# Reports ## Overview Get the reports that match the filter and the data of the reports. ## Configuration ### Parameters * Domain (`Domain`) ### Secrets * `cisco_auth` corresponds to the API Token used to authenticate the connection to Cisco Umbrella. To add a Secret, open the **Secret** fields and click **New secret**: * Give the secret a **Name**. * Turn off the **Expiration date** option. * Click **Add new value** and paste the secret corresponding to the value. * Click **Save**.

{% hint style="info" %} Learn more about secrets in Onum in [this article](https://docs.onum.com/administration/global-settings/organization-settings/secrets-management). {% endhint %} You can now select the secret you just created in the corresponding fields. After entering the required parameters and secrets, you can choose to manually enter the Sentinel One Web API **Reports** fields, or simply paste the desired YAML. ### Configure as YAML ```yaml withTemporalWindow: true temporalWindow: duration: 5m offset: 5m tz: UTC format: EpochMillis withAuthentication: true authentication: type: token token: request: method: POST url: https://${parameters.domain}/auth/v2/token headers: - name: Content-Type value: application/x-www-form-urlencoded - name: Accept value: application/json - name: authorization value: ${secrets.cisco_auth} bodyType: urlEncoded bodyParams: - name: grant_type value: client_credentials tokenPath: ".access_token" authInjection: in: header name: Authorization prefix: 'Bearer ' suffix: '' withEnumerationPhase: false collectionPhase: paginationType: offsetLimit limit: 100 isZeroIndex: false request: responseType: json method: GET url: https://${parameters.domain}/reports/v2/activity queryParams: - name: from value: ${temporalWindow.from} - name: to value: ${temporalWindow.to} - name: offset value: ${pagination.offset} - name: limit value: ${pagination.limit} output: select: ".data" map: "." outputMode: element retry: statusCodes: [429, 500, 502, 503, 504] type: fixed fixed: interval: 2s ``` ### **Manually Configure** **Temporal Window** Toggle **ON** to add a temporal window for events. This repeatedly shifts the time window over which data is collected. * **Duration -** 5 minutes (`5m`) as default, adjust based on your needs. * **Offset -** `5m` * **Format** - `EpochMillis` **Authentication Stage** Toggle **ON** to configure the authentication phase. This is required to get the token to pull data using **OAuth**. * **Type****\***** -** `token` * **Request Method****\***** -** `POST` * **URL****\***** -** `https://${parameters.domain}/auth/v2/token` * **Headers** * **Name** - `Content-type` * **Value** - `application/x-www-form-urlencoded` * **Name** - `Accept` * **Value** - `application/json` * **Name** - `Authorization` * **Value** - `${secrets.cisco_auth}` * **BodyType****\*** - `UrlEncoded` * **Body params** * **Name -** `grant_type` * **Value -** `client_credentials` * **Token Path****\*** - `.access_token` * **Auth Injection** * **In****\*** - `header` * **Name****\*** - `authorization` * **Prefix** - `Bearer` * **Suffix** - `''` **Collection Phase** * **Pagination Type****\***** -** `offsetLimit` * **Limit** - `100` * **Zero Index -** `false` * **Request** * **Response Type -** `JSON` * **Method****\***** -** `GET` * **URL****\***** -** `https://${parameters.domain}/reports/v2/activity` * **Query Params** * **Name** - `from` * **Value -** `${temporalWindow.from}` * **Name** - `to` * **Value -** `${temporalWindow.to}` * **Name** - `offset` * **Value -** `${pagination.offset}` * **Name** - `limit` * **Value -** `${pagination.limit}` * **Output** * **Select -** `.data` * **Map -** `.` * **Output Mode** - `element` * **Retry** * **Status codes -** `[429, 500, 502, 503, 504]` * **Type -** `fixed` * Interval-`2s` Click **Create labels** to move on to the next step and define the required [Labels](https://docs.onum.com/the-workspace/listeners/labels) if needed.