guide install security checkup
DESCRIPTION
POC's CheckPointTRANSCRIPT
Security Checkup
Version 3.05 for R77.20
Administration Guide
September 17, 2014
Classification: [Protected]
© 2014 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Additional Information
For additional technical information, visit the Check Point PartnerMAP.
Revision History
Date Description
September 2014 Security Checkup R77.20 Ver3.05 to be installed on top of R77.20 version.
December 1, 2014 Revision added to the used guide, known issues section.
Contents
Important Information ............................................................................................. 3 Introduction ............................................................................................................. 5
Benefits ............................................................................................................... 5 What's New ......................................................................................................... 6 Installation ........................................................................................................... 8 Activation ............................................................................................................. 8 System Requirements ......................................................................................... 9 Installing SmartConsole ....................................................................................... 9 Installing Server Supplement ..............................................................................10 Upgrading ...........................................................................................................10 Getting Started ...................................................................................................11
Customizing Reports ............................................................................................ 13 Customizing Time Period of Report ....................................................................13 Creating New Reports ........................................................................................13 Adding Queries to Reports .................................................................................14 Editing Queries ...................................................................................................15 Editing Generated Tables and Graphs................................................................16 Editing Generated Reports .................................................................................16 Changing the Report Template ...........................................................................16
Offline Reports ...................................................................................................... 18 CPLogLogSender Utility ....................................................................................... 20 Securing Reports .................................................................................................. 21 Known Issues ........................................................................................................ 21
Cant log in to SmartEvent after installing the supplement ..............................21 Generating Reports with SmartEvent Intro .....................................................22 Generating Reports while SmartEvent Machine is Under Load ......................22 Microsoft .NET Framework ............................................................................23
Compliance Security Analysis Report ................................................................. 24 Introduction ....................................................................................................24 Key Benefits ..................................................................................................24 System Requirements ....................................................................................24 Generating Compliance report .......................................................................25
Endpoint Security Analysis Report ..................................................................... 28 Introduction ....................................................................................................28 Key Benefits ..................................................................................................28 System Requirements ....................................................................................28 Installation .....................................................................................................28 Troubleshooting .............................................................................................28 Generating a report ........................................................................................29 Exporting the report .......................................................................................29
Benefits
Introduction Page 5
Introduction
Check Point Security Checkup takes Check Point PoCs into the next level. The tool generates a comprehensive threat analysis report. It automatically integrates security events from different Software Blades: Application Control, URL Filtering, IPS, Anti-Virus, Anti-Bot, DLP, Threat Emulation and Compliance. The analysis report is created automatically on a Check Point Microsoft Word document report template.
The Security Checkup tool accentuates Check Point added value, exposing new security risks and suggesting remediation. When a Check Point Security Gateway runs for a while in a PoC environment, inline or Mirror Port, we expect logs and security events to be generated for the active Software Blades. The report gives a comprehensive security analysis that summarizes security events, their risks, and their remediation.
This tool offers several out-of-the-box recommended reports. You can customize your own reports. You can add and remove queries. You can create your own Word template.
Benefits
Shows the value of Check Point’s security strategy and the benefits provided by the Software Defined Protection Architecture.
Visualizes incidents that happen in customer networks, and gives practical recommendations
Empowers you with knowledge of new security risks, and improves network security
Gives an executive summary for discussion with management
Gives detailed results for in-depth discussions with technical points of contact
Out-of-the-box reports speed information delivery and accelerate the sales processes
Supports customization for specialized reports focused on customer challenges
What's New
Introduction Page 6
What's New
Ver R77.20 3.05 Automatic version verifier- verifies that the installed SmartConsole and server supplement are
of the same Security Checkup version.
Virus section- new table added: received emails with links to malicious sites.
Additional improvements in Virus section.
Text updated in Endpoint sections.
Ver R77.20 1.02 Minor fixes and improvements
Ver R77.10 4.28 Minor fixes and improvements
Ver R77.10 3.25 Minor bug fixes and improvements
Ver R77.10 2.22 New branding: Security Checkup. New report and GUI design.
