Running reports

Run reports to view events that have occurred due to enforced SRP process and AppLocker rules, as well as reports to show Windows Anti-Malware information, including the following:

  • General
    • Enforcement Summary
  • Anti-Malware
    • Action Results
    • Outdated Clients
    • Malware Outbreak
    • Top Infected Endpoints
    • Anti-Malware Blocks
    • Anti-Malware Definition Versions
    • Anti-Malware Engine Versions
  • AppLocker
    • AppLocker Warnings
    • AppLocker Blocks
  • SRP
    • SRP Process Blocks
  1. Select Reports from the left navigation.

  2. On the Reports page, click Create Report.
  3. On the Create Report page, select the Computer Group and Report Type. Depending on the Report Type you select, you may have to specify the Report Time and Number of Endpoints.

    Reports for Anti-Malware Definition Versions and Anti-Malware Engine Versions always retrieve current data and do not have the Report Time setting.

  4. Select Include on Homepage if you want your report to appear on the Protect Home page with the latest data. You can have a maximum of four reports on the Home page. If no more reports can appear on the home page, you will see Max number of reports on homepage reached.
  5. Click Create.

On the Reports page, results are shown in bar chart. Reports refresh every 10 seconds.

 

 

On the Reports page, you can do any of the following from the default bar chart view:

  • Click Add to home or Remove from home to add the report to or remove the report from the Home page.
  • Click close to delete a report.
  • Click export to export results to a CSV file.
  • Click the title of the report to view more details about that report, including an approximate number of Occurrences on endpoints for each result.

Occurrences is the approximate count of events on endpoints.

From the detailed view, you can do any of the following:

  • If a report is complex and includes extensive data, click tree to show results in a tree map view. Click bar to return to the default bar chart view.
  • Select the number of results you want shown in the drop-down list at the top right of the page.
  • Click Save View if you want to save the chart type and number of results shown for the next time you run a report.
  • Click View All in Interact to load the question in the Tanium Interactâ„¢ (Interact) so that you can review the full set of the results.
  • Click next to a result item to load the question filtered for that item in Interact.
  • Use the Search field to filter the list of items.
  • Click full screen to expand the list of items. This expanded view shows the full data set of the results, such as Severity.

Last updated: 5/23/2018 10:30 AM | Feedback