11-06-2019 12:21 AM
Hello,
I have created a custom report with the following settings in Panorama:
set shared reports "Threat Summary-Diario" type panorama-thsum sortby count
set shared reports "Threat Summary-Diario" type panorama-thsum group-by srcloc
set shared reports "Threat Summary-Diario" type panorama-thsum aggregate-by [ category-of-threatid threatid subtype src direction severity action app ]
set shared reports "Threat Summary-Diario" type panorama-thsum values count
set shared reports "Threat Summary-Diario" topn 500
set shared reports "Threat Summary-Diario" topm 50
set shared reports "Threat Summary-Diario" caption "Threat Summary-Diario"
set shared reports "Threat Summary-Diario" period last-calendar-day
set shared reports "Threat Summary-Diario" frequency daily
If you run the report with the "Run Now" option you get 750 lines.
If the same report is executed automatically when you have activated the "Schedule" option, only 30 lines are output.
Why this difference?
11-06-2019 07:41 AM
@sbprietoc It is because you are using the "threat summary" for base of the reports. Panorama tries to aggregate the data at 15 min intervals and you get unpredicatble results. If you use the actual "Threat" database then the "run now" should be identical to the scheduled.
"The firewall aggregates the detailed logs at 15-minute intervals. To enable faster response time when generating reports, the firewall condenses the data"
11-07-2019 11:03 PM
Hello @BatD
Unfortunately, the result is a little better, but it's still different.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