Additional several improvements and bug fixes
Ver R77.10 1.04 Bugs fixes
Ver R77 2.24 Minor bug fix
Ver R77 2.23 New: Compliance analysis (for existing Check Point customers).
Additional DLP analyses were added
Bug fixes
Ver R77 1.4
What's New
Introduction Page 7
A new section for Endpoint security was added.
Ver R77 Threat Emulation Software Blade events added
Ver R76 2.17 Fixed bug SmartDashboard crash in Application Control tab
Ver R76 1.16 More granular report period (from <start date; time> to < end date; time>)
New report: DDoS Security Report
New utility: Endpoint Security Analysis Report
New DLP query: Files Sent Outside of the Organization (displaying file names)
Improvements in Bots and Viruses section
Improvements in DLP events description
Installation
Introduction Page 8
Note: Security Checkup tool is only for Proof of Concept scenarios. It is run by Check Point authorized personnel using a default SmartEvent configuration. Any other use is not supported.
Installation This version of Security Checkup tool has its dedicated SmartConsole and supplement for the R77.20 SmartEvent Server.
Component Package
SmartConsole SmartConsole_990170005_1.exe
SmartEvent supplement Security_Checkup_Supp_R77.20_Ver03.tgz
MD5: C821E63D480B0DCDCF9DB7ABA8788976
Activation To activate Security Checkup tool:
1. Open the SmartEvent console.
2. From the top menu bar select, Launch Menu > View > Security Checkup
3. Close the SmartEvent console and then reopen it.
A Security Checkup icon will appear in SmartEvent overview page.
System Requirements
Introduction Page 9
System Requirements
Component Operating System
R77.20 Security Management Server with SmartEvent installed SecurePlatform, Gaia
Microsoft Office 2010, full package, installed on computer with R77.20 SmartConsole (please note that all Office components must be installed). Office 2003 is not supported.
Windows 7
(Windows 8 is not supported)
Note - Reports are generated to a Microsoft Word document. Some of the data within the report is Excel files embedded into the word document.
Installing SmartConsole Install the Security Checkup tool SmartConsole on a Windows computer with MS Office 2010. Although it is a special R77.20 SmartConsole, it works with any R77.20 Security Management Server.
To install the GUI of this tool:
1. Copy the SmartConsole file to the Windows computer.
2. Double-click the executable and follow the wizard.
Installing Server Supplement
Introduction Page 10
Installing Server Supplement Note: The Security Checkup supplement must be installed on SmartEvent server that is configured with the default Overview. If any of the default Overview settings has been manually modified then log in issues might occur after installing the Security Checkup supplement while trying to connect with the GUI. For instructions on how to restore the default Overview settings please see known issue section in this user guide.
Install the supplement on an existing R77.20 SmartEvent Server dedicated to PoCs. The supplement must be installed on a clean SmartEvent server, meaning SmartEvent server with default event queries. When you run the installation script, cpstop and cpstart are being run automatically. The tool can be installed on a standalone deployment as well (where Security Gateway, Security Management and SmartEvent running on the same machine).
Do not install this tool on a production environment.
To install this tool on a SecurePlatform or GAiA server:
1. SmartEvent supplement file is located in the tool’s package and named:
Security_Checkup_Supp_R77.20_ <ver>.tgz
2. Make a new directory on the SmartEvent Server, under /var, named install.
3. Copy the .tgz file to the server /var/install directory (copy the file in binary mode).
4. Verify that the file transferred correctly by comparing the file’s MD5:
a. Verify the MD5 by running md5sum *.* command
b. In the install directory on the server, run:
> tar xvzf Security_Checkup_Supp_R77.20_ <ver>.tgz
> chmod 777 security_checkup
> ./security_checkup
Note: Supplement installation performs cpstop and cpstart commands, during the installation process you will be disconnected from SmartConsole and remote SSH connections.
Upgrading To upgrade the SmartConsole of this tool from existing R77.20 SmartConsole, uninstall the existing version and install the new version.
To upgrade the SmartEvent Server supplement, install this version. It automatically overwrites the older version.
Getting Started
Introduction Page 11
Getting Started After you install the new SmartConsole, you have a new button on the SmartEvent console.
