SIEM Dragon 7.7.2 Patch 2 Offenses and Reports

  • 0
  • 1
  • Problem
  • Updated 4 years ago
  • In Progress
I have my server logs SIEM dragon set up as follows:

1. I have multiple devices configured to send logs to my server logs (SIEM Dragon); Log Sources from different customers.



2. I created a group for each customer (Log Source Groups) and I have grouped the corresponding devices.



3. Likewise, I created groups of network hierarchy, rule groups and building blocks for each customers; SIEM is generating me offenses correctly for each of them.

    Database Settings
        Offense Retention Period: 1año

The problem I have is that I can not generate a report for each group or customers (Log Source Group).
The model or template that resembles what I'm looking to do is "Source Summary Offense" but monthly not daily.

Example:     ACUNTIA TABLA MONTHLY_ Offense Source Summary
            CUATRECASAS TABLA MONTHLY_ Offense Source Summary
            ORGT TABLA MONTHLY_ Offense Source Summary

I edited the template and tried to apply a filter for the Log Source Group of each client, but I cannot get it.
    
Could you help me.
How I can get a report for a specific group of log Source (customers)?


Thank you very much


Diego Cuaran
COS Acuntia

Photo of cos

cos

  • 212 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1

Be the first to post a reply!