Analysis Tab

The Analysis tab allows for historical reporting. Historical and vulnerability reports are published on a Crystal web server, these run directly against the Sentinel database. These reports can be useful to track and investigate activity over a large time frame, for instance a week or a month. These reports can also be used as a high level reporting method to your supervisors. If your reporting web server is installed, look in the navigator bar to see what reports are available.

NOTE: Your reports may be different, Sentinel Crystal Reports are "living" reports. They are under constant updating.

For example, if you are responsible for generating reports to upper management within your organization. Chances are you will run Source Destination Reports. These are Top 10 Source to Destination IP Pairs on hosts names, ports, IPs and users. To run this report, do the following:

To run a Crystal Report:

  1. Expand Top 10 and highlight Top 10 Source to Destination IP Pairs and click Create Reports (magnifying glass).

  2. Enter Sentinel Report User (for SQL authentication and Oracle) as the username or your Windows Authentication username and enter your password.

  3. Under Report Type, select one of the following:

NOTE: Other reports may have additional parameters such as resource name and severity range.

  1. Click OK. The following is a sample monthly report.

image\ebx_237713208.gif

  1. You can export this file as a Word, pdf, rtf, Excel or as a Crystal Report by clicking Export (envelope).

image\ebx_883424067.gif

Similar to the Security Analyst, if you have an event or events of interest within your reports, you can run an Event Query under the Analysis tab. To run a query, highlight Historical Events > Historical Event Queries and click Create Reports (magnifying glass). For more information, see section Event Query Sample Scenario.