Skip to main content
Skyhigh Security

Run Reports

Generate a report using default or customized queries. For example, create a report that shows the top blocked malware in your organization using data available from your configured queries.

Before you begin

By default, you must have administrator rights to be able to view, modify, and run existing reports as well as add new reports. To give other users the ability to create and run reports, select Menu > User Management > Permission Sets and edit the Content Security Reporter permission for each user type.

NOTE: If the report includes runtime parameters, you can specify those parameters when running the report.

  1. Select a query.
    1. Select Queries & Reports > Actions > Report and click New, or select an existing report from the list and click Edit.
      The Report Builder opens with the Report Layout view active. 
    2. From the toolbox, drag a query chart to the report layout configuration area.
      The Configure Query Chart dialog box opens.
    3. Select the available query options.
    4. Click OK.
  2. Customize the report.
    1. In the Name, Description and Group tab, type a name, description, and which group to use.
      Use the Header and Footer and Page Setup tabs to specify how you want the query to appear in the report.
    2. Use the Runtime Parameters tab to select report-level filters.
  3. Click Run to generate the report.

At this point, you can choose to run the report to get the information immediately, save to use it another time, configure its appearance further by adding additional content.

View Advanced Threat Defense reports

To further analyze Advanced Threat Defense data, register the Advanced Threat Defense server and view the analysis reports.

Register the Advanced Threat Defense server

To view the Advanced Threat Defense analysis results, register the Advanced Threat Defense server with Trellix ePO.

  1. Create the Advanced Threat Defense server.
    1. Select Menu > Configuration > Registered Servers, then click New Server.
    2. On the Registered Server Builder page, select MATD server from the Server type drop-down list.
    3. In the Name field, enter the unique Advanced Threat Defense server name.
    4. In the Notes field, enter any additional information, then click Next.
  2. Configure the Advanced Threat Defense server settings.
    1. In the Server Name or IP Address field, enter the Advanced Threat Defense server name or IP address found on the Web Gateway interface.
    2. In the User name field, enter your Advanced Threat Defense user name.
    3. In the Password field, enter your Advanced Threat Defense password.
    4. Click Test Settings.
    5. If the settings are correct, click Save.

View the Advanced Threat Defense reports

To view and download the Advanced Threat Defense reports, drill down from the dashboard monitor to the Details page.

Before you begin

Advanced Threat Defense reports are only available from queries configured for Advanced Threat Defense content.

  1. From your Advanced Threat Defense dashboard monitor, select a data point.
  2. In the data table, select the row of data you want to view.
  3. On the Details page, click MATD Analysis Reports, then select one of these options:
    • View Analysis Summary (PDF) — Downloads a PDF file that contains an executive brief detailing key behaviors of the sample file.
    • View Complete Results — Downloads a .zip file that contains all available Advanced Threat Defense reports for an analyzed sample.
  • Was this article helpful?