The Summary Report focuses on destination zones, which are the zones that the Job Action targets appeared in. The report includes all Actions (Network and Endpoint) except Actions categorized as Scanning. You can see an overview of what Actions ran in the environment, pass/fail results, and analysis of how the defensive stack performed. Reading and working through the report from top to bottom provides the foundational insight to put an information security program on the path to improvement.
Host CLI Actions that have resulted in an Incompatible status are not included in reports.
To access the Summary Report, go to Analyze > Summary Report. Alternatively, to create a Summary Report for specific Jobs, go to Jobs > Job Status and select JOB SUMMARY REPORT from the Jobs Actions dropdown.
Summary Report Details
The report contains 5 sections; 4 of the 5 sections have interactive elements, allowing you to drill down and see specific counts and percentages:
- High Level Stats
- Results Snapshot
- Percentage Pass/Fail with Count
- Pass/Fail Force Field Analysis
- Prevented, Detected, & Alerted Analysis
High Level Stats
The high-level stats section shows you how many Actions were run and provides counts for specific categories. At a glance you can gain a basic understanding of what was run in and against your defensive stack.
Summary Report High-level Stats
Results Snapshot
The snapshot takes the total Actions processed and shows the percentage blocked, detected, and alerted. These graphs are interactive and show you the specific counts and percentages.
Result Snapshot showing Blocked with Mouseover Details
Recent Pass/Fail Changes
The Recent Pass/Fail Changes section is included if there have been changes to the Pass/Fail definitions in the last 90 days. It lists the date of the most recent change. When there are changes made to the Pass/Fail definitions, trends that you've seen in several sections of the summary report may change. Seeing that there have been changes also allows you to determine if you want to adjust the timeframe for the report to only show results from before or after the change.
Section showing Recent Changes to the Pass/Fail Definitions
Percentage Pass/Fail with Count
The Percentage Pass/Fail with Count section helps visualize the effectiveness of the security stack based on the Attacker Behaviors, Attack Vectors, Business Zones, and Stage of Attack. Not only does it show the percentage passed versus failed (bar chart), it also shows how many Actions were run for each segment (line graph). See Understanding Pass/Fail Rules to learn more about how pass and fail is determined.
Percentage Pass/Fail with Count Charts with Mouseover Details
Pass/Fail Force Field Analysis
The Pass/Fail Force Field Analysis section allows you to quickly see the pass/fail rates across Attacker Behaviors, Attack Vectors, Business Zones, and Stage of Attack. Because you are looking at the counts, you quickly see how the Actions run are distributed across the zones and Dimensions.
Pass/Fail Force Field Analysis Graphs with Mouseover Details
Prevented, Detected, Alerted Analysis
The final section of the Summary Report lets you quickly compare the statistics for Actions that were Prevented, Detected, and Alerted across Business Zones, Stages of Attack, and Attacker Behaviors. This is displayed as a stacked bar chart, so you can easily compare the counts for the three results compared to the total count of Actions. Select or hide any of the options displayed to focus on the information you are most interested in.
Business Zones Analysis Chart