We need a scheduled report for incidents handled by our SOC team every month, we need complete executive report summary of incidents, Ex: incident name, incident category , severity ,evidence message, security indicators like Mitre attack ,credential access ,brute force etc., incident remediation details
Hi
Today we have a number of public facing APIs which can be used to build out reports and include most of what you have called out. Appreciate though that this is not in product. The investigation audit log could also be used in conjunction with the IDR reporting capability to address some of your needs.
Next up we are getting ready to launch an Alert Triage experience to all IDR customers (Q1 '25). We have an early access program open at the moment if you want to check it out, just mention to your account team. While it does not include a report scheduling capability, it will allow you to create workspaces with the various alert elements that you need.
Longer term we are looking at platform based reporting where we consolidate SOC metrics.
Hope this helps
Darrragh
@darragh_delaney2 we have checked Investigation Audit Log Report., it do meet some of our requirements but the thing its outpout comes in a CSV/xlsx format & we have a pdf format executive report
Hi,
The InsightIDR dashboard and reporting feature has a PDF option and you can schedule these reports.
Would that work for your use case?
Darragh
Otherwise, through API’s move everything over to something like bigquery and show everything through looker Studio.