Reports help you analyze events to assess your compliance regulatory requirements, security best practices, and corporate IT policies. You can use reports to demonstrate compliance and manage information security risk.
Reports emphasize the event data and help you analyze events such as user account visibility, detection of possible security violations, account compromises, network security problems, and any other undesired activities. By analyzing reports, you can configure appropriate correlation rules and actions to prevent any possible non-compliance activities and vulnerabilities.
Consider a scenario where you have an IT policy that states to remove access rights of all employees to information and information processing facilities upon termination of their employment. To view all deleted, and disabled user accounts, and revoked accesses, you can run a report that displays the desired information in a few clicks. You can also schedule the report to run periodically at specific intervals.
You can generate various types of reports for administration and auditing purposes, including the following:
Administrative reports: Helps you to administer Sentinel and analyze Sentinel's internal audit events.
Network Security reports: Helps you to track and analyze traffic trends, network threats, and other vulnerabilities.
Threat Intelligence reports: Helps you to analyze complex security threats.
Identity Tracking reports: Helps you to analyze the events associated with the user identities.
PCI DSS reports: Helps you demonstrate that your enterprise is in compliance with PCI DSS standards.
ISO 27000 Series reports: Helps you to generate reports to demonstrate that your enterprise is in compliance with ISO 27000 series standards.
This chapter provides information about the following: