We build an example query that shows the number of login attempts on a virtual private network (VPN). Then, we use the query in a trend to collect data on VPN login attempts on an hourly basis. Next, we build several more focused queries on top of the trend to get views into particular slices of the data (all login attempts, successful logins, and failed logins).
Finally, we use the data results from the queries and trends to create a report. To format the report, we use one of the ArcSight provided templates.
Start by navigating to the Reports resource in the Navigator panel, then follow these steps to build the example report:
Note: You need a set of canned VPN login events to properly verify the query and trend resources created for this example.