When accessed from the Report menu, the Summary Report can be configured to display results for a user-defined time range and Zones of your choice. When accessed from the Jobs Status menu, the Summary Report can be limited to Jobs you've selected.
Filter Options
When you first open the Summary Report, it defaults to all zones for all (non-scan) Actions ever run. To change the data contained in the report, update the filters. Each time you update the filters there is a small pause while the data is populated. If you realize you need to change the filter while it is loading, adjust the time range and/or zones and click Update Filter to cancel the previous query and start a new one.
NOTE: If you configure your filter, this new configuration becomes the default when you use the same browser; Reset Filter will return the filter to the default dimensions for all dates and zones and will automatically reload the report.
IMPORTANT: When you use the Zone filter, you may still see other Zones. The filter looks for the Zone you selected in both the source and destination, and includes the other Zones that are part of those Job Actions.
To add a filter
- Click Expand to see the available filter options.
Click in the Time Range area and select a time range.
If there is a defined time range already, you must delete it first.
Click in the Zones area and select the zones you want. Delete any zones that you no longer want to use.
- Click Update Filter.
Summary Report filter options
Viewing the Summary Report for specific Jobs
When you want to view the Summary Report for one or more specific Jobs, you start from the Jobs Status page. This allows you to filter the Jobs and then select the Jobs you are interested in. The Job number and Title will be listed at the top of the Summary Report.
To Create a Summary Report for specific Jobs
- Go to Jobs > Job Status.
Click the Jobs selection menu > Show/Hide.
NOTE: If you select Summary Report here without selecting any Jobs, the Summary Report displays and includes all Job results.
Identify the Jobs you want to include in the report (by filtering or changing which Jobs are displayed) and select them.
NOTE: You can select Jobs across pages. This includes selecting a Job on one page, using the page arrows to advanced to another page, and then Shift +clicking on a Job to select all Jobs in between.
NOTE: Jobs you select remain selected even if you change your filter and they are no longer displayed.
- Click the Jobs selection menu > Job Summary Report.
Jobs Status page showing Job Summary Report in the Jobs selection menu
- Review the Summary Report, which only includes the results of the selected Jobs. If you want to add or remove Jobs, type the Job numbers in and click Update Report.
Summary Report for Job selection
Interactive Features in the Summary Report
As you are reviewing the report, you can also interact with the data, as briefly discussed and displayed in the graphics in the previous section. Mouse-over behavior in the charts allows you to view the counts and percentages when viewing the chart. In the final section, you can also hide specific data to focus on the information you are most interested in.
Exporting the Summary Report
The Summary report can be exported as a PDF. The PDF will be in Portrait mode and includes the entire report. The PDF prints correctly regardless of the zoom configuration of the browser window.
In addition to exporting the entire Summary Report, you can export the separate report graphics to be integrated into external reports. The graphics are exported as PNG files and have transparent backgrounds.
Summary Report Findings
Now that you have a basic understanding of the information contained in the report, how do you actually use it? The Results snapshot can give you some high-level ideas.
Result Snapshot of Actions Run
- The Blocked and Detected graphs immediately show you where policy tuning opportunities exist.
- The Low % of alerts in the Alerted chart may indicate the following:
- Potential lack of parity for logging sources
- Potential correlation rule configuration issues in your SIEM
Going into the next sections of charts will help pinpoint specific opportunities to improve. You could look at the Business Zone graphs first to help identify the defenses associated with a given zone or business function.
Summary Pass/Fail Percentage & Field Analysis Charts
The Summary Pass/Fail chart shows that the External Cloud zone is underperforming.
- Using the line chart embedded in the chart, which represents the total number Actions run, you quickly see that Desktop Users and Testing Zones are not being tested comprehensively - or in the case of the Testing zone, at all.
- The Pass/Fail Field Analysis further illustrates these points, clearly identifying how many Actions were run and their pass/fail rates.
Analysis Prevented, Detected, & Alerted chart
The ability to hide columns in the Protected, Detected, Alerted chart also helps you clearly see issues and areas that are doing well:
- Only in the East Zone are the majority of the Actions producing Events that are also being correlated into Alerts in the SIEM.
- If you look at the Internet Zone, you can clearly recognize that there are opportunities to create/tune policies so more of the Actions are Alerted on.
If your company is more focused on the stages of the kill chain, you can focus on that set of charts.
Stages of Attack charts
Looking at Recon, you can see that there are deficiencies and that it could benefit from additional testing, as well as defensive tuning.
- This could also be indicative of other deficiencies in visibility, as seen in the Alerting Chart
- The Pass/Fail chart emphasizes that there is not a lot of testing occurring for Exploitation and Execution
You can also make these assessments for Attack Behaviors and Attack Vectors.
Detect, Prevent, Alert Stages of Attack Chart
Beyond being able to identify opportunities for improvement, you can also use this report to quantitatively demonstrate that the work you are completing improves the company's security posture. Since you can adjust the report's time range, you can quickly show a comparison of before and after changes are made. These data points allow you to show a measurable improvement.