Step 5 (optional). Importing a preconfigured report to RSA NetWitness
April 11, 2024
ID 167814
This section explains how to import a preconfigured report to RSA NetWitness. To learn how to create a report manually, see the section about creating and viewing reports in RSA NetWitness.
This step requires the importing Kaspersky CyberTrace Service rules step to be completed.
The distribution kit contains the CyberTrace_Reports.zip file. This file contains a preconfigured report, CyberTrace Report.
The CyberTrace Report report contains the following data:
- Detection statistics during the last 24 hours
- Statistics on users who issued detection events during the last 24 hours
- Top 10 URLs, Top 10 IP addresses, and Top 10 Hashes during the last 24 hours
You can import this file in the same way that you import the CyberTrace_Rules.zip file (which contains rules). After the report is imported, you must specify the data source.
To specify the data source for the "CyberTrace Report" report:
- On the RSA NetWitness menu, select Dashboard > Reports. (In RSA NetWitness 11, select Monitor > Reports.)
The Manage tab is displayed.
- Click Reports.
The Reports view is displayed.
- In the Reports view, in the Actions column, click the Settings split button (
) for the CyberTrace Reportreport, and then select Schedule Report.The Schedule Report form appears.
- In the Schedule Report form, specify the following data:
- Schedule name
- Data source (database from the NetWitness Platform DB drop-down list)
Select either the Concentrator that receives events from Kaspersky CyberTrace Service or the Log Decoder that stores events from Kaspersky CyberTrace Service.
- Click the Schedule button.
