| Previous | Contents | Index |
If you elect to create the report, the report is generated and you are asked for an output option (see Section 6.6.2, Report Output Options). After the report has been output, you are returned to the Reports menu.
If no incidents are found for the report criteria, the message:
No incidents recorded for given criteria
is displayed, and you are asked for other Incident report criteria.
The following is an example of a detail Incident Report:
06-Mar-1997 INTOUCH INSA - Network Security Agent Page 1
Detail Incident Report
Alert Name User Date Time P Location Count
----------------- ------------ ----------- -------- - -------------------- -----
INVALID_LOGIN DAN 01-Mar-1997 17:28:30 5 IP 204.182.52.233
DAN 01-Mar-1997 23:03:55 5 IP 204.182.52.233
JEANNIE 01-Mar-1997 18:58:43 5 LAT 1.158
KATHLEEN 01-Mar-1997 17:10:12 5 LAT 2.229
KATHLEEN 01-Mar-1997 17:12:29 5 LAT 2.229
KATHLEEN 05-Mar-1997 07:36:52 5 LAT 1.253
WALLEY 06-Mar-1997 07:08:37 5 LAT 150.224
=====
7
MGMT ALLEN 03-Mar-1997 01:26:09 2 IP 204.214.151.3
JEANNIE 02-Mar-1997 07:13:26 2 LAT 18.214
JEANNIE 05-Mar-1997 00:04:29 2 IP 204.182.52.233
PENNY 01-Mar-1997 19:25:58 2 IP 198.67.173.180
=====
4
=====
=====
11
|
The Alert menu option creates alert reports.
+-------Reports-------+
| Incident |
| Alert |
| Recordings |
| Browser Accesses |
| URL Accesses |
| Active Browsers |
| Audit |
| Page |
| Top [>|
| Archive [>|
+---------------------+
|
Before a report is created, you are asked some questions about what to include on the report, time period to report on, etc.
When the Alert option is selected, the Alert Report screen is displayed and you are asked for a sort order.
INTOUCH INSA Alert Report 06-Mar-1997
+--------------------------------- Sort Order ---------------------------------+
|1) |
|2) |
|3) |
|4) |
|5) |
+------------------------------------------------------------------------------+
+----------------------------- Selection Criteria -----------------------------+
|Begin date : |
|End date : |
|Alert names : |
|Priorities : |
|Min. incidents: |
+------------------------------------------------------------------------------+
+------Sort Order-------+
| default order |
|-----------------------|
| Alert name |
| Last incident date |
| Last incident time |
| Alert priority |
| Incidents |
|-----------------------|
| Exit |
+-----------------------+
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
Selecting "Exit" from any of the menu prompts or entering "EXIT" at an input prompt stops the alert report procedure and returns you to the Reports menu. To back up to previous prompts, use the \ (backslash) key. |
You select how to sort the data for the report.
The default sort order is by alert name. If you wish to accept the default sort order, select default order. If the default order is selected, the primary sort field "Alert name" is displayed in the "Sort Order" box:
+--------------------------------- Sort Order ---------------------------------+ |1) Alert name | |2) | |3) | |4) | |5) | +------------------------------------------------------------------------------+ |
and you proceed to the next report criteria prompt.
If you wish to specify a different sort order, use the mouse to select sort field items from the menu. For example, you could select "Alert priority" as the primary sort field, "Alert name" as the second sort field, etc. Select accept current default when you are done selecting sort fields.
+--------Sort Order---------+
| accept current default |
| reset |
|---------------------------|
| Last incident time |
| Incidents |
| ... |
+---------------------------+
|
The fields you select are displayed in the "Sort Order" box.
+--------------------------------- Sort Order ---------------------------------+ |1) Alert priority | |2) Alert name | |3) | |4) | |5) | +------------------------------------------------------------------------------+ |
To change the current sort order, select the reset menu item which appears on the menu after you have made your first selection. reset clears the sort order box and you can start over with your sort order selections.
The "last incident" date is the date when the last incident occurred for an alert name. You specify a "last incident" time period to include on the Alert Report. For example, you might want to include "last incident" dates which occurred during the period of March 1, starting at 5:01pm, through March 6, ending 8:30am. To specify a particular time period, you provide a start date and time and an end date and time.
To include all dates and times on the report, select "Earliest" as the begin date and "Latest" as the end date.
Select a Begin Date Option
Select a beginning date option from the menu.
+--Begin Date---+
| Earliest |
| Enter Date |
|---------------|
| Exit |
+---------------+
|
| Select Earliest to start with the oldest "last incident" date and time. | |
| Select Enter Date if you want to enter a begin date. |
If you select Enter Date, you are asked for a beginning "last incident" date.
Beginning last incident date (MMDDYYYY)? ________ |
To specify a beginning date, enter the date in MMDDYYYY format.
Enter Earliest to start with the oldest date.
Press [Return] to accept the default.
Beginning last incident date (MMDDYYYY)? 03011997 |
Select a Begin Time Option
If a begin date is provided, you can enter a begin time.
+--Begin Time---+
| Earliest |
| Enter Time |
|---------------|
| Exit |
+---------------+
|
| Select Earliest to start with the earliest time on the entered date. | |
| Select Enter Time if you want to enter a begin time. |
If you select Enter Time, you are asked for a beginning "last incident" time of day you want to begin with.
Beginning last incident time (HH:MM)? _____ |
To specify a begin time, enter a time in HH:MM format (24-hour format). For example, you would enter 03:15 for 3:15 AM or enter 15:15 for 3:15 PM.
Enter Earliest to start with the earliest time.
Press [Return] to accept the default.
