Print Download PDF Send Feedback

Previous

Next

Views and Reports

In This Section:

Deploying Views and Reports

Catalog of Views and Reports

Views

Reports

Widgets

You can create rich and customizable views and reports for log and event monitoring, that inform key stakeholders about security activities.

The views are available from two locations:

For a quick overview of Views and Reports in R80, see the online tutorial.

Deploying Views and Reports

To allow SmartEvent views and reports, you must install and configure a SmartEvent Server. For the details, see Deploying SmartEvent.

Catalog of Views and Reports

In the Logs & Monitor view, click the (+) tab to open a catalog of all views and reports, predefined and customized. Click a view or report to open it.

Item

Description

1

Open Log View - See and search through the logs from all Log Servers. You can also search the logs from a Log Server that you choose.

Open Audit Logs View - See and search records of actions done by SmartConsole administrators.

These views come from the Log Servers. Other views come from the SmartEvent Server.

2

Compliance View - Optimize your security settings and ensure compliance with regulatory requirements.

3

Views - The list of predefined and customized views. A view is an interactive dashboard made up of widgets. The view tells administrators and other stakeholders about security and network events. Each widget is the output of a query. Widgets can show the information as a graph, table, or some other format. To find out more about the events, double-click a widget to drill down to a more specific view or raw log files.

4

Reports - The list of predefined and customized reports. A report has multiple views, and applies to the time that the report is generated. It gives more details than a view. There are several predefined reports, and you can create new reports. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report. A report is divided onto pages.

5

Favorites - Use this view to collect the views and reports you use the most.

6

Switch to Table View or Thumbnails View - The Table view is the default for views and reports. The Thumbnails view is the default for the Favorites and Recents.

7

External Apps

  • SmartEvent Settings & Policy - The SmartEvent GUI client. Use it for initial setup and to define the SmartEvent Correlation Unit policy. The views in SmartConsole are a replacement for those in the SmartEvent GUI client.
  • Open Tunnel and User Monitoring - The SmartView Monitor GUI Client. The monitoring views in SmartConsole are a replacement for those in the SmartView Monitor GUI client, except for Tunnel and User Monitoring.
  • SmartView Web Application - A SmartEvent Web application that you can use to analyze events that occur in your environment. Use it to see an overview of the security information for your environment. It has the same real-time event monitoring and analysis views as SmartConsole, with the convenience of not having to install a client.

 

Views

Views tells administrators and other stakeholders about security and network events. A view is an interactive dashboard made up of widgets. Each widget is the output of a query. A Widget can show information in different formats, for example, a graph or a table.

SmartConsole comes with several predefined views. You can create new views that match your needs, or you can customize an existing view.

In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Click a view to open it.

Item

Description

1

Widget- The output of a query. A Widget can show information in different formats, for example, a graph or a table.

2

Drill Down - To find out more about the events, double-click a widget to drill down to a more specific view or raw log files.

3

Options - Customize the view

4

Queries - Predefined and favorite search queries

5

Time Period - Specify the time periods for the view.

6

Query search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query.

Customization

Customize your views according to these options:

Click Edit to switch to view edit mode.

SmartConsole saves an administrator's customized views.

View Settings

  1. Enter a title.
  2. To show more results, this option allows a table to spread across multiple pages when saved to PDF.

    The No page limit option shows more results by spreading them across a number of pages.

Export and Import

To export the view layout and widget definitions to a file, use the Export option

To import the file from another server, or from another administrator, use the Import option in the Catalog (new tab).

Save As PDF

The Save as PDF option saves the current view as a PDF file, based on the defined filters and time frame.

Reports

A report has multiple pages, and applies to the time that the report is generated. There are several predefined reports, and you can create new reports. A report gives more details than a view. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report.

In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Double-click a report to open it.

Item

Description

1

Preview bar - A report is divided onto pages, usually, one view on one page. Editing a report is done per page, in the same way as you edit a view.

2

Options - Customize, and generate a report.

3

Time Period - Specify the time periods for the report.

4

Query Search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query.

Customization

Customize your reports according to these options:

Click Edit to switch to the report edit mode.

To customize widgets, see: Customizing Widgets

SmartConsole saves an administrator's customized reports. To share customized reports with other administrators, use the Export and Import options.

Report Settings

Reports can be configured according to these options:

Customizing a Report

  1. Select a report from the Catalog (new tab).
  2. Click Options > Edit.
  3. Select the page to edit.

    You can also add or remove pages by clicking one of these:

  4. Customize the widgets.
  5. Add a widget, or arrange widgets in the view: Drag & Drop or expand.
  6. Define filters.

Note -

See: Generating a Report

Filtering Reports by User Groups

You can filter based on User Groups.

To enable this feature, you must first do initial configuration steps.

