Samurai MDR Reporting

Reporting provides you valuable insight into your MDR service and includes metrics which help understand your organizations security posture and value of Samurai MDR.

A standard template entitled Executive Overview is currently available which has been designed to address common needs and highlights different facets of the service.

Create a Report

To create a PDF report from the standard template:

  1. Login to the Samurai MDR application
  2. Select Reports from the main menu
  3. Select Create Report
  4. Enter a Title for your report (if you do not enter a title, we default to the current template - Executive Overview)
  5. Select a Report start date (this will be from 00:00:00 UTC of start date)
  6. Select a Report end date (if the current date is selected, the current time will be used. If the current date is not selected the end of day 23:59:59 is used)
  7. Select Create Report

Report Status

As a report is generated, the status is depicted by the following colors:

StatusDescription
QueuedQueued and generation of the report will begin
RunningReport generation is running
FailedReport generation has failed
CompletedReport is complete and available for download

notice_icon.png Should your report fail, click on retry. If it continues to fail check your report start and end date. If all else fails raise a ticket with us!

Viewing a Report

You can view a report once generation has completed by downloading in PDF format, simply click on download ().

The report will be saved in the following format: ‘Title’_‘start-date’_-_’end-date’.pdf.

Reporting Functionality

  • Column Filtering ()

    • Select Columns to toggle on or off any of the column fields to optimize your view of all report

  • Filtering ()

    • Filter your report list view by any of the fields

  • Export Report List ()

    • You can export your report list to a CSV file

  • Refresh ()

    • Refresh your page view

The Executive Overview Template

The executive overview template was designed to provide insight into the MDR service over a reporting time period you can specify. The report itself is intuitive and self explanatory however below is an outline and description of each report section:

Service Activity

This section of the report focuses on activity related to security incidents, requests submitted by your organization via the Samurai MDR application and integration data within the specified reporting period of the report. This includes:

  • The number of new and closed Security incidents reported to your organization over the reporting period selected.

  • The number of new and closed Requests submitted by your organization over the reporting period selected.

  • New security incidents by severity

    • If new security incidents were reported to you within your selected reporting period then a graph will be displayed depicting the number of open security incidents by severity.
    • Review Security Incidents for additional information on security incident reporting and severities and MDR Incident Management for our incident management process.

  • Closed security incidents by severity

    • If security incidents were closed during your selected reporting period then a graph will be displayed depicting the number of closed security incidents by severity.

  • New security incidents by MITRE ATT&CK category

    • If new security incidents were reported to you within your selected reporting period then a table will be displayed outlining the number of security incidents reported ranked by MITRE ATT&CK category.

  • Security incidents

    • A table providing additional information of each security incident within the reporting period ranked by creation date.

  • Security Monitoring Funnel

    • The funnel graphic depicts the total number of events from your telemetry sources ingested into Samurai, the alerts that were analyzed and validated security incidents reported to your organization. This funnel infers the value of the service based on the data analyzed focusing on detecting and reporting threats to your organization.

  • Data Usage

    • This graphic is helpful for you to understand your subscription quota against actual usage.

  • Data ingested per product

    • Graph depiction of data usage per integrated telemetry data source within the reporting period.

  • Data Ingested

    • Further detail on data ingested per integrated telemetry data source within the reporting period.

  • Alerts Analyzed per vendor

    • Graph depiction of alerts analyzed per vendor within the reporting period. The graph shows both vendor alerts and detection made by the Samurai platform (shown as NTT).

  • Alerts Analyzed

    • A table providing alert counts per vendor within the reporting period. The table shows both vendor alerts and detections made by the Samurai platform based on the ingested data.

  • New requests by priority

    • If your organization submitted any requests during your selected reporting period then a graph will be displayed depicting the number of requests by priority.

  • Closed requests by priority

    • If your organization’s requests were closed during your selected reporting period then a graph will be displayed depicting the number of requests by priority

  • New requests by category

    • If new requests were submitted by your organization within your selected reporting period then a table will be displayed outlining the number of requests ranked by category.

  • Requests

    • A table providing additional information of each request submitted by your organization within the reporting period ranked by creation date.

Current Status

This section of the report focuses on all reported Security Incidents and also Requests submitted by your organization as of your reporting end date. This includes:

  • All open Security Incidents as of reporting end date

  • All open Requests submitted by your organization as of the reporting end date

  • Open security incidents severity

    • A graph depicting all open security incidents reported to you by severity as of the reporting end date.

  • Open security incidents by status

    • A graph depicting all open security incidents reported to you by status as of the reporting end date. 

  • Open security incidents by age

    • A graph depicting all open security incidents reported to you by ages in days as of the reporting end date.

  • Open security incidents

    • A table providing additional information of all security incidents reported to you as of the reporting end date ranked by age in days. 

  • Open requests by priority

    • A graph depicting all open requests submitted by your organization ranked by priority as of the reporting end date. 

  • Open requests by status

    • A graph depicting all open requests submitted by your organization ranked by status as of the reporting end date. 

  • Open requests by age

    • A graph depicting all open requests submitted by your organization ranked by age days as of the reporting end date.

  • Open requests

    • A table providing additional information of all requests submitted by your organization as of the reporting end date ranked by age in days. 

This section of the report focuses on historical trends related to open and closed security incidents and requests submitted by your organization over the last 13 months from the end date of the reporting period. The start date is when data became available over the 13 month period.

  • Opened and closed security incidents

    • A graph highlighting opened and closed security incidents by month illustrating historical trends over the last 13 months from the reporting end date.

  • Opened and closed security incidents cumulative

    • A cumulative graph highlighting opened and closed security incidents by month illustrating historical trends over the last 13 months from the reporting end date.

  • Average time to close security incidents

    • A graph highlighting the average number of days to close a security incident over the last 13 months from the reporting end date.

  • Opened and closed requests

    • A graph highlighting opened and closed requests submitted by your organization by month illustrating historical trends over the last 13 months from the reporting end date.

  • Opened and closed requests cumulative

    • A cumulative graph highlighting opened and closed requests submitted by your organization by month illustrating historical trends over the last 13 months from the reporting end date.

  • Average time to close requests

    • A graph highlighting the average number of days to close a request submitted by your organization over the last 13 months from the reporting end date.

  • Data usage

    • A graph highlighting data usage over the last 13 months from the reporting end date.