| Reports Module |
Report category |
Available reports |
| Devices |
Windows |
- Windows Events
- Windows Severity Reports
- Windows Critical Reports
- Windows Logon Reports
- Windows System Events
- Threat Detection
- Removable Disk Auditing
- Network Policy Server
- Registry Changes
- Windows Backup and Restore
- Application Crashes
- Windows Firewall Auditing
- DNS Server
- AD DNS Server
- Network Share
- File Monitoring
- Trust Relationships Changes
- Domain Controller Logon Reports
- Policy Changes
- Group Management
- User Account Management
- Process Tracking
- Windows Logoff Reports
- Windows Failed Logon Reports
- Threat Detection From Antivirus
- Infrastructure Reports
- Windows Important Events
- Hyper-V Server Events
- Windows Firewall Threats
- Application Whitelisting
- Program Inventory
- Domain Events
- Hyper-V VM Management
- User activity
|
| Devices |
Active Directory |
- User Logon Reports
- Local Logon-Logoff
- Account Management
- User Management
- Group Management
- Computer Management
- Permission Changes
- Configuration Auditing
- DNS Changes
- AzureAD Password Protection
- Domain Object Changes
- LAPS Audit
- OU Management
- GPO Management
- Other AD Object Changes
|
| Devices |
Unix |
- Unix Events
- Unix Logon Reports
- Unix Logoff Reports
- Unix Failed Logon Reports
- Unix User Account Management
- Unix Removable Disk Auditing
- SUDO Commands
- Unix Mail Server Reports
- Unix Threats
- Unix NFS Events
- Unix Other Events
- Unix FTP Server Reports
- Unix System Events
- Unix Severity Reports
- Unix Critical Reports
|
| Devices |
Network devices |
Predefined reports for Arista, Barracuda, Check Point, Cisco, F5, Fortinet, FirePower, H3C, Huawei, Juniper, Meraki, NetScreen, pfSense, Palo Alto, SonicWall, Sophos, WatchGuard devices, Dell, Forcepoint and StormShield.
- All Events
- Important Events
- Router Logon Report
- Router Configuration Report
- Router Accepted Connections
- Denied Connections
- Router Traffic Report by Protocol
- Router/Switch System Events
- Router Traffic Errors
- IDS/IPS Activity
- Firewall Threats
- Firewall Traffic Reports
- Denied Connections
- Common Reports
- Firewall Logon Reports
- Firewall Account Management
- Firewall VPN Logon Reports
- Firewall VPN Users Reports
- VPN Connection Status Report
- Network Device Severity Reports
- Network Device Risk Reports
- Firewall Website Traffic Reports
|
| Devices |
VM Management |
Predefined reports for ESXi
- Hypervisor Events
- VMWare Logons/Logoff
- VMWare System Events
- VMWare Server Events
|
| Cloud Sources |
AWS |
- User Login Activity
- Failed/Unauthorized Activity
- IAM Activity
- User Activity
- Network Security Groups
- VPC Activity
- S3 Bucket Activity Reports
- WAF Reports
- Security Token Service
- AWS Config Reports
- EC2 Reports
- Amazon Auto Scaling Reports
- Amazon ELB Reports
- RDS Reports
- Route 53
- S3 File Changes Audit
- S3 Traffic Analysis Reports
- Classic LoadBalancer Reports
- Application LoadBalancer Reports
- Network LoadBalancer Report
|
| Microsoft 365 |
- Microsoft 365 Overview
- Exchange online
- Azure AD
- Microsoft Teams
- OneDrive Online
- Sharepoint Online
|
| General Applications |
SQL Server |
- SQL Server Events
- DDL Auditing Report
- DML Auditing Report
- Logon/Logout Events
- Failed Logon Events
- Startup Shutdown Events
- Server Principal Changes
- Database Principal Changes
- Password Changes
- Audit Changes
- Backup and Restore Events
- Security Reports
- System Events
- Permission Denied Report
- Integrity Report
- Authority Changes
- Trace Changes
|
| Oracle |
- Oracle Events
- Auditing Account Management
- Auditing Report
- Auditing Server Report
- Security Reports
|
| Terminal |
- Terminal Server Events
- Terminal Server Gateway Logons
- Terminal Server Gateway Communications
- Terminal Server Gateway Top Reports
|
| Sysmon |
- Sysmon Events
- Process Audit Report
- Registry Audit Report
- File Audit Report
- Library And Drivers Report
- Network Audit Report
- WMI Audit Report
- Configuration Report
|
| Exchange Reporter Plus |
- Exchange Events
- Mailbox Audit Logging
- Admin Audit Logging
- Mailbox Import Export Changes
- Folder Access Permission Changes
|
| Security Applications |
MalwareBytes |
|
| FireEye |
|
| Symantec Endpoint Protection |
|
| Symantec DLP |
|
| CEF Format |
|
| McAfee |
- McAfee Events
- McAfee Threat Reports
- McAfee Virus Reports
|
| Trend Micro |
- Trend Micro Events
- Logon Reports
- Policy Management
- User Account Management
- Security Reports
|
| Import Supported Log Sources |
Apache |
- Apache Server Events
- WebServer Error Reports
- WebServer Top Reports
- WebServer Attack Reports
- WebServer Advanced Reports
|
| DB2 Logs |
- DB2 Events
- DDL Auditing Report
- DML Auditing Report
- Database Connection Auditing
- Database Server Reports
|
| DHCP Linux |
- DHCP Linux Events
- DHCP Server Reports
|
| DHCB Windows |
- DHCP Windows Events
- DHCP Server Reports
|
| IIS W3C Web |
- IIS Web Server Events
- WebServer Top Reports
- WebServer Error Reports
- WebServer Attack Reports
|
| IIS W3C FTP |
- IIS FTP Events
- FTP Server Reports
|
| MySQL |
- MySQL Events
- Logon Reports
- General Statements Reports
- Database Administrative Statements Reports
- MySQL Server Events
|
| Postgres |
- PostgreSQL Events
- DDL Auditing Report
- DML Auditing Report
- Logon Reports
- Auditing Account Management
- Database Administrative Statements Reports
- PostgreSQL Server Events
|
| SAP ERP Audit Logs |
- SAP Events
- Logon Reports
- User Account Management
- Configuration Reports
- Attack Reports
- System Events
- Device Severity Reports
|
