Rule Analytics Report

Overview

The Rule Analytics report displays rules and rule KPIs based on the search and the selected device. The search feature uses the SecureTrack Rule Viewer TQL that you paste into the report.

In HTML report outputs, if the number of rules is greater than 100, the report will display the first 100 rules, and an additional 100 rules will be incrementally added as you scroll down the report.

In PDF report outputs, the report output is limited to 1,000 rules.

What Can I See Here?

General Information

The General Information section includes details such as the report ID, name, time, and the TQL string.

Overview

This section shows the total number of rules with permissiveness and critical violations metrics.

Cleanup

This section shows the total number of rules with metrics such as Fully Shadowed, No Comment, and No Hits.

Rules

The rule cards show all information for rules resulting from the TQL search.

Create a Rule Analytics Report

Prerequisites

• In the Settings > General page, the administrator must configure the outgoing SMTP server and the remote repository.

Procedure

1. From the Create () menu, click Rule Analytics.

   The Setup page for the report appears.

   

2. Complete the report fields:

   • General: Report name.

   • Domains and Devices: Select a domain and one or more devices or device groups.

   • Search: Copy the Rule Viewer TQL into the search bar. Do not include a device or domain in the TQL, as they will be taken from Domains and Devices fields.

   • Export Report:

     • Email: Specify the recipients for notification emails. Press Tab or Enter to separate multiple email addresses.

       The email message contains a link to the report in STRE. Reports can be generated as PDF or CSV files, and you can select either option or both (if enabled) to include in the email as an attachment. If the report file is larger than 4 MB, the attachment is compressed as a .zip file.

     • Remote Repository: STRE can export reports using SFTP. Specify the report format - PDF or CSV.

       If the report finished successfully, you can verify that the new files appear in the Reports Folder path, in the remote repository, configured by your administrator (see Send Reports Using SFTP).

   • Schedule: Configure the following:
     • Repeats: Select the frequency by which the report should run. Options include Daily, Weekly, and Monthly.
     • Days of the week: Select one or more days on which the report should run.
     • Time: Indicate the time at which the report should run.

3. Click one of the following:

   : Saves the report. The Saved menu lists all saved and scheduled reports.

   : Runs the report. After a report runs, you can view the results in the Repo menu.

Available Report Formats

When viewing the report output, use the Export menu to save the report data.

You can save the data for this report as a CSV file or PDF output file.

• The CSV export option is useful when you want to create your own reports based on the specific data from the report configuration.

• When you select PDF, check the Export menu again for the PDF is ready status and click the link to view the PDF output. The PDF output has been redesigned and is now saved as a document file.