Common questions about the Reporting area of QRadar.
1) Is a list of all reports in QRadar available in the documentation?
As reports are constantly updated, we do not include them in any of the QRadar guides. In addition, depending on the features you add - QVM, QRM, and Content packs, you will have different list of reports available in your system. The attached script, "reportlist.pl" will allow you to query the report templates and get a list of all report titles & descriptions. Any problems with this script, please comment here.
[root@csd8 support]# ./reportlist.pl -h
Usage: parse_report.pl [-ah] [-f reportfilename]
-a: print list of ALL report files
-h: this help
-f filename: print details of specific report file
# - This script should only be used on the QRadar console
# - This report includes all reports, it does not filter on enabled/disabled.
# - Output is 2 dash (--) delimited, with 2 columns
# for title & description, one per line, as some
# of the report titles & descriptions have commas
# in them.
# - Redirect output to a file and import into
# excel for readability.
# parse_report -a > listofreports.csv
# - If you have email setup on
# your QRadar server, you can also redirect the output
# to an email with:
# parse_report.pl -a | mail -s "qradar report list" user.com
# - Note, errors about
# "Wide character in print at ./report_parse.pl line 90."
# can be ignored, as perl has issues with some of the longer
# characters used for internationalization. These are not redirected
# to your output file or email, since they print to
# the ssh/console only.