Monthly/Quarterly Reports | Voters

Monthly/Quarterly Reports

complete

Matt

Would love to see SIEM reports similar to the EDR reports we currently get. Could either be added to the current EDR reports or separate.

May 14, 2024

Chris Bisnett

marked this post as

complete

We've added some minimum SIEM data to the monthly/quarterly reports to show how many events we're ingesting with SIEM over the time period. I want to add some of the additional data that has been called out here like top generating sources and sources generating the most signals and incidents. I'm going to add a new feature request to track those additions.

Chris Bisnett

marked this post as

planned

Chris Wiegman

Chris Bisnett here are some basic items you can pull into these reports
•	Number of Windows logs collected
•	Number of Syslog logs collected
•	Alerts over time
•	Top alerting internal sources
•	Alerts actioned
•	Failed login by account