Reporting needs work
Some comments on reporting after using the product over the last year or so.
There are many reports, but the configuration and tuning capabilities are pretty lacking right now. There is also a lot to be desired with regards to auditability, lack of scheduling, etc.
Listed below are some of the perceived gaps, some minor, some not. Would be interested to know any workarounds people have implemented for any of these.
- No API endpoint for reports
- No scheduling. Repeatable runs for system, groups, or users. Can only schedule once in the future, one time, which is really just "run later".
- No auditing capability. (Who ran a report, when it was run, who it was delivered to)
- Reports either lack evidence completely, or lack sufficient details on suggested correlations. For example, the PCI "Full Report" just lists a single page of checkboxes boxes for base requirements, but no evidence or even summary information is available for any of them on how the conclusion was drawn.
- No tuning options for reports. Some reports allow you to generate a report "By Time" or "By Classification", but there's no way to tune in a more generalized way: "I want a detailed report containing events, sorted by severity and date, and I want to include X metadata, and exclude Y metadata".
- Fixed width web view. Large reports stay 700px wide even on very large monitors.
- Missing any filtering, sorting, or rollup by tag, deployment or other metadata.
First, thanks for taking the time to leave this feedback - we appreciate it.
We know that reporting is an area that needs significant improvement in our service, and we wanted to share with you some of the ongoing investments we are making there, and when you could start seeing some improvements there.
From a technology perspective, we started investing in a business intelligence platform a while ago, and have been leveraging that initially in a portion of our portfolio (CloudInsight). I believe you are a subscriber to Cloud Insight and might have consumed some of these reports in the Cloud Insight console. Our objective as a company is to get all the data that we have available across our entire portfolio in the business intelligence backend, which then enables us to create interactive reports that are comprehensive. We have been working pretty hard in the backend of our platform to start loading datatypes such as incident data and health data in the BI systems and keep adding data-sources.
In parallel, we are also working on an integration between the different portals (Cloud Insight and Cloud Defender), with one central login, and one place to find all reports. We will then progressively start moving our reporting from our legacy reporting approach (which was based on on-demand queries on databases and required us to move towards scheduled reporting), to the BI driven approach (where data is continuously loaded and transformed in a model optimized for reporting).
The first results of this will land in the month of April, and will include the integration of both portals, the availability of the BI based reporting center for Cloud Defender customers, and a set of new interactive reports, focused on incidents and a monthly service summary. The reports will include a daily incident digest report, a incident digest trend report, an incident distribution explorer that looks at distribution of incidents by severity, classification and type, and time, and two additional reports breaking down incidents by target, and by source. The service summary will provide key metrics and information on a monthly basis from collection, incident and log review, and support cases.
Here is an example of one of those reports upcoming:
All these will be generated automatically and will not require scheduling. They all will have some capabilities to filter or customize based on key reporting dimensions. Export to image, pdf, csv, or embedding in other websites are capabilities we inherit from our underlying BI platform. We have also more automation options with this solution and would be open to work with you to understand your automation objectives so we can assess possibilities.
After this - foundational - release, we will progressively review the rest of our legacy reports and start moving these over to the BI based technology until we can deprecate our old reporting technology.
While this first release will not address all of the challenges you have documented, we do believe it will result in a significant improvement, and as we roll out more reports in this technology, we hope this will ultimately address the bulk of your reporting needs.
Please sign in to leave a comment.