IBM Support

QRadar EDR (formerly ReaQta): Generating reports

Question & Answer


Question

How do you generate reports for QRadar EDR (formerly ReaQta) endpoints and what options are available?

Answer

The Reporting feature is accessed by logging in to the ReaQta server web interface and clicking the Reports option in the menu:
image-20220316114605-2
The Reports page offers you two types of reports to create: Scheduled and Ad Hoc:
image-20220316114726-3

Scheduled Reports

To create a Scheduled Report, click the Create Scheduled Report button:
image-20220316114847-4
Enter the required information and click the Create button:
Create Scheduled Report
The only options available are frequency (Daily, Weekly, Monthly), Start Date, and Time Zone.
You are allowed to supply a logo image that is included at the top of the report. The recommended dimensions are 400x300px with a maximum size of 2MB. Supported formats are JPG, PNG or SVG.
You can also specify one or more email addresses to send the report to. All addresses specified are added to a BCC field for security reasons. You can also provide a custom email message along with the report.

Ad Hoc Reports

To create an Ad-Hoc Report, click the Create Ad Hoc Report button:
image-20220316115759-6
Enter the required information and click the Create button:
image-20220316115945-7
The only options are Date Range, Starting Date, and Time Zone.
You are allowed to supply a logo image that is included at the top of the report. The recommended dimensions are 400x300px with a maximum size of 2MB. Supported formats are JPG, PNG or SVG.
There is no email option for the Ad Hoc reports.
Once an Ad Hoc report is generated, you see a View report option:
image-20220316120801-8
The report includes the following:
Overview: Alerts per day, Total open alerts, Mitre Att@ck Tactics, Top 5 key events
Device Information: Endpoints with ReaQta Agent, OS Breakdown
Destra Information
Alert Information

Editing a Report

To edit a report after generation, open the report and click the Edit button:
image-20220325100858-1
You are presented with 4 options for editing:
image-20220325101043-2
  • The Edit Summary option enables entering custom text in the Executive summary section.
  • The 'Remove Unneeded Widgets' option enables removing individual widgets from the report. If you click the 'x' on each widget, it changes to a '+' and the widget dims. Clicking the '+' restores the widget to the report.
  • The Destra and Alerts sections enables choosing how many alerts to show, whether to include malicious content only, and what tags to include.

Exporting a Report

To export the report to a PDF file, click the Export button:
image-20220325102127-3

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSBAA2","label":"Administrative Tasks-\u003EReports"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Product Synonym

ReaQta

Document Information

Modified date:
17 May 2023

UID

ibm16564041

Page Feedback