Suites let you group alert rules, custom reports, and search filters together. This lets you:
• Import and export all the components together between Appliances in a single “suite”
• Access all Suite components from a single location in the user interface
For example, if you are using one of the Compliance Suites such as the Sarbanes-Oxley Edition, you can manage or use all its pre-Suited components from inside Suites.
A Suite can consist of alerts, custom reports, search filters, or any combination of these components.
Suites also help to copy or move groups of components to other Appliances using the import and export functionality. For more information on importing and exporting Suites, see Chapter 19, Import/Export Entities Between Appliances, on page 181.
Topics
• Managing Suites on page 174
• Creating a Suite on page 176
• Modifying a Suite on page 178
You have the same manageability of components when accessed in a Suite as you do when accessing them as standalone entities.
Managing Suites
The main Suites page lists all Suites in the LogLogic Appliance as well as the number of alerts, reports, and search filters in each Suite. You can access all Suites and their corresponding components from this view.
You can choose to list the reports in a Suite in the Reports/Search navigation menus.
When viewing the reports in a Suite from the Reports/Search view, you can run each report ad-hoc or update the report. When you update the report, the changes affect all Suites containing the report. For more information on how to list reports under the Reports/Search navigation menus, see Creating a Suite on page 181.
To add a new Suite to the Appliance, click Add New. The Suites page appears.
To modify the details for an existing Suite on the Appliance, such as the name, description, sharing, and listing under Reports/Search menus, click the Suite Name.
To access or modify the list of:
• Alerts in the Suite, click the number in the Alerts column
• Custom Reports in the Suite, click the number in the Reports column
• Search filters in the Suite, click the number in the Search Filters column.
To remove a Suite from the Appliance, check the Suite’s checkbox and then click Remove.
The Suite tab also displays whether each Suite is checkmarked as Shared (Share with Other Users), and whether the Suite is checkmarked as Listed (List under Reports/Search) in the navigation menus.
To view existing Suites
1. In the navigation menu, click Management > Suites.
The Suites page appears. The page displays the details about the existing Suites including the number of associated alerts, reports, and search filters, a description, the owner, and if the reports are listed under Reports/Search menus as a Suite.
When you install a Log Source Package (LSP) from LogLogic, you can also import the Suite of alert rules, custom reports, and search filters if one comes with the LSP. However, Management > Suites cannot be used for installing the LSP itself. You must follow the installation procedure in the LSP Release Notes.
You can also click on a Suite name, and then click the appropriate tab for Alerts, Reports, or Search Filters.
To view existing reports listed as a Suite in the Navigation Menu 1. In the navigation menu, click Reports.
2. The menu expands, listing all Report types and Report sub-categories.
3. Click on a Report sub-category (for example: Reports > Access Control > User Access) to view all Saved Reports that have been checkmarked Share with Other Users.
4. In the Actions column, you can Run or Edit the saved report.
Creating a Suite
To create a Suite, you specify a Suite’s details and then add components to the Suite. A Suite does not have to contain all three components—alerts, reports, and search filters. For example, you can create a Suite containing alerts only, reports only, or alerts, reports, and search filters.
To create a Suite
1. In the navigation menu, click Management > Suites.
2. Click the Add New button, to create a new Suite.
3. Provide the following information:
— Name—Name of the Suite
— Description—Description of the Suite
— Share with Other Users—Identifies whether the Suite will be accessible by other users
— List under Reports/Search Menu—Identifies whether the reports in the Suite are listed as a suite under Reports/Search navigation menus.
4. Click the Add Suite button.
5. The main Suites page appears with the new suite listed in the table.
You can also click the Alerts, Reports, or Search Filters tabs to automatically create the Suite and to go directly to adding components to your Suite. You do not have to click the Add Suites button.
To add components to a Suite
1. From the main Suites page, click the Suite name to which you want to add components.
The Suite tab appears, with the Name and Description fields filled in. Checkboxes for Share with Other Users and List under Reports/Search Menu will also appear, with checkmarks if you have so designated when the Suite was created. You can edit the You must define components in the LogLogic Appliance before you can add them to a Suite.
Any components you already added appear in the accompanying table.
3. Click the Add New button, to add a component.
The Add component-name tab appears, where component-name is either Alerts, Reports, or Search Filters.
4. Select the entities to add to the Suite. Use the checkbox to the left of the component name.
5. Click the Add button, to add the components.
The component-name tab appears with the added components.
Modifying a Suite
You can modify existing Suites to update the Suite’s details, add or remove components in the Suite, or delete the Suite and all its components from the Appliance.
Updating Details of a Suite
You can update the details of an existing Suite at any time. The Suites page lets you update the Suite name, description of the Suite (if the Suite is listed), and whether the Suite is shared with other users.
To update the details of a Suite
1. From the main Suites page, click the Suite name to modify the Suite’s general properties.
2. On the Suite tab, update the appropriate information.
3. Click the Update button.
The Suite is now updated with your changes.
Removing Components from a Suite
If needed, you can modify an existing Suite to remove existing components, such as Alerts, Reports, or Search Filters.
To remove components from a Suite
1. Go to Management > Suites and click the Suite name you want to remove.
2. Select the appropriate tab containing the component you want to remove.
— Alerts tab — enables you to remove the associated Alerts
— Reports tab — enables you to remove the associated Reports
— Search Filters tab — enables you to remove the associated Search Filters 3. Select the individual component (tab) that you want to remove.
4. Place a checkmark in the box next to the items you want to remove.
5. Click the Remove button.
Deleting a Suite
If you no longer need a specific Suite, you can completely remove it and all its components from the Appliance.
To maintain the Suite as a reference point, consider renaming the Suite, removing it as a listed item in the navigation menu, and removing shared access for other users. For more information on modifying the details of a Suite, see , Updating Details of a Suite, on page 178.
To delete a Suite
1. In the Navigation menu, click Management > Suites.
2. In the Suite Name column, select the checkbox next to the Suite you want to delete.
You can select a single Suite or multiple Suites for deletion.
3. Click the Remove button.
4. To proceed with removal of the items for that component, click OK.
The Suite is now deleted from the Appliance.
Once you delete a Suite, you cannot retrieve it. All content is lost.
Chapter 19 Import/Export Entities Between Appliances
To share certain configured information from one Appliance to another, you can import or export the information as entities. Entities that you can import and export include:
• Alerts
• Custom Reports
• Devices and Device Groups
• Suites
• Search Filters
• Users
• Alert Templates
You can export any of these entities that you configure on one Appliance and import them for use on another Appliance. This saves you from configuring the entities again on the other Appliance.
Topics
• Importing Entities on page 182
• Exporting Entities to XML on page 183
Importing Entities
Use the Import feature to import configured entities exported from another Appliance.
Selecting a file to import 1. Click the Browse button.
2. Click the file name to specify a file. The selected file appears in the File Name field.
3. Click Load to make the file an available entity for import.
The entities available for import appear in the Available Entities list.
Importing Entities
1. Click an entity or hold the shift key while clicking to highlight more than one entity.
Use the arrow buttons to select the entity or to select multiple entities.
The selected entities appear in the text area on the right side of the Import tab.
2. Click Display Info to display the information for selected entities in XML format in the lower text area.
3. Click Import to import the selected entities onto the Appliance.
The imported entity is now listed under Management > Suites, where you can access and manage its contents.
Files must be in valid XML format. Attempting to import other formats results in an error message.