Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

exporting reports in pdf

Authority
Posts: 21
5900     0

Hi ,

 

i am running NIOS 8.3 and when i export top rpz report and export in pdf there display is not proper , some columns are showing on the second page which is not proper to present to mangment,any body facing same issue and having any soloution.

i bileve we can play with xml code any body done this share it.

 

Thanks

 

Shaukat

Re: exporting reports in pdf

[ Edited ]
Superuser
Posts: 81
5900     0

Hello Shaukat,

 

There are 10 columns in the predefined version of ‘DNS Top RPZ Hits’ report/dashboard & they all appear to be fitting well in a PDF taken from my lab. The only probability that I can think of is when the vaues of your respective fields are longer in size, yes , you may run into the problem observed. Are there any fields which you tried to skip to accommodate the remaining in a single page ? If not try this from :

 

Reporting -> Reports -> ‘DNS Top RPZ Hits’ (Select open in search) -> Clone the report -> Remove the unwanted tables from the string  (table "Client ID", "Total Client Hits", "Domain Name", "RPZ Entry", "RPZ Severity", "Total Rule Hits", "Mitigation Action", "Subscriber ID", "Substitute Address", Time) -> Save as a new report -> Try exporting as PDF now.

 

Best regards.

Re: exporting reports in pdf

Authority
Posts: 21
5900     0
_COUNT, MITIGATION_ACTION, RPZ_SEVERITY, RECORD_DATA RPZ_QNAME | stats sum(TOTAL_COUNT) as TOTAL_COUNT, sum(QCOUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, MITIGATION_ACTION, RPZ_SEVERITY, RECORD_DATA RPZ_QNAME | convert ctime(_time) as Time | eval MITIGATION_ACTION=case(MITIGATION_ACTION == "PT", "Passthru", MITIGATION_ACTION == "NX", "Block (No Such Domain)", MITIGATION_ACTION == "ND", "Block (No Data)", MITIGATION_ACTION == "SB", "Substitute", MITIGATION_ACTION == "A1", "Substitute (A)", MITIGATION_ACTION == "A4", "Substitute (AAAA)", MITIGATION_ACTION == "AA", "Substitute (A/AAAA)", MITIGATION_ACTION == "DN", "Substitute (Domain Name)", MITIGATION_ACTION == "ER", "Error") | eval RPZ_SEVERITY=case(RPZ_SEVERITY == "4", "INFORMATIONAL", RPZ_SEVERITY == "6", "WARNING", RPZ_SEVERITY == "7", "MAJOR", RPZ_SEVERITY == "8", "CRITICAL", RPZ_SEVERITY == "", "") | eval SUBSCRIBER_ID=if(isnull(SUBSCRIBER_ID),"N/A: N/A",SUBSCRIBER_ID) | rename SUBSCRIBER_ID as "Subscriber ID", CLIENT as "Client ID", QCOUNT