WEBVTT 1 00:00.000 --> 00:02.520 I'd like to chat with you about managing reports, 2 00:02.520 --> 00:06.240 including how to schedule reports to happen automatically, 3 00:06.240 --> 00:07.760 based on when you want them to happen, 4 00:07.760 --> 00:10.920 and how we can modify the caching for reports. 5 00:10.920 --> 00:12.520 In the event we want to use that feature, 6 00:12.520 --> 00:13.600 so they run faster, 7 00:13.600 --> 00:16.120 and also how we can export a report and import it, 8 00:16.120 --> 00:18.600 because if we have four or five different administrative 9 00:18.600 --> 00:21.640 domains, the settings for the reports are unique 10 00:21.640 --> 00:23.680 to each of those administrative domains. 11 00:23.680 --> 00:26.120 So if you create a custom report or some other element 12 00:26.120 --> 00:28.680 and you want to move it to a different administrative 13 00:28.680 --> 00:31.800 domain, we need to export it from the domain it's in, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 13 00:28.680 --> 00:31.800 domain, we need to export it from the domain it's in, 14 00:31.800 --> 00:34.280 and then import it back to the domain we want it to be in. 15 00:34.280 --> 00:35.920 So let's head back to the 40 Analyzer, 16 00:35.920 --> 00:38.240 and I'd love to walk you through several of the options 17 00:38.240 --> 00:40.440 regarding working with and managing reports. 18 00:40.440 --> 00:42.960 All right, so back at the 40 Analyzer, 19 00:42.960 --> 00:45.280 we'll go on the left-hand side down to reports, 20 00:45.280 --> 00:46.960 and to report definitions. 21 00:46.960 --> 00:48.960 And let's go to one of our pre-built reports. 22 00:48.960 --> 00:51.360 In fact, let's go down to the SOC reports, 23 00:51.360 --> 00:54.600 and let's go to the 360 security review, 24 00:54.600 --> 00:56.360 and let's go and right-click on that, 25 00:56.360 --> 01:00.360 we'll clone it, and we'll call it our 360 security review, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 25 00:56.360 --> 01:00.360 we'll clone it, and we'll call it our 360 security review, 26 01:00.360 --> 01:01.560 and we'll click on OK. 27 01:01.560 --> 01:04.520 So here, for the settings, we can specify details. 28 01:04.520 --> 01:07.080 For example, the time period we want this to look at, 29 01:07.080 --> 01:09.800 which devices are included, and if we want to schedule it, 30 01:09.800 --> 01:10.720 here's how we do it. 31 01:10.720 --> 01:12.600 We're looking at the actual report itself, 32 01:12.600 --> 01:14.800 not the templates or any else that went into the reports, 33 01:14.800 --> 01:16.320 but they report itself. 34 01:16.320 --> 01:18.760 So if we want to schedule this right here in the details 35 01:18.760 --> 01:21.880 for editing our 360 degree security review, 36 01:21.880 --> 01:24.320 we'd click right here on Enable Schedule. 37 01:24.320 --> 01:26.520 So here we can specify the details for how often we want 38 01:26.520 --> 01:29.400 the report to generate, and we do it for us automatically. 39 01:29.400 --> 01:31.360 So if I said, for example, the start time, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 39 01:29.400 --> 01:31.360 So if I said, for example, the start time, 40 01:31.360 --> 01:32.880 it is the 11th today. 41 01:32.880 --> 01:34.000 And then she's determined the future, 42 01:34.000 --> 01:37.320 and I'll say 13, 15, and 0 seconds. 43 01:37.320 --> 01:38.920 And based on the current clock, 44 01:38.920 --> 01:40.400 that'll be in about a few minutes. 45 01:40.400 --> 01:41.760 Fantastic. 46 01:41.760 --> 01:43.400 And I'll specify the end time as tomorrow, 47 01:43.400 --> 01:45.240 and that way it'll run every hour. 48 01:45.240 --> 01:47.920 So at 1.15, it's going to begin creating reports, 49 01:47.920 --> 01:49.040 it'll do it every hour. 50 01:49.040 --> 01:51.360 And then once we reach 8.12, which is tomorrow's date, 51 01:51.360 --> 01:52.000 it'll stop. 52 01:52.000 --> 01:55.560 Also, once I scheduled it, it automatically enabled auto 53 01:55.560 --> 01:56.200 caching. 