I have my server logs SIEM dragon set up as follows:
1. I have multiple devices configured to send logs to my server logs (SIEM Dragon); Log Sources from different customers.
2. I created a group for each customer (Log Source Groups) and I have grouped the corresponding devices.
3. Likewise, I created groups of network hierarchy, rule groups and building blocks for each customers; SIEM is generating me offenses correctly for each of them.
Database Settings
Offense Retention Period: 1año
The problem I have is that I can not generate a report for each group or customers (Log Source Group).
The model or template that resembles what I'm looking to do is "Source Summary Offense" but monthly not daily.
Example: ACUNTIA TABLA MONTHLY_ Offense Source Summary
CUATRECASAS TABLA MONTHLY_ Offense Source Summary
ORGT TABLA MONTHLY_ Offense Source Summary
I edited the template and tried to apply a filter for the Log Source Group of each client, but I cannot get it.
Could you help me.
How I can get a report for a specific group of log Source (customers)?
Thank you very much
Diego Cuaran
COS Acuntia