Beginning last incident time (HH:MM)? 17:01 |
Select an End Date Option
+---End Date----+
| Latest |
| Enter Date |
|---------------|
| Exit |
+---------------+
|
| Select Latest to include the most current date and time. | |
| Select Enter Date if you want to enter an end date. |
If you select Enter Date, you are asked for an ending "last incident" date.
Ending last incident date (MMDDYYYY)? 03061997 |
To specify an end date, enter the date in MMDDYYYY format.
Enter Latest to include the most current date and time.
Press [Return] to accept the default.
Select an End Time Option
If an end date is provided, you can enter an end time.
+---End Time----+
| Latest |
| Enter Time |
|---------------|
| Exit |
+---------------+
|
| Select Latest to include the latest time on the entered date. | |
| Select Enter Time if you want to enter an end time. |
If you select Enter Time, you are asked for an end time.
Ending last incident time (HH:MM)? 23:59 |
To specify an end time, enter a time in HH:MM format (24-hour format).
Enter Latest to include the latest time.
Press [Return] to accept the default.
The date and time information is displayed in the report "Selection Criteria" box.
+----------------------------- Selection Criteria -----------------------------+ |Begin date : 01-Mar-1997 at 17:01 | |End date : 06-Mar-1997 at 23:59 | |Alert names : | |Priorities : | |Min. incidents: | +------------------------------------------------------------------------------+ |
A menu list of the alert names is displayed. The alert names come from the alert file. You can include all the alert names on the Alert Report or select specific alert names.
+Select Alert Names+
| all |
|------------------|
| INVALID_LOGIN |
| MGMT |
| PAYROLL |
| PRIV |
| URGENT |
|------------------|
| Exit |
+------------------+
|
To include ALL alert names, select all. "ALL" is displayed in the "Selection Criteria" box and you proceed to the next report criteria prompt.
To select an alert name, use the mouse to select the name you want from the menu. The name is displayed in the "Selection Criteria" box. Select as many names as you wish.
+----------------------------- Selection Criteria -----------------------------+ |Begin date : 01-Mar-1997 at 17:01 | |End date : 06-Mar-1997 at 23:59 | |Alert names : INVALID_LOGIN,MGMT,PRIV,URGENT | |Priorities : | |Min. incidents: | +------------------------------------------------------------------------------+ |
To remove one of the selected names, select the Remove Alert Name option at the bottom of the menu. A menu list of the selected alert names is displayed.
+--Select Alert Names--+
| ... |
| PAYROLL +Remove Alert Name-+
|--------------------| INVALID_LOGIN |
| Remove Alert Name | MGMT |
|--------------------| PRIV |
| Exit | URGENT |
+--------------------+------------------+
|
Use the mouse to select the name you want to remove. (In this example, PRIV is removed.) The name is removed from the list shown in the "Selection Criteria" box. Remove as many names as you wish.
+----------------------------- Selection Criteria -----------------------------+ |Begin date : 01-Mar-1997 at 17:01 | |End date : 06-Mar-1997 at 23:59 | |Alert names : INVALID_LOGIN,MGMT,URGENT | |Priorities : | |Min. incidents: | +------------------------------------------------------------------------------+ |
Select accept current default when you are done selecting alert names.
Use the reset menu option to erase the current selections and start over.
You can select the alert priority codes to include on the Alert report or include all priorities. The priority codes are 1-digit numbers from 1 to 9.
+Select Priorities+
| all |
|-----------------|
| 1 |
| 2 |
| 3 |
| 4 |
| 5 |
| 6 |
| 7 |
| 8 |
| 9 |
|-----------------|
| Exit |
+-----------------+
|
To include ALL priority codes, select all. "ALL" is displayed in the "Selection Criteria" box and you proceed to the next report criteria prompt.
To select a priority code, use the mouse to select the code you want from the menu. The selected code is displayed in the "Selection Criteria" box. Select as many priority codes as you wish.
To remove one of the selected codes, select the Remove Priority option. A menu of the selected codes is displayed. Use the mouse to select the code you want to remove. The code will be removed from the list shown in the "Selection Criteria" box. Remove as many codes as you wish.
Select accept current default when you are done selecting priority codes.
Use the reset menu option to erase the current selections and start over.
The selected codes are displayed in the report "Selection Criteria" box.
+----------------------------- Selection Criteria -----------------------------+ |Begin date : 01-Mar-1997 at 17:01 | |End date : 06-Mar-1997 at 23:59 | |Alert names : INVALID_LOGIN,MGMT,URGENT | |Priorities : 2,5,9 | |Min. incidents: | +------------------------------------------------------------------------------+ |
Incident counts are stored in the alert records. (The counts include all incidents that have occurred since INTOUCH INSA was installed or since the last incident file purge.) For the Alert report, you select a minimum incident number. For example, if you enter "25", this means that the selected alert names (i.e. INVALID_LOGIN, MGMT, URGENT) must each have an incident count of 25 or more in order to be included on the report.
The default is 0 minimum incidents.
+Minimum Incidents-+
| 0 |
| Enter Minimum |
|------------------|
| Exit |
+------------------+
|
| Select 0 to use as the minimum number. | |
| Select Enter Minimum if you want to enter a minimum number of incidents. |
If Enter Minimum is selected, you are asked for a minimum number of incidents. You can enter 0 or a minimum number.
Minimum number of incidents? 100___ |
Your number is displayed in the report "Selection Criteria" box.
+----------------------------- Selection Criteria -----------------------------+ |Begin date : 01-Mar-1997 at 17:01 | |End date : 06-Mar-1997 at 23:59 | |Alert names : INVALID_LOGIN,MGMT,URGENT | |Priorities : 2,5,9 | |Min. incidents: 100 | +------------------------------------------------------------------------------+ |
| Previous | Next | Contents | Index |