54 01:56.200 --> 01:59.080 And what auto caching does, it collects and builds effectively 55 01:59.080 --> 02:01.600 the queries and the data for that report, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 55 01:59.080 --> 02:01.600 the queries and the data for that report, 56 02:01.600 --> 02:04.920 and it does it in the background as that information comes in. 57 02:04.920 --> 02:07.280 So when we run the report, it runs much faster. 58 02:07.280 --> 02:09.720 So by default, anytime we schedule a report, 59 02:09.720 --> 02:12.200 it automatically enables auto cache for us. 60 02:12.200 --> 02:13.720 But if you don't want it, you can turn off, 61 02:13.720 --> 02:16.520 however, auto cache does make it run a little bit faster. 62 02:16.520 --> 02:18.360 We could also enable notifications, 63 02:18.360 --> 02:21.000 assuming you also set up profiles for the notifications, 64 02:21.000 --> 02:22.440 which is under advanced settings. 65 02:22.440 --> 02:24.080 And that way, the correct people 66 02:24.080 --> 02:26.600 can be notified once those reports are run. 67 02:26.600 --> 02:28.040 I haven't set up notifications yet, 68 02:28.040 --> 02:29.200 so I'm going to disable that. 69 02:29.200 --> 02:30.920 And then we could add filters to control WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 69 02:29.200 --> 02:30.920 And then we could add filters to control 70 02:30.920 --> 02:33.000 what information is included in our report. 71 02:33.000 --> 02:35.200 So if you want to add filters, you can click on the plus symbol, 72 02:35.200 --> 02:36.360 put in the parameters. 73 02:36.360 --> 02:39.400 And then you could say log messages that match all these 74 02:39.400 --> 02:40.880 or any of the following. 75 02:40.880 --> 02:42.080 So you're controlling what's actually 76 02:42.080 --> 02:43.440 being put into the report. 77 02:43.440 --> 02:45.360 And then we also have advanced settings. 78 02:45.360 --> 02:46.400 We scroll down here. 79 02:46.400 --> 02:49.080 We have options like the print orientation, and the layout, 80 02:49.080 --> 02:51.160 and so forth under the advanced settings. 81 02:51.160 --> 02:53.880 So I'm going to take the defaults for filters and advanced settings 82 02:53.880 --> 02:55.000 and click on apply. 83 02:55.000 --> 02:56.880 Or in fact, because we created this ourselves, 84 02:56.880 --> 02:59.320 we could also go to the editor and tweak it here. 85 02:59.320 --> 03:02.720 So here I'll put our tweaks added and then click on apply. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 85 02:59.320 --> 03:02.720 So here I'll put our tweaks added and then click on apply. 86 03:02.720 --> 03:06.120 So if we click on return, and I'll go ahead and do a search for hour, 87 03:06.120 --> 03:09.960 and there's hour 360 security review, I'll go ahead and right click on that. 88 03:09.960 --> 03:12.280 And let's go ahead and run it. 89 03:12.280 --> 03:13.920 So let's generate a report. 90 03:13.920 --> 03:16.400 So we could double click here, and it would show us all the reports 91 03:16.400 --> 03:18.120 that were run regarding that. 92 03:18.120 --> 03:22.000 Or we could go to generate reports, and this will show us all of our reports. 93 03:22.000 --> 03:23.360 So here I have two reports. 94 03:23.360 --> 03:24.920 So I've got this one, and this one. 95 03:24.920 --> 03:27.680 One of them was because we manually ran the report. 96 03:27.680 --> 03:30.280 And the other was because I had scheduled it every hour. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 96 03:27.680 --> 03:30.280 And the other was because I had scheduled it every hour. 97 03:30.280 --> 03:32.240 And here in a moment, they will both be ready. 98 03:32.240 --> 03:33.240 And there it is. 99 03:33.240 --> 03:34.400 So here's that report right here. 100 03:34.400 --> 03:38.000 If we click on HTML, it'll open up a new tab, and there is our report. 101 03:38.000 --> 03:39.960 So if we go back to our report definitions, 102 03:39.960 --> 03:42.560 so there's only customized right there, we double click on it. 103 03:42.560 --> 03:44.200 Here, showing us that it was run twice. 104 03:44.200 --> 03:47.360 So one of them was because we manually ran it, 105 03:47.360 --> 03:50.480 and the other one was because we told it to run every hour. 106 03:50.480 --> 03:52.640 So effectively, they should both have the same information in them. 107 03:52.640 --> 03:55.160 So if we click on HTML, here are the details. 