Documentation Center

AlienVault OSSIM® Report Types

Applies to Product: USM Appliance™ AlienVault OSSIM®

AlienVault OSSIM Reports

AlienVault OSSIM provides a set of simplified versions of the reports found in USM Appliance. These reports lack the flexibility, customization, and richness of information that are available with the USM Appliance reports. 

You can view the AlienVault OSSIM reports directly in the user interface as HTML, or you can export other reports as PDF documents and send them through email. For the majority of reports, you can change the data range.  In a few reports, you can change other settings, such as the list of assets included in the report.

Alarms Report

The Alarms Report generates a report on top alarms based on top attackers, top attacked hosts, top ports, and alarm risk. The default date range is set to the last 30 days, but you can change this range. Select the report section you would like to see in the report by checking the checkbox next to the section name. You can select the following sections:

  • Title Page
  • Top 10 Attacker Host
  • Top 10 Attacked Host
  • Top 10 Used Ports
  • Top 15 Alarms
  • Top 15 Alarms by Risk

You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.

Asset Details

The asset details report function doesn't actually generate a report, but rather it allows you to observe relevant information about an asset or network. Instead it allows you to select an asset or a network and navigates you to the Asset Details or Network Details page. Once you click View Report, you can observe information about the selected asset or network.

Select an asset or network by double-clicking the input field. The system will list all assets and networks in the system. You can filter through assets or networks by typing the beginning of asset or network name or IP address into the input field.

Availability Report

The Availability Report does not actually generate a report. Instead, it allows you to select a USM Appliance Sensor and navigates you to Environment > Availability > Reporting. Once you click View Report, you can observe assets and services availability.

Choose type of availability report by selecting a section. Available options are:

  • Trends
  • Availability
  • Event Histogram
  • Event History
  • Event Summary
  • Notifications
  • Performance Info

Business & Compliance ISO PCI Report

Business & Compliance report displays information that is required by different compliance regulations, such as PCI DSS and ISO27001. The default date range is set to the last 30 days, but you can change this range.

Select the report section you would like to see in the report by checking the checkbox left of the section name. Available sections are:

  • Title Page
  • Threat Overview
  • Business real impact risks
  • C.I.A. Potential impact
  • PCI-DSS 2.0
  • PCI-DSS 3.0
  • Trends
  • ISO27002 Potential impact
  • ISO27001

You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.

Geographic Report

Geographic report creates a report on the number of alarms per geographic location. The default date range is set to the last 30 days, but you can change this range.

You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.

SIEM Events

The SIEM Events Report generates a report on top events based on top attackers, top attacked hosts, top ports, and event risk. By clicking the green plus (+) sign you can also navigate to the grouped view in the Analysis > Security Events (SIEM) page to display grouped SIEM events. The default date range is set to the last 30 days, but you can change this range.

Select the report sections you would like to see in the report by checking the checkbox left of the section name. Available sections are:

  • Title Page
  • Top 10 Attacker Host
  • Top 10 Attacked Host
  • Top 10 Used Ports
  • Top 15 Events
  • Top 15 Events by Risk

You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.

Threats & Vulnerabilities Database

The Threats & Vulnerabilities Database Report does not actually generate a report. Instead, it navigates you to Environment > Vulnerabilities > Threat Database to view further relevant threat and vulnerability details.

Tickets Status

The Ticket Status Report generates a report in the web interface to display:

  • Number of tickets by status
  • Number of tickets by user in charge
  • Number of tickets by type
  • Number of tickets by tags
  • Closed tickets by month
  • Tickets by type per month

Tickets Report

The Tickets Report lists and describes tickets that were created based on alarms, events, metrics, anomalies, and vulnerabilities. The default date range is set to the last 30 days, but you can change this range.

Select a section of a report you would like to see in the report by checking the checkbox next to the section name. Available sections are:

Further customizations include:

  • Select ticket status — You can choose from Open, Assigned, Studying, Waiting, Testing, and Closed
  • Select ticket type — You can choose from Expansion Virus, Corporative Nets Attack, Policy Violation, Security Weakness, Net Performance, Applications and Systems Failures, Anomalies, and Vulnerability
  • Select ticket priority — You can select High, Medium, and/or Low

You can download the report as a PDF document by clicking Download PDF, or you can send the report as email by clicking Send by e-mail.

User Activity Report

The User Activity Report does not actually generate a report. Instead it navigates you to Settings > User Activity to display the web interface to view the user or action types you would like to see.

Vulnerabilities Report

The Vulnerabilities Report generates a report in the web interface that displays detected vulnerabilities for each asset.