoidance.

63
02:24.400 --> 02:29.360
And then for the type, we can specify table, bar, pie, line, area, et cetera.

64
02:29.360 --> 02:31.560
So let me go ahead and just do a table.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

64
02:29.360 --> 02:31.560
So let me go ahead and just do a table.

65
02:31.560 --> 02:34.160
And then over here, what we could do is we want to test it.

66
02:34.160 --> 02:37.120
We could instead of using sample data, say I want to use real data.

67
02:37.120 --> 02:41.040
And then I'm going to specify for this year, stuff like that.

68
02:41.040 --> 02:42.240
And we'll click on go.

69
02:42.240 --> 02:46.080
And sure enough, that means our data set, which we already tested is working.

70
02:46.080 --> 02:48.920
And it can be included as part of this chart here.

71
02:48.920 --> 02:52.680
Our proxy avoidance chart, and in this working, we also play around with the

72
02:52.680 --> 02:53.400
various types.

73
02:53.400 --> 02:56.280
So table, bar, pie, line, et cetera.

74
02:56.280 --> 02:59.360
And make sure we have the type of output in this chart that we want.

75
02:59.360 --> 03:03.180
And then for the columns, we have source IP, host name, and category
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

75
02:59.360 --> 03:03.180
And then for the columns, we have source IP, host name, and category

76
03:03.180 --> 03:04.160
description.

77
03:04.160 --> 03:08.360
And those are based on the data set as far as what data is being pulled in.

78
03:08.360 --> 03:09.680
So we'll click on OK.

79
03:09.680 --> 03:12.880
And then let's go to view options and we'll just look at the custom chart

80
03:12.880 --> 03:13.480
library.

81
03:13.480 --> 03:14.520
And there it is.

82
03:14.520 --> 03:18.480
So our proxy avoidance chart is leveraging our custom data set.

83
03:18.480 --> 03:22.780
So if we ran a report, in fact, let's go to all reports and we just go ahead

84
03:22.780 --> 03:23.280
and use

85
03:23.280 --> 03:24.800
the dropdown, create new.

86
03:24.800 --> 03:27.440
We'll call that test proxy avoidance report.

87
03:27.440 --> 03:30.440
And we haven't created a template yet, so we can't pull from a template.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

87
03:27.440 --> 03:30.440
And we haven't created a template yet, so we can't pull from a template.

88
03:30.440 --> 03:33.000
However, we could just go ahead and click on OK.

89
03:33.000 --> 03:36.480
And that would give us an opportunity to change the settings for the report.

90
03:36.480 --> 03:38.680
For example, how far do we want to go back?

91
03:38.680 --> 03:42.440
So I'll say this year, we could also schedule this to run periodically.

92
03:42.440 --> 03:46.650
We can enable notifications and also enable the auto cache, which would make it

93
03:46.650 --> 03:47.240
run faster

94
03:47.240 --> 03:50.640
than having to dynamically pull all the data at the time the report is run.

95
03:50.640 --> 03:54.600
Think of auto cache as a preemptive way to speed up reports, although it is

96
03:54.600 --> 03:54.840
going to

97
03:54.840 --> 03:57.440
take some additional CPU on our 40 analyzer.

98
03:57.440 --> 04:00.790
So if we go to editor here and currently because we didn't pull from a template
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

98
03:57.440 --> 04:00.790
So if we go to editor here and currently because we didn't pull from a template

99
04:00.790 --> 04:00.960
, we

100
04:00.960 --> 04:05.660
don't have anything as far as the output here, let's go ahead and insert a new

101
04:05.660 --> 04:06.360
chart.

102
04:06.360 --> 04:09.400
So we'll click right here on the insert chart icon.

103
04:09.400 --> 04:11.640
And then after a moment here, it's going to prompt us for which one.

104
04:11.640 --> 04:14.240
So let's go ahead and use the dropdown.

105
04:14.240 --> 04:15.880
I think the word hour was in it.

106
04:15.880 --> 04:18.960
So we scroll down, there's our proxy avoidance chart.

107
04:18.960 --> 04:21.400
We'll select that and we'll click on OK.

108
04:21.400 --> 04:22.800
So it's going to be a little boring.

109
04:22.800 --> 04:27.120
We'll have one little table here that we're now including in this new custom

110
04:27.120 --> 04:27.520
reports.

111
04:27.520 --> 04:29.920
We'll click on apply and then we'll click on return.

112
04:29.920 --> 04:32.640
And then for the reports here, I'm going to click on hour.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

112
04:29.920 --> 04:32.640
And then for the reports here, I'm going to click on hour.

113
04:32.640 --> 04:34.480
And I guess it didn't put an hour in that.

114
04:34.480 --> 04:36.040
Let me go ahead and type in proxy.

115
04:36.040 --> 04:36.960
And there it is.

116
04:36.960 --> 04:38.560
Test proxy avoidance report.

117
04:38.560 --> 04:39.400
That's when we just made.

118
04:39.400 --> 04:42.920
So we can select that right click and go ahead and simply run the report.

119
04:42.920 --> 04:44.240
So in the background, it's running.

120
04:44.240 --> 04:46.000
We could go to generated reports.

121
04:46.000 --> 04:47.000
It's being run right here.

122
04:47.000 --> 04:47.960
It's not quite done yet.

123
04:47.960 --> 04:52.360
We could also go to report definitions and go down to that section for test

124
04:52.360 --> 04:53.240
proxy avoidance

125
04:53.240 --> 04:54.840
report, double click there.

126
04:54.840 --> 04:59.000
And it will show us any reports that have been generated based on that report.

127
04:59.000 --> 05:00.000
So here it is.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000

127
04:59.000 --> 05:00.000
So here it is.

128
05:00.000 --> 05:03.560
If we click on HTML, it opens up a new tab.

129
05:03.560 --> 05:07.400
And there is our one chart based on what we asked for in that report.

130
05:07.400 --> 05:08.880
So let me go ahead and close that tab.

131
05:08.880 --> 05:10.440
We'll go back to the 40 analyzer.

132
05:10.440 --> 05:13.070
So in the next video, I'd like to walk you through once again creating a report

133
05:13.070 --> 05:13.280
.

134
05:13.280 --> 05:17.590
But this time we'll do a custom report based on a custom template that can

135
05:17.590 --> 05:18.440
include a lot

136
05:18.440 --> 05:20.560
of the ingredients we built up to this point.

137
05:20.560 --> 05:23.730
So I'll see you in the next video as we take a look at custom reports and

138
05:23.730 --> 05:24.320
templates.