Step 4 - Use the Session List in a Report

You can leverage session lists in a variety of resources including reports. For example, you could use a rule to correlate multiple failed VPN logins over a short timeframe with a particular user entry in the session list. You then specify that if both conditions are met, add the user to an active list such as /Active Lists/Shared/All Active Lists/ArcSight System/Threat Tracking/Suspicious List.)

Purpose: To use the session list in a simple report.

Create a new report on the session list for this example. The steps are:

Create a report
Choose a report template
Choose the session list as the data source for the report
Run the report

Where: Navigator > Resources > Reports

To create a report showing the Windows logins:

In the Navigator, choose the Reports resource and click the Templates tab.
Expand the folder /Report Templates/Shared/All Report Templates/ ArcSight System/1 Table
Right-click Simple Table Portrait and selct New Report from Template.

A Repot Editor opens.
Provide a name for the report (for example, Windows Login Sessions).
Click the Data tab and select Session Lists for the Data Source type and the Windows Login Sessions list for the data source.
Click OK.
Click the Reports tab. The report you created is displayed under your user folder.
Select the new report, right-click and choose Run Report or Run Report with Defaults from the context menu.

Following is an example of an HTML version of the Windows Login Sessions report.

For more information on creating and using reports, see Creating or Editing a Report and Running and Managing Reports.

Micro Focus Security Community
All Documentation
Support
Education
Send Us Feedback

Close

We welcome your comments!

You can either:

Open an email window.

Or copy the information below to an email client and send the email to Documentation-Feedback@microfocus.com.

Help Topic ID:

Product:

Topic Title:

Feedback: