From the Reports tab of your KSAT console, you can view Detection Rules Activity Reports to monitor your organization's detection rules-related data. You can also customize the reports to display specific data, such as activity for specific detection rule categories, vendors, or risk levels.

If you would like to download your Detection Rules Activity Reports for future use, you can export information from the reports as a CSV file. You can also save, send, and schedule these reports. For more information, see our How to Save and Send Reports article.

See the sections below to learn how to customize and view Detection Rules Activity Reports.

Customizing Detection Rules Activity Reports

You can apply filters to your Detection Rules Activity Reports to view specific data. For example, to view data for users that had rules detections for CrowdStrike this month, you would select CrowdStrike from the Vendors drop-down menu and Month to Date from the Date Range drop-down menu.

To learn about the filters you can apply to your Detection Rules Activity Reports based on report type, see the subsections below.

Detection Rules Activity

The Detection Rules Activity report type displays detailed information for each rule detection. To learn about the filters you can apply for the Detection Rules Activity report type, see the screenshot and list below:

1. Report Type: Use this filter to choose your report type. The Detection Rules Activity option is selected by default and displays individual rule detections.
2. Detection Rules: Use this filter to select the detection rules that you would like to display in this report.
3. Date Range: Use this filter to select the date range that you would like to display in this report.
4. Detection Rule Categories: Use this filter to select the detection rule categories that you would like to display in this report.
5. Vendors: Use this filter to select the vendors that you would like to display in this report.
6. Risk Levels: Use this filter to select the risk levels that you would like to display in this report. You can select Medium, High, or Very High.
7. User: Use this search bar to select or enter the name of a user that you would like to display in this report.

Detection Rules Activity Grouped by User

The Detection Rules Activity Grouped by User report type displays combined data for each user’s rule detections. To learn about the filters you can apply for the Detection Rules Activity Grouped by User report type, see the screenshot and list below:

1. Report Type: Use this filter to choose your report type. Detection Rules Activity is selected by default and displays individual rule detections.
2. Detection Rules: Use this filter to select the detection rules that you would like to display in this report.
3. Date Range: Use this filter to select the date range that you would like to display in this report.
4. Detection Rule Categories: Use this filter to select the detection rule categories that you would like to display in this report.
5. Vendors: Use this filter to select the vendors that you would like to display in this report.
6. Rule Detections: Use this filter to select the rule detections that you would like to display in this report.
7. User: Use this search bar to select or enter the name of a user that you would like to display in this report.

Viewing Detection Rules Activity Reports

After you customize your Detection Rules Activity Reports, a table will display with information about your organization's rule detections. If you would like, you can download the table data as a CSV file.

You can also customize the table by selecting which columns to display. To learn how to customize the table and download your reports, see the screenshot and list below:

1. Add or Remove Columns: Click this icon to display a drop-down menu with a list of available columns. From the drop-down menu, you can deselect the default columns and select additional columns to display in the table.
2. Generate CSV: Click this button to generate a CSV file of the table. Once you generate a CSV file, you can download it from the Download Center. For information about the Download Center, see our Download Center Guide.