Cisco Defense Orchestrator (CDO) provides several reports that you can use to analyze the impact of your security policies on the traffic going through your Firepower Threat Defense (FTD) devices. An executive summary report summarizes the most impactful malware, threats, and impacted security intelligence. CDO polls devices every hour to collect events. To learn more about what the executive summary offers, see FTD Executive Summary Report for more information.
Important: FTD reports are only available in an FTD device is currently onboarded to your tenant and reports are generated hourly and are not part of the request for events, so events and reports are not available at the same cadence. After initially onboarding your FTD device, CDO may take up to two hours to generate reports. Until there are reports to display, the Reports tab under the Monitoring option may not be visible.
If you are a Security Analytics and Logging subscriber, Network Reports do not reflect the events forwarded to the Secure Event Connector.
Note: The data used in traffic-related reports is collected from events triggered by the access control rules, and other security policies. The generated report does not reflect traffic for rules where logging is not enabled, or rules that have not been triggered. Ensure that you configure your rules with the information that matters to you.
Use the following procedure to generate an FTD Executive Summary Report:
- In the navigation pane, click Monitoring > Executive Summary Report.
- Select the time range for the reports: Last 24 Hours, Last 7 Days, Last 30 Days, or Last 90 Days.
- (Optional) Click the filter icon to generate a report on a custom list of devices.
- Click Generate Report (PDF).
- Click Save to save the report as a PDF. Browse for the save location and click Save. If you decide not to save the report, click Cancel at any time.