To generate a report:
5. Open SmartEvent.
6. Click Security Checkup
Getting Started
Introduction Page 12
7. In the Report Generator View window, select a report.
NOTE: For information relating to the Compliance Security Analysis Report, see section on Compliance.
8. Click Generate Report.
The report can take several seconds to generate. It opens as a Word document in the background.
Predefined reports have these default sections:
Executive summary - Summarizes main results: number of events, brief list of critical and high events that need special attention, and risks.
Findings - Focuses on the security events by Software Blade.
Remediation - Recommendations to solve the main security events.
Customizing Time Period of Report
Customizing Reports Page 13
Customizing Reports The Security Checkup tool out-of-the-box reports are designed for PoCs, built on customer feedback. But if you have unique requirements from a customer, you can fulfill the request with easy customizations.
Customizing Time Period of Report The default period of time for a report is 30 days.
To change the report period:
1. In the Report Generator View window, click Edit.
2. In the Edit Report window, select the period from the Report Period list.
3. Click Save.
Creating New Reports If the out-of-the-box reports do not have the required data, you can set up a new report.
To create a new report:
1. In the Report Generator View window, click New >
Report - Create a new report.
Clone Selected Report - Create a new report based on template and queries of the selected report.
Adding Queries to Reports
Customizing Reports Page 14
2. In the New Report window, enter a name for the report.
3. In the Report Period list, select the time period. Data from this period is collected when the report generates.
4. Decide if this report is to be based on an existing document:
Create a report using an existing document. - Select use the following document as template. Browse to the document. If you want to select an out-of-the-box template, browse to the SmartConsole installation folder. The default folder is: C:\Program Files
(x86)\CheckPoint\SmartConsole\R77.20\PROGRAM\data\ClientGeneratedReports
Create a report on a blank Word document.
5. Add queries to the report ("Adding Queries to Reports" on page 14).
6. Click Save.
Adding Queries to Reports If you create a new report, you must add queries to the report. (If you do not, there will be no data to show.) You can also add queries to existing reports, to show different data.
To add queries to reports:
1. In the New Report window or Edit Report window, click Add.
The Add View window opens.
2. In the View Title field, enter the name of the query that will replace placeholder text:
If this report is based on a blank Word document, the title of the query data shows at the end of the document.
Editing Queries
Customizing Reports Page 15
If this report is based on an existing document, the text in this field must match, case-sensitive, the placeholder text. If the placeholder text does not exist in the document, the query output is added to the end of the document.
3. In the View Type field, define the output type. Valid values:
Image - Query results are output as JPG files. Use for Grid (Events tab in SmartEvent), Pie, or Map. Define the Image Width and Image Height in pixels.
Data - Query results are output as embedded Excel files. Use for Grid or Pie. Define an Excel workbook. It can be a blank file, or a file with content and formulas. Security Checkup tool puts collected data on Sheet2. The table or chart shown on the report is on Sheet1.
You can change the data or formulas as required.
You must save the Excel workbook with Sheet1 visible.
4. In the Query field, click the browse button. Select a query to collect data. You can create a new query if necessary.
5. Click Save.
Editing Queries You can change a query that you made, or a query that is predefined.
To edit a query:
1. In the Report Generator View window, double-click a report.
Editing Generated Tables and Graphs
Customizing Reports Page 16
2. In the Edit Report window, select a query.
3. Click Edit.
Editing Generated Tables and Graphs Some of the tables and graphs in the Word document are embedded Microsoft Excel files.
To edit tables and graphs:
1. Double-click the table or graph.
Excel opens. Usually, the Excel file has the table or graph on Sheet1, and the data on the other sheets.
2. To edit the data, open Sheet2 or higher. Change the data there. The table or chart on Sheet1 is updated automatically.
3. To edit the display of the data, edit table or graph properties on Sheet1.
4. Save the Excel file with Sheet1 visible.
If another sheet is visible when you save and close Excel, the output to the report will be incorrect.
The Report document is updated automatically.
Editing Generated Reports After Security Checkup tool generates a report, you can edit it. Some data is deliberately left for manually editing:
Customer details
Report date
PoC duration
Methodology details
Such data, which you must fix before you deliver the report, is marked in red.
