Creating Reports

With FIM, you can create a variety of reports to gain insight into the events and incidents occurring in your file system. You can either leverage QQLs from Qualys Query Library or make use of the saved searches, or even enter your own custom queries, based on which change event data is filtered and included in the FIM reports.

After a report is generated, you can download the report in PDF, CSV, or HTML format.

Important: As per PCI DSS guidelines, event data is retained for 13 months on the Qualys platform. Hence, the on-demand reports can be generated for data collected in the past one year. Once generated, reports are purged from the Qualys platform after seven days from the day of generation.

To create reports:

1. In the FIM UI, navigate to the Reports > Report Rules tab and click Create Report Rule.

The Report Rule page for report rule creation

2. In the Report Details page, provide the report rule name, a brief description, and specify the format for the report.

3. In the Query text box, enter your rule query for the report by using QQL tokens.

For example, use the following rule to create automated incidents or alerts for unauthorized deletion of log files:

file.name:'*.log' and action:Delete

Alternatively, do one of the following:

4. You have the following two options for report generation:             

By default, the current date and current time+20 minutes are selected in the Start Date and Start Time boxes respectively. You can manually change the time if required.

5. In the Consider events from <day> drop-down box, specify the duration to consider for the events to be included in the report. By default, the value selected is Today.

6. Perform the following steps if you want to set up a recurring schedule:

The default value is the current time+20 minutes. You can manually change the time if required.

7. Click Notification if you want to send notifications to users when a report is generated and then provide the following and then click Next:

The notification email will include the link to download the report from the Qualys platform. You must provide your Qualys platform user ID and password to download the report.

Note: The report link is valid for seven days. You must download the report before the link expires.

After the report rule is created, it is listed in the Report Rules tab.

Report Rule sub-tab under Report tab

Note: The event record limit for CSV reports is 1 million and for HTML and PDF, the limit is 100,000. Records beyond this limit will be truncated.