To configure SmartEvent for user group filtering:

  1. In SmartConsole, define an Access Role object that includes User Groups to use for SmartEvent reports.
  2. Install policies on the Security Gateways.

To generate reports filtered by user groups:

  1. On the SmartEvent Reports tab, select a report.
  2. Click Generate.
  3. Select the User Group filter.
  4. Select a one or more groups.
  5. Click Generate.

The generated report is based on users mapped to the selected groups.

To define a scheduled report filtered by user groups:

  1. Generate a report filtered by the specified User Group.
  2. Copy the full User Group name from the generated report cover page.

    The User Group name typically starts with the prefix "ad_".

  3. Define new custom report:
    1. Right-click on an existing report.
    2. Select Save As.
    3. Right-click the new report.
    4. Select Edit.
    5. Click the Filter icon.
    6. Define a User Group filter.

      The Filter icon is on the toolbar, above the report page selection area.

    7. Make sure that you accurately enter (or paste) the User Group name that you copied in step 2.
    8. Save the report.
  4. Generate the new custom report.
  5. Make sure that the filter works as expected.

    Note: In the Generate a Report window, make sure that the User Group filter is defined as Any.

  6. Click Schedule.
  7. Configure the days and times that this custom report runs automatically.

Automatic Report Updates

SmartEvent automatically downloads new predefined reports and updates to existing predefined reports. To use this feature, the SmartEvent client computer must be connected to the Internet.

Adding a Logo to Reports

You can configure reports to show your company logo on report cover pages. The Check Point logo shows on report cover pages.

To add a logo to your reports:

  1. Save your logo image as a PNG file with the name cover-company-logo.png.
  2. Copy the image to the $RTDIR/smartview/conf directory on the SmartEvent server.

Note: The best image dimensions are 152 pixels wide by 94 pixels high.

Export and Import

To export the view layout and widget definitions to a file, use the Export option

To import the file from another server, or from another administrator, use the Import option in the Catalog (new tab).

Generating a Report

  1. Open the Catalog (new tab) and select a report.
  2. Define the required timeframe and filter in the search bar.
  3. Click Options > Save As PDF.

Generating a Predefined Report in the SmartEvent GUI Client

You can use predefined graphical report templates in the SmartEvent GUI for the most frequently seen security issues. Try these before you create a customized report.

Generate a predefined report in the SmartEvent GUI if you want to schedule it.

To generate a predefined report:

  1. Open SmartConsole > Logs & Monitor.
  2. Click the + to open a Catalog (new tab).
  3. Click the SmartEvent Settings & Policy link.
  4. In the SmartEvent GUI, open the Reports tab.
  5. Select a Default Report for a Software Blade.
  6. Click Generate.
  7. In the Generate a Report window, select a time period.
  8. Click Generate.

    Your reports are saved in the Report History.

Scheduling a Report

To schedule a report you need to define and edit it in the SmartEvent GUI client.

Note - Reports in the SmartEvent GUI client are different from reports in SmartConsole or the SmartView Web Application. To customize a report before scheduling, edit the report in the SmartEvent GUI client:

  1. Open the Report tab
  2. Select the report from the Report tree.
  3. Click Edit.

To schedule a report:

  1. Open SmartConsole > Logs & Monitor.
  2. Click the (+) to open a Catalog (new tab).
  3. Click the SmartEvent Settings & Policy link.
  4. In the SmartEvent GUI client, select Schedule.

    The Schedule and Email settings configuration window opens.

  5. Click Add, and select a schedule.
  6. Select Active for the schedules you want to activate.
  7. Optional: Click Email Settings.
  8. Select Send By Email, and configure email settings to get the schedule report automatically.

Generating a Network Activity Report

The Network Activity report shows important firewall connections. For example, top sources, destinations, and services. To create this report, SmartEvent must first index the firewall logs.

To enable the Network Activity Report :

  1. In SmartConsole, open the Logs & Monitor view.
  2. Click the (+) to open a Catalog (new tab).
  3. Click the SmartEvent Settings & Policy link.
  4. In the SmartEvent GUI client > Policy tab, select and expand Consolidated Sessions.
  5. Select Firewall Session.

    Note - this configuration increases the number of events per day by about five times. To avoid a performance impact, make sure the hardware can handle the load.

Configuring Email Settings for Reports

You can configure SmartEvent to automatically send reports by email to specified, default recipients each time the report runs. Use this procedure to define the default recipient addresses and the SMTP server connection.

To configure email server settings:

  1. In SmartEvent, click Settings > Reports.
  2. In the Email Server section, enter the SMTP mail server URL and sender email address in the applicable fields.

    The sender email address shows on all report emails sent by SmartEvent.

  3. Click Test Connection, to make sure that the defined SMTP connection works correctly.
  4. In the Email Server section, enter the default recipient email addresses in the To and Cc fields.

    You can enter more than one email address in each field, separated by semicolons.