If you see unresolved placeholders (text in < > tags):
Delete the placeholders, or
Edit queries to replace the placeholder with data and generate the report again.
Changing the Report Template The report Word templates are in the SmartConsole installation folders. The templates have placeholder text. When a report is generated, this text is replaced with the data from the queries. That data is collected,
Changing the Report Template
Customizing Reports Page 17
analyzed, and manipulated by Security Checkup tool. If you remove or change placeholder text, the generated data is shown at the end of the report.
Best Practice: Change the template only for localization (translating text that comes from the template) or formatting (font, color, size). Use the Security Checkup tool editing features to change the data that is shown.
Changing the Report Template
Offline Reports Page 18
Offline Reports You can generate reports from logs, without interacting with the customer environment. For example, if you get logs from a customer, you can use the Security Checkup tool to deliver a professional report of the log data. Offline reports generate queries only of activated Software Blades.
Requirements on your local environment:
Security Management and SmartEvent Server with the latest Security Checkup tool installed. You will import the network logs to this local environment. There is also a need for SmartEvent and SmartView Tracker SmartConsole in order to view the logs and events.
CPLogLogSender utility. Can be downloaded from the Check Point Solution Center wiki (for internal Check Point users) or from Check Point UserCenter. Copy the CPLogLogSender file into $FWDIR/log directory
To export logs:
1. Open SmartView Tracker, connected to the Security Management Server that has the logs.
2. Click File > Save As.
3. Name the log file.
4. Click OK.
A number of files are created on the Security Management Server, in $FWDIR/log:
yourname.log
yourname.logaccount_ptr
yourname.loginitial_ptr
yourname.logLuuidDB
yourname.logptr
5. Copy all of these files to your computer.
Note: it is recommended to filter FW Blade logs before saving to reduce the log file sizes. FW Blade logs are not required in order to generate a report.
To clear event history:
If your local SmartEvent has events from unrelated activities, delete event history with these commands on the server. Skip this only if you import the logs into a clean environment.
cpstop
$CPDIR/database/postgresql/util/PostgreSQLCmd start
$CPDIR/database/postgresql/bin/psql -p 18272 -U cp_postgres
postgres -c "drop database events_db"
$CPDIR/database/postgresql/util/PostgreSQLCmd stop
cpstart
To import logs:
1. On the local Security Management Server, log in and go to $FWDIR/log.
2. Put all the exported files here.
3. Run: chmod 777 CPLogLogSender
Changing the Report Template
Offline Reports Page 19
4. Run: ./CPLogLogSender -l 200 -i 1 -t -n forever name.log
This can take some time, depending on the number of records the log file contains.
5. Open SmartEvent. Wait until all events are generated.
6. Generate the Security Checkup tool report.
Changing the Report Template
CPLogLogSender Utility Page 20
CPLogLogSender Utility The CPLogLogSender utility simulates traffic captured in the log file. The utility runs the traffic as though it were live traffic going through the Security Gateway. The Security Gateway logs new events similar to those in the log files.
To run the utility, you run a script command with required configuration parameters.
Syntax ./CPLogLogSender –l <log_amount> –i <interval> -t –n <cycles>
<name>.log
Parameters Parameter Description
–l <log_amount> Number of logs to send in one batch. Valid value: integer Note - flag is lower-case L.
–i <interval> Batch delta time, in seconds. Sends a batch of logs every <interval> seconds. Valid value: small integer
-t Ignores the original log’s time & date and generate the logs as if they occur at the time of running the command
–n <cycles> Number of cycles to repeat batch sending. Recommended value: forever. Runs until all logs are generated.
name Name of the generated log
Comments
1. Before running the Utility please set the utility privileges by running the following command:
chmod 777 $FWDIR/log/CPLogLogSender
2. The time it takes to generate the logs depends on the number of log records in the log file. In the example, if the log file has 100,000 records, it will take 100,000 records / 200 seconds = 500 seconds.
We recommend around 200 logs per second if you use VMware or a slow computer. If you use a strong computer, you can increase to a higher rate (1,000 - 4,000 or more) to shorten the process time.
