Each query group contains multiple individual queries, each of which correspond to a chart that will appear in the generated report. You can select all queries within the group by marking the check box of the query group, or you can expand the query group and then individually select each query that you want to include:

For example:

 

 

 

Ranked reports (top x, or top y of top x) can include a different number of results per cross-section, then combine remaining results under “Others.” For example, in Top Sources By Top Destination, the report includes the top x destination IP addresses, and their top y source IP addresses, then groups the remaining results. You can configure both x and y in the Advanced section of Report Format

In ranked reports, (“top x” report types, such as Top Attack Type), you can specify how many items from the top rank will be included in the report. For example, you could set the Top Attack URLs report to include up to 30 of the top x denied URLs by entering 30 for values of the first variable 1.. 30.

Some ranked reports rank not just one aspect, but two, such as Top Sources By Top Destination: this report ranks top source IP addresses for each of the top destination IP addresses. For these double ranked reports, you can also configure the rank threshold of the second aspect by entering the second threshold in values of the second variable for each value of the first variable 1..30.

Note: Reports that do not include “Top” in their name display all results. Changing the ranked reports values will not affect these reports.

Type the value of x to include for the first cross-section.

Type the value of y.

This value is only considered if the report rankings are nested (i.e. top y of top x).

Enable to include a listing of the report profile settings.

Enable to include a table of contents for the report.