108 03:55.160 --> 03:56.960 And let's see if we have any incidents as well. 109 03:56.960 --> 03:58.280 So we've got an instance. 110 03:58.280 --> 03:59.520 Sure enough, we have this incident right here. 111 03:59.520 --> 04:02.440 So let's imagine that report was relevant to this incident. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 111 03:59.520 --> 04:02.440 So let's imagine that report was relevant to this incident. 112 04:02.440 --> 04:03.520 We could right click here. 113 04:03.520 --> 04:04.920 And let's take a look and see if we have an instance. 114 04:04.920 --> 04:05.720 Sure enough, we have an instance. 115 04:05.720 --> 04:08.640 So if we go back to that report and then we generate reports, 116 04:08.640 --> 04:12.360 we could right click on one of these and add that to an existing incident. 117 04:12.360 --> 04:15.320 So it would be nice and easily available as part of that incident report. 118 04:15.320 --> 04:17.560 So we'll click add to existing incident. 119 04:17.560 --> 04:20.720 We only have one, there it is, I'll select it, click on OK, 120 04:20.720 --> 04:22.040 and now it's part of that incident. 121 04:22.040 --> 04:24.720 Or if we had a report that was run and after looking at it, 122 04:24.720 --> 04:27.640 we wanted to create an incident, we could right click on a report, 123 04:27.640 --> 04:31.080 and then create a new incident from here, put in the details, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 123 04:27.640 --> 04:31.080 and then create a new incident from here, put in the details, 124 04:31.080 --> 04:32.920 and that report would be associated with it as well. 125 04:32.920 --> 04:35.000 So I'll cancel that, we don't need a second incident. 126 04:35.000 --> 04:37.360 And as far as notifications when reports are generated, 127 04:37.360 --> 04:39.800 let's take a look at advanced settings and the reports. 128 04:39.800 --> 04:43.000 So here is a calendar showing our report starting to be generated. 129 04:43.000 --> 04:45.920 We figured an output profile, currently I don't have one, 130 04:45.920 --> 04:47.320 if we click on Create New. 131 04:47.320 --> 04:49.080 So here on the output profile, if we wanted to, 132 04:49.080 --> 04:52.840 we could have those reports emailed to the respective parties that need to 133 04:52.840 --> 04:53.440 receive them. 134 04:53.440 --> 04:57.020 Now if they're super sensitive, we might want to be sure we're not saying these 135 04:57.020 --> 04:57.480 emails 136 04:57.480 --> 05:01.360 with these reports to email addresses outside the company. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 136 04:57.480 --> 05:01.360 with these reports to email addresses outside the company. 137 05:01.360 --> 05:04.080 So we'd want to be very careful about who we're saying these reports to. 138 05:04.080 --> 05:08.600 And as far as email servers, we'd set that up under system settings, advanced, 139 05:08.600 --> 05:12.080 and then go to mail server, and then we put in the details for our email server 140 05:12.080 --> 05:16.360 that could be used to forward out those email messages with the reports. 141 05:16.360 --> 05:17.880 Now another interesting note is this, 142 05:17.880 --> 05:21.560 let's imagine we're working with a report, and it's going to report definitions 143 05:21.560 --> 05:21.560 , 144 05:21.560 --> 05:25.400 and let's go down to our SOC reports, and let's go and grab this one right here 145 05:25.400 --> 05:25.400 , 146 05:25.400 --> 05:27.960 our 360 degree security review. 147 05:27.960 --> 05:31.070 This one because it was cloned and created and edited here in this WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 147 05:27.960 --> 05:31.070 This one because it was cloned and created and edited here in this 148 05:31.070 --> 05:31.960 administrative domain, 149 05:31.960 --> 05:35.360 which is the root ADOM, it doesn't exist in the other ADOM. 150 05:35.360 --> 05:38.560 So if we wanted to bring it over there, we could export it here, 151 05:38.560 --> 05:40.360 and then import it on the other side. 152 05:40.360 --> 05:42.840 As an example of that, we could right click from the dropdown, 153 05:42.840 --> 05:44.840 we could go ahead and click on export. 