Customization of existing dashboard
Hello. In this video, you will learn how to create simple, a.k.a. ‘basic,’ reports in ACDI.
There are two ways to do this. The first is to find a report that is similar to the report you want to get and then save it as a copy to customize or edit it.
The second is to create a report from scratch. Let's do it.
You need to go to the “Manage” submenu, then select “Create New Report.”
On this page, fill in all the mandatory attributes. The Display name serves as the report’s name. Here you can select a color for the Report card.
The main index name is the name of the source type indices that store data. Data from the snapshots are stored in indices with the name starting with “report” when data from events are stored in indices with the prefix audit: “audit-default,” “audit-ad,” or “audit-azure.” Let’s assume you want to create a report based on event data from the eDirectory. This means you need to enter “audit default” as the main index name. Later you will also need to create an entity and select it in this field.
Later you will also need to create an entity and select it in this field.
The “default sort attribute” here will be “Object DN.” Select “Asc” (“Ascending”) for the “Sort order.” Let's set “Amount of records” to 1000. This number represents the number of records you will get in the final table.
Pagination will be enabled later. This number is critical only for heavy reports with a large number of attributes that will be displayed in the final table. The “Default time shift” and “Default time metric” are the settings of the default time selector. Let's go for “7 days.”
Switch on the “Round day-time value” and set it to “day.”
When enabling the “Slice load,” you increase the performance of heavy reports. If you have a huge number of attributes to be displayed in the result table, use the switcher here to enable the feature and the configure size of the slice, for example, 10. Hence, the final results table will be loaded 10 pieces at a time.
Hence, the final results table will be loaded 10 pieces at a time.
Some browsers have limits on data they can display on their front end. That's why you need to set a data limit here to show on the front end. Let's go for 10 megabytes.
Okay, now it’s time to create the first entity.
Let’s name it “audit_users” because the report you are creating now will show only users that have been added during the selected time period.
The “Query to filter” setting is a query that will help you filter only objects with events you are interested in.
For example, you want “Object\Class:User.” Quick note here: Please make sure you always enclose spaces in attribute names with a backslash. Let’s finish the settings: “Object\Class:User AND Operation:ADD.”
In the “DateTime” field you need to define which field you will use as the DateTime field.
All events in the audit indices have two types of dates. One is the audit time, and the second one is the event time.
The difference between them is that the audit time is the time when the driver processes an event. If for some reason the driver loses connection to Opensearch, ACDI will store events in the cache. And the audit time in this case may significantly differ the from event time.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch