Unlike Dashboards and scheduled searches, reports can be modified, allowing flexibility, including:
- Identify long term trends. Change the time range of a report to get additional information that extends beyond the reach of Dashboards.
- Modify to get a closer look. Need additional insight into events on a singe host? Or perhaps trying to find more details of a user's activity? Reports can return very granular information by making just a few edits to the query. You can choose to save an edited report as a saved search on its own.
- Concentrate efforts. If one area of your deployment is trickier to keep in compliance, run a report more target report at a more frequent interval.
Why aren't Reports included in Dashboards?
Reports are designed to deliver very specific, granular information, which is not always aggregated, so that individual log messages may be returned in search results.
Think of Reports as a tool to augment discoveries uncovered by the constant search results delivered by Dashboards.
Included PCI Reports
The following reports are included with the Sumo Logic Application for PCI Compliance:
- Account Access Activity.
- Account Management Activity.
- Actions by Privileged Accounts.
- Audit Log Cleared.
- AV Failed Updates.
- AV Malware Activity.
- Network Device Configuration Changes.P
- Network Incident Report.
- Potential Credit Card Data Found.
- Prohibited Service Activity.
- Software Updates.
- System Time Change.
All of these reports can be run ad-hoc, or can be saved as scheduled searches.