What is a Report?

Basically, reports are saved search results. Reports can be scheduled or can be executed when needed.

Exercise

For this part, we are going to use a simple request to find connections failed with account that contain admin. Our request is: source="WinEventLog:" index="winlog_clients" EventCode=4625 AND Nom_du_compte=Admin*

Maybe you need to change the "Nom_du_compte" to "accountname".

• Try your request in the search bar

• Goes to the Save As menu and select

• Give a title and a description of your report

• Save and go to View

Edit or Delete an Existing Report

• From the Search App, go to the Reports sections

Here you can find all existing reports.

• Select the report created a few minutes ago.