Citrix Analytics for Security

Custom reports

A custom report is a report that you create with the dimensions and metrics of the events received from your data sources. The supported data sources are Access Control, Content Collaboration, and Virtual Apps and Desktops.

Dimensions are the data attributes such as user names, domain names, and content categories that are used to group the events. Metrics are the measurable entity such as data download and data upload.

A report helps you to organize your data graphically based on your operational requirements, provide meaningful insights to better understand and improve your business performance, and its trends.

How to create a custom report

  1. From the Security tab, click Reports > Create Report.

    Report link

  2. On the Create Report page, use the following fields to create a report:

    • DATA SOURCE. Click the down arrow and select the data source for which you want to create a report. Currently, there are three data sources- Access Control, Content Collaboration, and Virtual Apps and Desktops for which you can create a report. Click View events to go to the self-service search page for the selected data source.

      Custom report data source

    • METRICS. Data used for quantitative measurements. The metric values change based on the selected data source. For example, if you choose Access Control, the measurable metrics are Data Download, Data Upload. The metric data is displayed on the y-axis of the report. Use the search field to search for the available metrics for the selected data source.

    • DIMENSIONS. Data attributes associated events received from the data source. The dimension values change based on the selected data source. For example, if you choose Access Control, you can group your events based on dimensions such as city, content category, operating systems, device. The dimension values are displayed on the x-axis of the report. Use the search field to search for the available dimensions for the selected data source.

      Custom report metrics and dimensions

      The table lists the available dimensions based on the data source.

      Data source Dimension Description
      Access Control User-Name Group the events by the user names.
        User Agent Group events by the User-Agent field used in the HTTP protocol.
        Domain Group the events by the domain names.
        Request Group events by the HTTP request methods.
        Content Category Group events by the content categories such as audio, binary, font, and image.
        Content Type  
        Action Group events by the actions taken such as allow, block, and redirect.
        URL Group events by the accessed URLs.
        URL Category Group events by the URL categories such as business, industry, and computing.
        Reputation Group events by the URL reputations such as clean, malicious, dangerous, and unknown.
        Country Group events by the countries where users are located.
        City Group events by the cities where users are located.
        Browser Group events by the browsers used by the users.
        OS Group events by the operating systems of the devices.
        Device Group events based on the used devices such as Android phones, iPhones, and MacBook.
      Content Collaboration User Email Group events by the emails of the users.
        User Name Group events by the Content Collaboration user names.
        Account Id Group events by the account IDs of the users.
        Alias Id Group events by the alias IDs of the users.
        OAuth-Client-Id  
        Created-By Group events by the users who created the contents.
        Event User Id  
        File Name Group events by the file names.
        Folder Id Group events by the folder IDs.
        Folder Name Group events by the folder names.
        Form Id Group events by the form IDs.
        Is Employee Group events by users’ employment status in your enterprise.
        Operation Name Group events by user operations such as browse, copy, and paste.
        Country Group events by the countries.
        City Group events by the cities.
        Client IP Group events by the client machines IPs.
        Client OS Group events by the operating systems of the client machines.
        Resource Id  
        Resource Type  
      Virtual Apps and Desktops Event Type Group events by the event types such as Account Logon, Session Launch, Session Launch, and App Start.
        Country Group events by the countries.
        City Group events by the cities.
        User Name Group events by the user names.
        IP Address Group events by the clients’ device IP addresses.
        Device Id Group events by the client names or hardware IDs.
        JailBroken Group events by the jail broken or rooted devices.
        OS Group events by the operating systems of the user devices.
        Browser Group events by the browser names.
        Session Launch Type Group events by the session types such as desktop or apps.
        App Name Group events by the names of the virtual apps or desktops launched.
        Session Server Name Group events by the servers.
        Session User Name Group events by the users using the session.
        Session Domain Group events by the session domains.
        File Download File Name Group events by the downloaded files.
        File Download Device Type Group events by the device names in which files have been downloaded or transferred.
        File Download Path Group events by the locations where files have been downloaded or transferred.
        Printer Name Group events by the printers used for printing.
        Printing Job Details Group events by the printing job details such as file size, file format. The printed file name is available only from the SaaS apps printing event.
        App-URL Group events by SaaS app launched URLs.
        Clipboard Operation Group events by the clipboard operations such as cut, copy, paste. The clipboard operations are supported only by the SaaS applications.
        Clipboard Details Group events by the clipboard details.
    • VISUALIZATION. Select one of the visualizations for displaying the report. Currently, four visualization types are available:

      Custom report visualization

      • Bar chart: Presents data with vertical rectangular bars with height proportional to the values. Used for comparing events.

        Custom report bar chart

      • Scatter plot: Presents data with dots that represent the values. Used for determining correlation between events.

        Custom report scatter plot

      • Line chart: Presents data with dots connected by straight line segments. Used to visualized data trend over time period.

        Custom report line chart

      • Table: Presents data in rows and columns.

        Custom report table

      Select the appropriate visualization type for your report. Add dimensions for the x-axis and the columns. Add metrics for the y-axis. The x-axis accepts only two dimension values whereas the y-axis accepts only one metric value. The columns accept up to eight dimension values. The number of rows in the table varies based on the available events for the selected time period.

    • TIME PERIOD. Select a time period of the events for which you want to create a report. You can select a predefined period such as 1 hour, 12 hours, 1 day, 1 week, 1 month or enter a custom range according to your requirement.

    • FILTERS. In the Data fields, click the plus (+) icon to apply filters on the dimensions that you have chosen for the x-axis. Select the required data that you want to show in your report. For example, add the dimension Reputation and then select facet data such Dangerous Access, Malicious Access to create a report based on the selection.

      Custom report filters

    • NAME OF THE REPORT. Specify a title for your report.

  3. Preview the report and click Save.

Example- A bar chart to show data download across countries

You want to create a bar chart to show the data download across countries and view its trend. Choose the Access Control data source. In the VISUALIZATION section, choose the bar chart, add the Country and Content-Category dimensions for the x-axis, and the Data Download metric for the y-axis. Choose the required time period and on the FILTERS section choose the following values for the dimensions Country and Content-Category that you want to show on the x-axis.

  • Country: China, France, Ireland

  • Content Category: applications, audio, binary, font, and image.

Preview the chart and specify a name for the chart before saving it. This chart helps you to compare the data download volume and the types of contents according to the countries.

Custom report example

Similarly, you can create multiple charts by selecting the dimensions and metrics corresponding to the selected data source.

How to view and modify a report

After you have created and saved a report, you can view the report on the Reports page. You can also modify or delete a saved report.

To view and modify a report:

  1. On the Security page, click Reports.

  2. The saved reports are displayed along with the following information:

    • REPORT NAME. The name of the report that you have specified.

    • TYPE. The visualization types such as bar chart, event chart, line chart, or table.

    • CREATOR. An administrator who created the report.

    • DATE. The time and date when the report was created.

    Saved reports

  3. Click the arrow (>) icon placed before a report name to expand and preview a report.

    Custom report expanded view

  4. Click a report name in the list for a detailed view.

  5. Click Edit to modify the report and then click Update to save the report.

  6. Click Delete if you want to delete the report.

Custom reports