Xprotect reports

Xprotect reports are built to provide critical data related to the hosts managed from the instance, the policies on the hosts, and the alerts generated for policy violations. Use Xprotect reports to gauge the overall progress of the Policy building and/or hardening efforts for the instance. Reports can also help Security evaluators with data to assess the security posture of the hosts.

The two reports available with Xprotect are - Policies and Alerts Report and Instance Report.

Policies and Alerts Report

Policies and Alerts report is an XLSX report that provides statistics for the Policies and Alerts for the instance. Policies and Alerts can only be generated on demand. 

Some of the statistics available in the report are the number of alerts and blocked events, the number of alerts actioned, and the number of alerts that Xprotect classifies as high threats.

Instance Report

Instance report is a PDF report that provides critical metrics for Hosts, Policies, and Alerts for the instance. Instance reports can be generated on demand or scheduled for weekly or monthly email delivery. Weekly reports contain data for the last week and monthly reports for the last month.

Some of the metrics displayed in the report are Top 10 hosts with most alerts, Most frequently generated alerts, and Policy distribution by Host groups.

Reporting operations

The following is the list of operations supported for Xprotect reports.

Policies and Alerts Report

Create On-demand report, and Download On-demand report

Instance Report

Create On-demand report, Download On-demand report, Create Scheduled report, Download Scheduled report, Edit Scheduled Report, and Delete Scheduled report.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.