Example ./CPLogLogSender –l 200 –i 1 –t –n forever MYLOGS.log
Changing the Report Template
Securing Reports Page 21
Securing Reports When the report is ready to deliver, make sure it secure from unauthorized changes or access.
1. Save the Word document as PDF.
2. Set the PDF security for opening and for editing.
If you have Adobe Acrobat, set the security options of the Document Properties. We recommend using Password protection.
If you use a 3rd Party product (such as PrimoPDF) to make the PDF, use the features of that application to set a password on the PDF.
It is best if you do not edit the PDF after it is made. To change content for audience or purpose, change the Word document and save it as a new PDF. We recommend that you password protect the Word document and keep it in secure storage (such as a Check Point GO stick).
Known Issues Use Security Checkup tool on a default SmartEvent environment. Do not use it on an environment
where the default SmartEvent queries were modified.
Do not use any clipboard options, for example Copy, Cut, and Print Screen
Do not use more than one monitor (screenshots are taken only from main monitor and not the
secondary monitor)
We recommend that you close other applications that are running in the background
Cant log in to SmartEvent after installing the supplement The Security Checkup supplement must be installed on SmartEvent server that is configured with the default Overview. If any of the default Overview settings has been manually modified then log in issues might occur after installing the Security Checkup supplement while trying to connect with the GUI. If such issues occur, you can restore the default Overview settings by following the below steps using the command line in expert mode. Important note: after taking the below steps, all the changes done manually to the SmartEvent Overview settings will be lost.
1. #cpstop
2. Backing up overview_layout.C and sem_views_collections.C files:
#cp $FWDIR/conf/overview_layout.C $FWDIR/conf/overview_layout.C.bck
#cp $FWDIR/conf/sem_views_collections.C
$FWDIR/conf/sem_views_collections.C.bck
3. Restoring the default overview_layout.C and sem_views_collections.C files:
#cp $FWDIR/conf/defaultDatabase/overview_layout.C $FWDIR/conf/
#cp $FWDIR/conf/defaultDatabase/sem_views_collections.C $FWDIR/conf/
4. Deleting the following files. They will be recreated automatically after cpstart:
#rm $FWDIR/conf/new_scheme.C
#rm $FWDIR/conf/new_tables.C
#rm $FWDIR/conf/CPMILinksMgr.db
5. #cpstart
Changing the Report Template
Known Issues Page 22
Generating Reports with SmartEvent Intro If you run the report on SmartEvent Intro, you must delete empty queries before you generate a report.
1. Open the Edit Report window of the reports you will use.
2. Select a section with an empty query.
3. Click Remove.
4. Do this for all sections with empty queries.
5. Click Save.
Generating Reports while SmartEvent Machine is Under Load
When running Security Checkup report while the SmartEvent machine is receiving new logs (especially large amount of logs), or while SmartEvent’s top panes in Overview tab are fetching data, these activities might have a big impact on performance and therefore might increase the time it takes to generate a Security Checkup report. In some cases it might even cause the report generation process to halt. Since the Security Checkup is a PoC tool, it is recommended run while the machine is offline. Solution: Before generating report, close all statistics panes in SmartEvent GUI Overview tab and manually stop SmartEvent Correlation unit (the process which correlated all the logs and creates SamrtEvent events). Here are the steps in details:
1. Before Generating the report
Closing Overview’s panes: In SmartEvent GUI Overview tab manually close all statistics panes
Before After
Stopping correlation unit:
Changing the Report Template
Known Issues Page 23
In SmartEvent Server Command Line Interface run the following commands:
evstop
$CPDIR/database/postgresql/util/PostgreSQLCmd stop
evstart
cpwd_admin stop -name CPSEAD At this point you should see the following output which indicates that the correlation unit is indeed stopped: cpwd_admin: Process CPSEAD terminated
2. Run the report 3. After report is completed run the following command:
In SmartEvent Server Command Line Interface run:
evstart
Microsoft .NET Framework When generating a report, the following error message is shown:
The error message is shown because it is necessary to install the Microsoft .NET Framework before you
install Microsoft Office.
