12.2.2. Custom Report Templates

Unlike regular report templates provided by the solution vendor, custom templates make it possible to generate reports tailored to user needs. The administrator can select the desired fields to display and set the criteria and possible groupings. The custom reports created in this way can be used in report rules along with the regular predefined reports. To create a custom report template, go to the Reports --> Custom report templates section, click Add, and provide these settings:




The name of the custom report template.


An optional description of the custom report template.


Select the data source for the template. Available values:

  • Events.

  • Web access.

  • Traffic.

  • IDPS.

  • SSH inspection.

  • Triggered alerts.

  • Endpoint events.

  • Endpoint rules.

  • Endpoint applications.

Filter query

An SQL-like query string that allows you to limit the amount of information used to generate a report based on this template. To construct a query, use field names and values, keywords, and operators. The data fields can be the columns listed below in the Columns field. For keywords and operators with examples of their use, see the Data Search and Filtering section.

Sort by

Specify the data field to sort the data by. The sorting can be in the ascending or descending order.

Group by

Specify the data field to group the data by.


The list of columns available for the specific data source.


The list of columns selected for display in the report.