Citrix Analytics for Security

Custom reports

You can create and schedule custom reports using the events and insights available in Citrix Analytics for Security. Custom reports help you to extract information of specific interest and organize the data graphically. It helps analyze the security of the data source of your choice over time.

Custom reports support the following data sources:

  • Apps and Desktops
  • Gateway
  • Secure Private Access
  • Secure Browser
  • Policies
  • Risk Indicators
  • Risk Score

Supported Fields in Custom Reports

Some data sources are also available in self-service search. To view these event types and supported fields, click the following data sources.

The following data sources are only available in Custom Reports. The following table lists the supported fields in the Custom reports for the following data sources:

  • Risk Indicators
  • Risk Score
Data source Dimension Description
Risk Indicators Category Indicates the category of risk indicators. The risk indicators are grouped into one of four categories - compromised endpoints, compromised users, data exfiltration, or insider threats.
  Risk-Indicator-Name The name of the risk indicator. For a custom risk indicator, the name is defined by the admin while creating the indicator.
  Severity Indicates the severity of the risk. It can be low, medium, or high.
  User-Name The user name or domain\username that is used for logging in.
Risk Score Risk-Score The risk score assigned to the user. The risk score varies from 0 to 100 depending on the threat severity associated with the user’s activity.
  User-Name The user name or domain\username that is used for logging in.
  Risk-Score-Category Based on the risk score, a risky user can fall into one of the following categories: high risk, medium risk, and low risk.

Reports

You can perform the following actions on reports using this view:

  • Click Create Report to create a custom report.
  • Expand a row to see the preview of an existing custom report.
  • Click the report name to see the detailed report visualization.
  • Click the export icon to export an existing custom report in PDF format.
  • Click the edit icon to edit the reports you’ve created.
  • Click the delete icon to delete the reports you’ve created.

Custom Reports page

Create a custom report

To create a custom report, click Create Reports. On the Create Report page, you can choose to create a custom report with or without templates.

Create Report with template

Creating a custom report with templates

To create a custom report with a template:

  1. Select a template: Once you click a template, the template details are listed on the right. Click Apply Template to Report to enable the report to use the selected template.

  2. Refine Filters: The Refine Filters page shows the filters that were predefined for the template you selected. Make the required changes and then click Next.

Refined filters

  1. Apply Visualization: Select one of the available visualizations for displaying the report.

Apply Visualization

  • Bar chart: Presents data with vertical rectangular bars with height proportional to the values. Used for comparing events.
  • Stacked-column chart: Presents data in the form of bars stacked one over the other. Used to visualize the total sum of data over multiple sub-categories.
  • Pie chart: Presents data in the form of a pie. Used to visualize the relative size of the data or percentages.
  • Donut chart: Presents data in the form of a donut. Used to visualize the relative size of the data or percentages. - Table: Presents data in the form of a table. Used to visualize as many dimensions as needed.
  • Line chart: Presents data with dots connected by straight line segments. Used to visualize data trends over a time period.
  1. Now configure the visualization with the following parameters:

    • Dimension for the x-axis
    • Metrics to be plotted in the y-axis
    • Summarization or aggregations, such as average or count, to be applied to the metric
    • Options for sorting and ordering
    • An optional limit for the maximum number of records to be displayed on the report.

Creating a custom report without templates

You can also create a custom report without a predefined template. Click Create Custom Report without Template. Select a data source from the dropdown list. Follow the steps to define the filters, apply visualization, save, and schedule the report.

Custom Report without Template

Save a report

  1. To save the report, click Save. Specify a title for your report.
  2. You can schedule to email the report to the specified email IDs and distribution lists on a specific date and time or a recurring schedule.

Save Report

View a report

  1. After you’ve created and saved a report, you can view the report on the Reports page. You can also modify or delete a saved report.
  2. Click the dropdown button to preview the report.

View Report

Export a report

Click the export icon to export the report.

Export Report

Delete a report

Click the delete icon to delete the report.

Note:

Only the user who creates the report can delete it.

Delete Report

Edit a report

Click the edit icon to edit the report.

Note:

Only the user who creates the report can edit it.

Edit Report

Executive Summary report

You can schedule an automated export through email which contains a PDF of a pre-created executive summary report. The executive summary report is a collection of reports depicting your enterprise’s security posture at one single glance for the selected time period to the audience of your choice.

You can create the report for data for the following time durations:

  • Last 1 Hour
  • Last 12 Hour
  • Last 1 Day
  • Last 1 Week
  • Last 1 Month

Executive report

What reports does it contain?

The Executive Summary report contains the following reports:

  • User Risk Distribution: The distribution of high, medium, and low risky profiles based on their highest computed risk score in the selected time period.
  • Top Risky Users: The top risky users among all users sorted by highest risk scores for the selected time period.
  • Risk Occurrences by Categories: The comprehensive view of the types of risk exposures and critical risks provided by risk categories that require immediate action. The risk indicators are grouped under the following categories:
    • Compromised users
    • Compromised endpoints
    • Data exfiltration
    • Insider threats
  • Risk Indicators: The triggered risk indicators for the users for the selected time period.
  • Actions: The applied actions to the risk indicators triggered for the users for the selected time period.
  • Top policies: The top five policies that got triggered the most in the selected time period.
  • Top Actions: The top five actions that got triggered the most in the selected time period.
  • Risk Indicators by Severity: Default and custom risk indicators triggered by the users sorted based on the severity.
  • Risk Indicators by Total Occurrences: Default and custom risk indicators triggered by the users sorted based on the occurrences.

Edit an Executive Report

To edit an Executive Report, complete the following steps:

  1. Click the Edit symbol. Executive Report edit
  2. In the Configure your report pane, select the time duration for which you want to see the data. Executive report main
  3. Click Next. The Save Report pane appears.

    Note:

    To discard the changes, click Discard Changes.

  4. In the Save Report pane, enter the following details:

    1. Name your report: The name of the executive report.
    2. Schedule email report: Toggle on to schedule the report. The toggle is off by default.
    3. Send to: Select a distribution list from the dropdown. You can also add a combination of distribution lists and individual email addresses. To create a customized distribution list, see Admin Email Settings.
    4. Set up schedule: Select the desired time at which the report is first sent to the selected audience and the time it repeats.

      Executive Save Report

    5. Click Save report. The report is then sent as an email to the listed recipients.

      Sample email

      Alternatively, you can export the executive report as a PDF using the Export symbol.

      Sample PDF The following screenshot depicts a sample PDF output:

      Sample PDF output

Custom reports