The purpose of the Term Statistics Report is to provide compliance with data on the detection rates of detection Terms active in your account. By understanding the rates of detection of specific Terms, it is possible to revise the definitions of terms being used to refine detection rates and reduce occurrences of low value alerts.
This report can be run by any Admin or Supervisor user. Parameters and output content will be limited by the Purview of the requesting user.
Report Paramaters
This report allows the user to select a date range, user group, and options to include Terms with No Flags and Archived Terms.
Parameter | Description |
Date Range | From and to date up to 90 days in duration, inclusive. |
User Group | Limit the report for a specific User Group or "All".
|
Include Terms with no Flags | By default Terms that went undetected will be excluded from the report output. To include all Terms, even those not detected, select this box. |
Include Archived Terms | By default, archived Terms will be excluded from the report output. To include those, select this box. It is possible that Terms previously flagged may now be archived. Selecting this option will ensure the report includes these archived Terms. |
Report Output
The statistics from this report are based on Terms and Alert data present when the report is run. Current Term status is used to determine which Terms to report on and the historically generated Alerts (and their flagged Term occurrences) are counted in the output. Additional metadata is provided to indicate when a Term was created, last updated, and what its current status is.
Output Column | Description |
User Group | Terms are applied to the policy of specific User Groups or to the Account as a whole. This column defines which User Group each Term statistic applies to. Note that each Term may appear as being applied to multiple User Groups.
For Account level statistics, the value of this column will be |
Term | The Term rule as it is currently defined. |
Term Risk | Risk, i.e. High, Medium, Low, as currently assigned to the Term. |
Status | The current status of the Term, i.e. Active, Archived. |
Term Created | Date and Time that the Term was initially created. |
Term Last Updated | Date and Time of the most recent update to this Term. Note: To view the full audit history of a Term, see the Audit Log Report. |
Alert Count | The number of Alerts generated for the term as it was defined at the time messages were evaluated. Like Flags, this count is specific to each User Group since Alerts are always produced based on the detection policy applied to a specific User Group or at the Account level. |
Flag Count | The number of times the term was flagged as it was defined at the time messages were evaluated. Since the same Term may have been flagged 1 or more times in a single message, the Flag Count will tend to be greater than or equal to the Alert Count. Like Alerts, this count is specific to each User Group since flags are always produced based on the detection policy applied to a specific User Group or at the Account level. |