154 05:44.840 --> 05:47.000 By default, these dependent settings like subnets, 155 05:47.000 --> 05:49.320 LDAP server output profile and email are not included, 156 05:49.320 --> 05:51.040 but if we wanted to include them, we could. 157 05:51.040 --> 05:52.880 Currently, I don't have the setup, so it won't matter too much, 158 05:52.880 --> 05:55.120 so I'm going to disable them, and then we click on OK. 159 05:55.120 --> 05:56.280 We've just exported that. 160 05:56.280 --> 05:58.880 Now on my computer, it's asking me to go ahead 161 05:58.880 --> 06:00.680 and choose the location where I'm going to store that. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 161 05:58.880 --> 06:00.680 and choose the location where I'm going to store that. 162 06:00.680 --> 06:03.240 So I'm going to put in my downloads folder, I'll save that. 163 06:03.240 --> 06:06.400 And then what we could do is we could go to the other ADOM, for example, 164 06:06.400 --> 06:08.880 we'll go to our BR1-ADOM. 165 06:08.880 --> 06:11.040 And then with the all reports tab selected here, 166 06:11.040 --> 06:14.600 in this BR1-ADOM, we can go to more, and then click on import. 167 06:14.600 --> 06:17.240 I then go ahead and drag and drop that file 168 06:17.240 --> 06:19.560 that it conveniently put in my downloads folder, 169 06:19.560 --> 06:22.680 because that's where I told it, so I'll drag it over here, click on OK, 170 06:22.680 --> 06:24.800 and that will import it into this ADOM. 171 06:24.800 --> 06:29.200 So now if we scroll down, there's our 360 degree security review right there. 172 06:29.200 --> 06:32.120 So if we run this report, I'll go ahead and say run report. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 172 06:29.200 --> 06:32.120 So if we run this report, I'll go ahead and say run report. 173 06:32.120 --> 06:35.080 Then we double click here, it'll show us the reports matching that, 174 06:35.080 --> 06:37.040 or we could get it to generate reports, 175 06:37.040 --> 06:38.880 and it should show up here in just a moment. 176 06:38.880 --> 06:41.520 And there it is, and in a moment it'll be done. 177 06:41.520 --> 06:43.720 And I'm not sure how much data we have 178 06:43.720 --> 06:46.800 that's been logged to the ADOM called BR1-ADOM, 179 06:46.800 --> 06:48.160 but we're about to find out. 180 06:48.160 --> 06:53.420 So I'll click here on HTML, and yeah, we had some traffic for this calendar 181 06:53.420 --> 06:53.720 year. 182 06:53.720 --> 06:56.610 And that other ADOM, I think, had the branch office over there for maybe an 183 06:56.610 --> 06:57.280 hour or two. 184 06:57.280 --> 07:00.800 So this is showing us the application visibility and control information, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 184 06:57.280 --> 07:00.800 So this is showing us the application visibility and control information, 185 07:00.800 --> 07:03.760 and we scroll down, here's the application categories, 186 07:03.760 --> 07:06.040 and web application, fantastic. 187 07:06.040 --> 07:09.190 Also, another interesting aspect regarding these reports that are being 188 07:09.190 --> 07:09.680 generated, 189 07:09.680 --> 07:13.920 if it's taking a lot of energy, a lot of CPU resources to crank these out, 190 07:13.920 --> 07:17.040 we can also take a look at the diagnostics. 191 07:17.040 --> 07:20.840 From the 4D Analyzer perspective, regarding a report that was generated. 192 07:20.840 --> 07:24.540 So back at the 4D Analyzer, under reports and generated reports, if we right 193 07:24.540 --> 07:25.120 click here, 194 07:25.120 --> 07:28.360 one of the options is to retrieve diagnostic. 195 07:28.360 --> 07:31.920 So if we click on retrieve diagnostic, it's going to ask us to save this WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 195 07:28.360 --> 07:31.920 So if we click on retrieve diagnostic, it's going to ask us to save this 196 07:31.920 --> 07:33.200 locally on our computer. 197 07:33.200 --> 07:36.440 So I'll go ahead and save it locally, my downloads folder. 