67-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter67 Managing Reports
Working with Reports in Report Manager
Signature ID (IPS top attackers, top signatures, top victims)—The signatures to include in the
report. To specify signatures, click the Edit button next to the field and select the desired
signatures. You can select a folder to select all signatures in the folder.
Note In the predefined system reports, you cannot specify values for all three of the Signature
ID, Attacker IP, and Victim IP criteria. You can specify a value for the key attribute of
the report (for example, Victim IP for the top victims report) plus one of the other
values. If you want to configure values for all three criteria, you must create a custom
report.
Attacker IP, Victim IP (IPS top attackers, top signatures, top victims)—The attacker and victim
IP address fields are separate, but they are functionally the same. They define the IP addresses
for attackers (sources) or victims (destinations) to include in the report. You can enter individual
addresses, such as 10.100.10.10, or address ranges, such as 10.100.10.10-10.100.10.20. Both
IPv4 and IPv6 addresses are accepted. Separate multiple addresses with commas.
You can click the Edit button next to the field to open a dialog box where you can more easily
create complex lists of addresses and address ranges. However, you cannot use network/host
objects to define addresses.
Blocked (IPS top attackers, top blocked/unblocked signatures, top signatures, top
victims)—Whether the event resulted in dropped traffic (Blocked), traffic that was not dropped
(Unblocked), or either (All).
Username (VPN user report)—The names of the users to include in the report. The default, an
empty list, includes all users. If you want the report to focus on specific users, use the Add (+),
Edit (pencil), and Delete (trash can) buttons beneath the table to create the desired list of users.
Technology (VPN device usage report)—The type of remote access technology to include in the
report: All, Clientless (SSL VPN), Full Client (SSL VPN), IPsec RA (IPsec remote access
VPN).
Step 5 Click OK in the Edit Settings dialog box to implement your changes.
You can now click the Generate Report button to retrieve the data defined by the settings and display it
in the report. You can also use Save or Save As to permanently save the changes to the settings.
Printing Reports
After you generate a report as described in Opening and Generating Reports, page 67-18, you can print
it.
To print the report, click the Print button above the report. You are prompted to select a printer.
Exporting Reports
After you generate a report as described in Opening and Generating Reports, page 67-18, you can export
it to an Adobe Acrobat (PDF) or comma-separated values (CSV) file.
Exported files include the following information:
The creation time of the report.
The settings used to generate the report.