This article provides a hands-on overview of browsing cubes in IT Analytics Solution 7.1 and the Symantec Data Loss Prevention Content Pack. You will learn how to browse cubes and configure Pivot Tables using a number of common usage scenarios. Using the ad-hoc data mining capabilities of IT Analytics we will perform some forensic analysis of DLP incidents in the environment by status history and detection date.
To complete this exercise, you should have IT Analytics with the Symantec Data Loss Prevention Content Pack 3.0 already installed. For more information, please refer to the Connect article for installing IT Analytics.
In this exercise, we will create a report to monitor remediation team productivity by showing the number of incidents reviewed and time it took to remediate per incident status.
Now that we have built our initial incidents view which showcases the number of incidents by status history, we will expand upon this view by bringing in more information.
In this exercise, we will create a report to monitor the delay between the incident occured date vs report date by showing the endpoint incident creation date vs detection date.
We will now continue exploring this data by leveraging some of the default charting capabilities in IT Analytics.
Note that based on the incidents in your environment, the chart data will look different.
The ad-hoc nature of browsing the pivot tables and charts provides a simple and efficient way of creating custom reports on the fly, without previous knowledge of the DLP database schema or any query languages. Depending on your reporting requirements, you will want to experiment with the different cubes and fields to discover how IT Analytics can best meet your needs.