The SecurityCoach > Reports subtab contains Detection Rules Activity Reports to monitor data related to your organization's detection rules. You can customize these reports to display specific data, such as activity for specific detection rule categories, vendors, or risk levels. Select Detection Rules Report > Source Data to access these reports.

You can export your Detection Rules Activity Reports as CSV files for future use, save them, send them, and schedule them to send. For more information, see our Save and Send Reports article.

Customizing Detection Rules Activity Reports

To view specific data, you can apply filters to a Detection Rules Activity Report. For example, you can use the Vendors and Date Range filters to select and show all CrowdStrike detections for the last 30 days.

To learn about the filters you can apply to your Detection Rules Activity Reports, see the subsections below.

Detection Rules Activity

The Detection Rules Activity report type displays detailed information for each rule detection. To learn more about applying filters to, exporting, and saving this report, see the screenshot and list below:

1. Report Type: Use this filter to choose your report type.
2. Detection Rules: Use this filter to select the detection rules that you would like to display in this report.
3. User: Use this search bar to select or enter the name of a user that you would like to display in this report.
4. Date Range: Use this filter to select the date range that you would like to display in this report.
5. Add Filter: Use this drop-down menu to add additional optional filters to your report.
6. Detection Rule Categories: Use this filter to select the detection rule categories that you would like to display in this report.
7. Vendors: Use this filter to select the vendors that you would like to display in this report.
8. Risk Levels: Use this filter to select the risk levels that you would like to display in this report. You can select Medium, High, or Very High.
9. Export as: Use this button to export the generated report as a CSV file. CSV files you generate will be available for download in the Download Center. For information, see our Download Center Overview article.
10. Save Report: Use this button to save the report to your Saved Reports subtab. For more information, see our Save and Send Reports article.

Detection Rules Activity Grouped by User

The Detection Rules Activity Grouped by User report type displays combined data for each user’s rule detections. To learn more about applying filters to, exporting, and saving this report, see the screenshot and list below:

1. Report Type: Use this filter to choose your report type.
2. Detection Rules: Use this filter to select the detection rules that you would like to display in this report.
3. Rule Detections: Use this filter to select the rule detections that you would like to display in this report.
4. User: Use this search bar to select or enter the name of a user that you would like to display in this report.
5. Date Range: Use this filter to select the date range that you would like to display in this report.
6. Add Filter: Use this drop-down menu to add additional optional filters to your report.
7. Detection Rule Categories: Use this filter to select the detection rule categories that you would like to display in this report.
8. Vendors: Use this filter to select the vendors that you would like to display in this report.
9. Export as: Use this button to export the generated report as a CSV file. CSV files you generate will be available for download in the Download Center. For information, see our Download Center Overview article.
10. Save Report: Use this button to save the report to your Saved Reports subtab. For more information, see our Save and Send Reports article.

Detection Rules Activity Grouped by Detection Rule

The Detection Rules Activity Grouped by Detection Rule report type displays combined data for each detection rule. To learn more about applying filters to, exporting, and saving this report, see the screenshot and list below:

1. Report Type: Choose your report type.
2. Detection Rules: Select the detection rules that you would like to display in this report.
3. Date Range: Select the date range that you would like to display in this report.
4. Add Filter: Add additional optional filters to your report.
5. Detection Rule Categories: Select the detection rule categories that you would like to display in this report.
6. Vendors: Select the vendors that you would like to display in this report.
7. Risk Levels: Select the risk levels that you would like to display in this report. You can select Medium, High, or Very High.
8. Export as: Export the generated report as a CSV file. CSV files you generate will be available for download in the Download Center. For information, see our Download Center Overview article.
   Save Report: Save the report to your Saved Reports subtab. For more information, see our Save and Send Reports article.

Viewing Detection Rules Activity Reports

Once you apply your filters and the report has been generated, a table will display with information about your organization’s rule detections. You can customize this table by selecting which columns to display using the Manage Columns drop-down menu.

From the drop-down menu, select and deselect which column data should be displayed in the table.