as "Total Client Hits", DOMAIN_NAME as "Domain Name", TOTAL_COUNT as "Total Rule Hits", RPZ_QNAME as "RPZ Entry", RPZ_SEVERITY as "RPZ Severity", MITIGATION_ACTIindex=ib_dns_summary report=si_dns_rpz_hits | lookup dns_viewkey_displayname_lookup VIEW output display_name | eval DNS_VIEW =if(isnull(display_name), "NULL",display_name) | stats sum(COUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, orig_host, TOTAL_COUNT, MITIGATION_ACTION, RPZ_SEVERITY, REDIRECTION_RECORD, RPZ_QNAME, SUB_TYPE, SUB_VAL | eval SUBSCRIBER_ID = SUB_TYPE + ": " + SUB_VAL | stats sum(TOTAL_COUNT) as TOTAL_COUNT, sum(QCOUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, MITIGATION_ACTION, RPZ_SEVERITY, REDIRECTION_RECORD, RPZ_QNAME, SUBSCRIBER_ID | where MITIGATION_ACTION != "ER" | convert ctime(_time) as Time | eval MITIGATION_ACTION=case(MITIGATION_ACTION == "PT", "Passthru", MITIGATION_ACTION == "NX", "Block (No Such Domain)", MITIGATION_ACTION == "ND", "Block (No Data)", MITIGATION_ACTION == "SB", "Substitute", MITIGATION_ACTION == "A1", "Substitute (A)", MITIGATION_ACTION == "A4", "Substitute (AAAA)", MITIGATION_ACTION == "AA", "Substitute (A/AAAA)", MITIGATION_ACTION == "DN", "Substitute (Domain Name)", MITIGATION_ACTION == "ER", "Error") | eval RPZ_SEVERITY=case(RPZ_SEVERITY == "4", "INFORMATIONAL", RPZ_SEVERITY == "6", "WARNING", RPZ_SEVERITY == "7", "MAJOR", RPZ_SEVERITY == "8", "CRITICAL", RPZ_SEVERITY == "", "") | rename CLIENT as "Client ID", QCOUNT as "Total Client Hits", DOMAIN_NAME as "Domain Name", TOTAL_COUNT as "Total Rule Hits", RPZ_QNAME as "RPZ Entry", RPZ_SEVERITY as "RPZ Severity", MITIGATION_ACTION as "Mitigation Action", SUBSCRIBER_ID as "Subscriber ID", REDIRECTION_RECORD as "Substitute Address" | append [search index=ib_dns_summary report=si_dns_rpz_hits | eval DNS_VIEW =if(isnull(display_name), "NULL",display_name) | eval RECORD_DATA=if(isnull(RECORD_DATA),"",RECORD_DATA) | eval RPZ_QNAME=if(isnull(RPZ_QNAME),"",RPZ_QNAME) | eval RPZ_SEVERITY=if(isnull(RPZ_SEVERITY),"",RPZ_SEVERITY) | where MITIGATION_ACTION != "ER" | stats sum(COUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, orig_host, TOTALON as "Mitigation Action", RECORD_DATA as "Substitute Addresses"  ] | sort -"Total Client Hits" | head 100 | table "Client ID", "Total Client Hits", "Domain Name", "RPZ Entry", "RPZ Severity", "Total Rule Hits", "Mitigation Action", "Subscriber ID", "Substitute Address", Time

