Scheduling, Delivery, and Report Types

Scheduling, Delivery, and Report Types
How reports are scheduled and delivered is one of the most important features of reports. This determines how reports are consumed and, in a large way, their usefulness. These features are second only to the actual content of the report.
In Core Audit, Alerting is part of reporting to give alerting the full force of the reporting engine and delivery capabilities.

Alerting, Scheduling & Delivery

Reports in Core Audit are a way to extract information from the various repositories and organize it for outside consumption. The filtering and grouping options are discussed in Content & Layout.
The features below allow for a flexibility in the scheduling, file format, and deliver of the information:
  • Scheduler – The Core Audit reporting engine has a built-in scheduler for automatic generation and delivery of daily reports
  • Alerts – Alerts in Core Audit are reports that generate every 5 minutes and are sent if they contain data. The filters can control the information in the report can, thereby, determine when alerts are sent
  • Email – Core Audit can Email any report or alert. Email designation can be set on a global level for all reports or on a specific report by report basis
  • Files – All Core Audit reports and alerts are always saved to files in the report directory
  • HTML – Core Audit reports are generated by default in HTML. This allow the reports to be easy viewed on any device
  • CSV – Core Audit reports can be set to generate in CSV instead of HTML. The CSV format allows the report to be easily imported into spreadsheets or databases
  • Syslog & CEF – Core Audit can send reports and alerts to a syslog server. Core Audit supports both the regular syslog format as well as the ArcSight CEF format

Report Types

Core Audit has four different report types. Report types determines the type of information used for the report (e.g. a table in a repository). Therefore, each report type will offer different columns and filters.
  • Session – Session reports show successful and failed connections to the database. The columns and filters available are for usernames, programs, machines, OS Users, IPs etc
  • SQL – SQL reports show SQL activity captured in the compliance repository by the policies. The columns and filters available are for the relevant session (usernames, programs etc) and the SQL information (text in the SQL, SQL command, etc)
  • Anomaly – Anomaly reports analyze information in the two security repositories to find suspicious activity. The security repositories contain summary information about all the SQL activity in the database. The columns and filters available depend on the security repository in use and include usernames, programs, text in SQL etc. Anomaly reports also require anomaly parameters that define the anomaly to search for
  • Data Changes – Data changes reports are based on Redo Log scanning from the Logminer collector. The information is available for the tables defined in the logminer collector. The columns and filters available are table name, table owner, operation, before and after values etc