To resolve the .NET Framework error:
1. Go to http://msdn.microsoft.com/en-us/library/aa159923(v=office.11).aspx
2. Go to the section, Getting the Office 2003 PIAs When Installing .NET Framework 1.1 After Installing Office 2003.
3. Do the on-screen instructions.
Changing the Report Template
Compliance Security Analysis Report Page 24
Compliance Security Analysis Report
Introduction
The Compliance Security Analysis Report allows the administrator to:
1) Include a Compliance section into the regular Security Checkup report, or
2) Generate a specific report that only includes Compliance
This tool performs a security review based on a library of Check Point Security Best Practices contained within the Compliance Blade, and summarizes the major Security and Compliance findings.
The report is divided into the following sections:
Security Best Practices Compliance
Regulatory Compliance Summary
Best Practice Compliance by Software Blade
Best Practices – Top Findings
Key Benefits The analysis tool is based on Check Point’s Security Best Practices defined within the Compliance Software Blade. The tool allows administrators to gain an insight into potential configuration issues within the customer’s Management and Software Blades.
System Requirements
Component Operating System
Security Checkup tool mechanism can be connected to R75.40 / R75.40VS / R75.45 / R75.46 / R75.47 / R75.48 / R76 / R77/R77.10/R77.20 Security Management Server.
SecurePlatform, Gaia
Changing the Report Template
Compliance Security Analysis Report Page 25
Generating Compliance report The instructions written here are the same whether you are generating the full Security Checkup report with the Compliance section, or whether you are generating just the Compliance section alone.
Generating the Report on Customer Site
1. Select the relevant report and click on Generate
2. A Compliance Blade Data Upload window will open. Under the Management Server settings, enter in the Server Name or IP address, together with the correct user credentials in order for the report to connect to the management. Click OK.
3. The report should appear shortly after.
Changing the Report Template
Compliance Security Analysis Report Page 26
Generating the Report Offsite
1. While onsite at the customer premises, click on “Export…” in order to export the Compliance Blade data to a file.
2. In the Compliance Blade Data Export window, enter in the Server Name or IP address, together with the correct user credentials. Click Browse to specify the target location for the Compliance data file. The file needs to be saved to your local machine. Click OK.
Changing the Report Template
Compliance Security Analysis Report Page 27
4. From your offsite location, select Generate to create the Security Checkup report:
4. Under the Data File settings, select Browse and specify the location of the Compliance Data File that you previously generated. Click OK.
5. The report should appear shortly after.
Changing the Report Template
Endpoint Security Analysis Report Page 28
Endpoint Security Analysis Report
Introduction The Endpoint Security analysis tool allows administrator to evaluate computers and get an immediate report describing the current security state of the computer. The report checks for known security vulnerabilities and potential risks. The report divides the risk in to 3 main categories:
1. Data loss – the risk of data leaking from the organization.
2. Unauthorized access – unauthorized parties accessing company resources or sensitive information.
3. Threats – known threats that can cause security vulnerabilities such as lack or Anti-malware
software and malicious applications.
Endpoint report GUI
Key Benefits The analysis tool was based on Check Point’s best security practice for Endpoints. The tool allows administrators to have a real look on the standard of security in their organization and take actions based on security vulnerabilities.
System Requirements
Component Operating System
Endpoint Security Analysis Report .msi tool Microsoft Windows 7, XP
Note - Not supported on computer that have Check Point’s Endpoint Security client installed
Installation
Step by step work through:
1. Export the client from Smart Event report dialog
2. Select a location to save the MSI file
3. Move the MSI file to the computer you want to analyses
4. Double click the MSI and install
5. The report should appear shortly after the installation completes
Troubleshooting If the report did not appear after several minutes after the installation
1. Right click the tool tray icon.
2. Click Display overview
3. On the left hand side under tools click Generate report
Changing the Report Template
Endpoint Security Analysis Report Page 29
Generating a report 1. Right click the tool tray icon.
2. Click Display overview
3. On the left hand side under tools click Generate report
Exporting the report To export the report as PDF: In the report on the top left hand side of the report click ‘Export to PDF’
To export the report as row data: In the report on the top left hand side of the report click ‘Export data’