Hi ,

 

can you change the attached code for for me and remove the 2 coloumns for me 

Re: exporting reports in pdf

Authority
Posts: 21
5900     0
_COUNT, MITIGATION_ACTION, RPZ_SEVERITY, RECORD_DATA RPZ_QNAME | stats sum(TOTAL_COUNT) as TOTAL_COUNT, sum(QCOUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, MITIGATION_ACTION, RPZ_SEVERITY, RECORD_DATA RPZ_QNAME | convert ctime(_time) as Time | eval MITIGATION_ACTION=case(MITIGATION_ACTION == "PT", "Passthru", MITIGATION_ACTION == "NX", "Block (No Such Domain)", MITIGATION_ACTION == "ND", "Block (No Data)", MITIGATION_ACTION == "SB", "Substitute", MITIGATION_ACTION == "A1", "Substitute (A)", MITIGATION_ACTION == "A4", "Substitute (AAAA)", MITIGATION_ACTION == "AA", "Substitute (A/AAAA)", MITIGATION_ACTION == "DN", "Substitute (Domain Name)", MITIGATION_ACTION == "ER", "Error") | eval RPZ_SEVERITY=case(RPZ_SEVERITY == "4", "INFORMATIONAL", RPZ_SEVERITY == "6", "WARNING", RPZ_SEVERITY == "7", "MAJOR", RPZ_SEVERITY == "8", "CRITICAL", RPZ_SEVERITY == "", "") | eval SUBSCRIBER_ID=if(isnull(SUBSCRIBER_ID),"N/A: N/A",SUBSCRIBER_ID) | rename SUBSCRIBER_ID as "Subscriber ID", CLIENT as "Client ID", QCOUNT as "Total Client Hits", DOMAIN_NAME as "Domain Name", TOTAL_COUNT as "Total Rule Hits", RPZ_QNAME as "RPZ Entry", RPZ_SEVERITY as "RPZ Severity", MITIGATION_ACTIindex=ib_dns_summary report=si_dns_rpz_hits | lookup dns_viewkey_displayname_lookup VIEW output display_name | eval DNS_VIEW =if(isnull(display_name), "NULL",display_name) | stats sum(COUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, orig_host, TOTAL_COUNT, MITIGATION_ACTION, RPZ_SEVERITY, REDIRECTION_RECORD, RPZ_QNAME, SUB_TYPE, SUB_VAL | eval SUBSCRIBER_ID = SUB_TYPE + ": " + SUB_VAL | stats sum(TOTAL_COUNT) as TOTAL_COUNT, sum(QCOUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, MITIGATION_ACTION, RPZ_SEVERITY, REDIRECTION_RECORD, RPZ_QNAME, SUBSCRIBER_ID | where MITIGATION_ACTION != "ER" | convert ctime(_time) as Time | eval MITIGATION_ACTION=case(MITIGATION_ACTION == "PT", "Passthru", MITIGATION_ACTION == "NX", "Block (No Such Domain)", MITIGATION_ACTION == "ND", "Block (No Data)", MITIGATION_ACTION == "SB", "Substitute", MITIGATION_ACTION == "A1", "Substitute (A)", MITIGATION_ACTION == "A4", "Substitute (AAAA)", MITIGATION_ACTION == "AA", "Substitute (A/AAAA)", MITIGATION_ACTION == "DN", "Substitute (Domain Name)", MITIGATION_ACTION == "ER", "Error") | eval RPZ_SEVERITY=case(RPZ_SEVERITY == "4", "INFORMATIONAL", RPZ_SEVERITY == "6", "WARNING", RPZ_SEVERITY == "7", "MAJOR", RPZ_SEVERITY == "8", "CRITICAL", RPZ_SEVERITY == "", "") | rename CLIENT as "Client ID", QCOUNT as "Total Client Hits", DOMAIN_NAME as "Domain Name", TOTAL_COUNT as "Total Rule Hits", RPZ_QNAME as "RPZ Entry", RPZ_SEVERITY as "RPZ Severity", MITIGATION_ACTION as "Mitigation Action", SUBSCRIBER_ID as "Subscriber ID", REDIRECTION_RECORD as "Substitute Address" | append [search index=ib_dns_summary report=si_dns_rpz_hits | eval DNS_VIEW =if(isnull(display_name), "NULL",display_name) | eval RECORD_DATA=if(isnull(RECORD_DATA),"",RECORD_DATA) | eval RPZ_QNAME=if(isnull(RPZ_QNAME),"",RPZ_QNAME) | eval RPZ_SEVERITY=if(isnull(RPZ_SEVERITY),"",RPZ_SEVERITY) | where MITIGATION_ACTION != "ER" | stats sum(COUNT) as QCOUNT by _time, CLIENT, DOMAIN_NAME, DNS_VIEW, orig_host, TOTALON as "Mitigation Action", RECORD_DATA as "Substitute Addresses"  ] | sort -"Total Client Hits" | head 100 | table "Client ID", "Total Client Hits", "Domain Name", "RPZ Entry", "RPZ Severity", "Total Rule Hits", "Mitigation Action", "Subscriber ID", "Substitute Address", Time

Hi ,

 

can you change the attached code for for me and remove the 2 coloumns for me 

 

Thanks 

Re: exporting reports in pdf

Authority
Posts: 21
5901     0

Hi ,

 

Reports are fine in previous version this issue was observed in latest 7.3 i bileve as i contact with support team and they confirm that they have the same issue.

can you share your xl code of reports "top RPZ report" so that i can paste and check.

as per your advise i will test and share your finding.

 

 

Thanks

Shaukat

Showing results for 
Search instead for 
Did you mean: 

Recommended for You