Report template - multiple queries in one table
Need some help with ESM report templates. How do I put data from multiple queries into one table. For example, let's say I have five queries that each give a single number for weekly/monthly totals. I'd like to have a two column table with labels on the left and the numbers on the right. Things like "# of Raw Events", "# of correlated Events", "Number of closed cases", "# of Critical Cases", etc.
I've seen an example of this, but not sure how to go about it. Check out the tables on the report at this link: https://protect724.arcsight.com/servlet/JiveServlet/previewBody/1114-102-1-1211/SOC%20Weekly%20Threat%20Metric%20Reports.pdf
Any advice would be greatly appreciated!
One options that comes to mind is making your queries part of a trend and then using the Trend Action feature to write the trend value(s) to an AL. Then base you report on that AL.
Just a thought...