Some comments on reporting after using the product over the last year or so.
There are many reports, but the configuration and tuning capabilities are pretty lacking right now. There is also a lot to be desired with regards to auditability, lack of scheduling, etc.
Listed below are some of the perceived gaps, some minor, some not. Would be interested to know any workarounds people have implemented for any of these.
- No API endpoint for reports
- No scheduling. Repeatable runs for system, groups, or users. Can only schedule once in the future, one time, which is really just "run later".
- No auditing capability. (Who ran a report, when it was run, who it was delivered to)
- Reports either lack evidence completely, or lack sufficient details on suggested correlations. For example, the PCI "Full Report" just lists a single page of checkboxes boxes for base requirements, but no evidence or even summary information is available for any of them on how the conclusion was drawn.
- No tuning options for reports. Some reports allow you to generate a report "By Time" or "By Classification", but there's no way to tune in a more generalized way: "I want a detailed report containing events, sorted by severity and date, and I want to include X metadata, and exclude Y metadata".
- Fixed width web view. Large reports stay 700px wide even on very large monitors.
- Missing any filtering, sorting, or rollup by tag, deployment or other metadata.
Please sign in to leave a comment.