198 07:36.440 --> 07:40.920 Then I'm going to open it up, and here's the content of that log file. 199 07:40.920 --> 07:43.440 So there's a report name, there's when it was generated, 200 07:43.440 --> 07:46.240 here's the administrative domain, there's the date range it covered, 201 07:46.240 --> 07:49.080 here's the number of charts that were involved, and there's 32 of them. 202 07:49.080 --> 07:52.600 So we'll scroll down through that list, and it was including all the devices, 203 07:52.600 --> 07:55.240 and AutoCached was enabled for that report. 204 07:55.240 --> 07:58.380 And as we continue to scroll down, we have the quota summary and storage 205 07:58.380 --> 07:58.800 summary, 206 07:58.800 --> 08:01.760 and this would be for that specific administrative domain it came from. WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 206 07:58.800 --> 08:01.760 and this would be for that specific administrative domain it came from. 207 08:01.760 --> 08:04.200 And here's the version of the 4D Analyzer, it's serial number, 208 08:04.200 --> 08:07.080 and system performance information when that report was run. 209 08:07.080 --> 08:10.650 So in the event we have a report that takes a ton of CPU or has another issue 210 08:10.650 --> 08:11.200 with it, 211 08:11.200 --> 08:14.840 the diagnostics is a great tool to help dig down into what's happening. 212 08:14.840 --> 08:18.560 Think of it like a black box recorder for an airplane with all the nitty-gritty 213 08:18.560 --> 08:19.600 details, 214 08:19.600 --> 08:22.880 regarding that date and time and that moment when that report was generated. 215 08:22.880 --> 08:26.920 Now because the original report had caching enabled in the previous ADOM, 216 08:26.920 --> 08:29.600 we did the export and import to go back here, 217 08:29.600 --> 08:32.560 and here's our 360-degree security review, we'll double click on it, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 217 08:29.600 --> 08:32.560 and here's our 360-degree security review, we'll double click on it, 218 08:32.560 --> 08:35.720 and we'll click on settings, sure enough the AutoCached is still enabled. 219 08:35.720 --> 08:39.560 And once again, that's because the caching was enabled on the original report 220 08:39.560 --> 08:42.280 when we did the export, so the caching is enabled here as well. 221 08:42.280 --> 08:47.490 Also notice that the schedule is also intact here in this new ADOM based on the 222 08:47.490 --> 08:47.920 import. 223 08:47.920 --> 08:50.040 So to clean this up because I don't want that to run every hour, 224 08:50.040 --> 08:51.840 I'm going to go ahead and not schedule it. 225 08:51.840 --> 08:55.440 I'm going to leave the AutoCached enabled to click on Apply, 226 08:55.440 --> 08:58.360 and do the same thing over in the root ADOM. 227 08:58.360 --> 09:01.760 By going to the root ADOM by clicking here, going to the root ADOM, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 227 08:58.360 --> 09:01.760 By going to the root ADOM by clicking here, going to the root ADOM, 228 09:01.760 --> 09:06.120 and going into report and report definitions, and under SOCK reports, 229 09:06.120 --> 09:08.400 because that's where we cloned it before we started working with it, 230 09:08.400 --> 09:12.780 there's our 360-degree security review right there, we'll right click, click on 231 09:12.780 --> 09:13.080 edit, 232 09:13.080 --> 09:15.800 and then here under settings we'll specify we don't want to schedule it every 233 09:15.800 --> 09:16.160 hour, 234 09:16.160 --> 09:18.880 click Apply, and that way it won't run every hour. 235 09:18.880 --> 09:21.360 And again, if we want to see the generated reports all together, 236 09:21.360 --> 09:25.440 we can specify that by clicking on generated reports, 237 09:25.440 --> 09:27.000 and then specifying how far back we want to look. 238 09:27.000 --> 09:30.800 So if we want to look for example, the last seven days, WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 238 09:27.000 --> 09:30.800 So if we want to look for example, the last seven days, 239 09:30.800 --> 09:34.680 all these reports, it looks like they were all run today, 240 09:34.680 --> 09:36.000 so they're all still showing up. 241 09:36.000 --> 09:37.800 But if you had like hundreds of reports, 242 09:37.800 --> 09:40.520 you could sort based on how far back you want to go.