# Setup Report Triggers

CloudGuard WAF protects web servers from attacks. It is possible to configure objects called Trigger objects to determine what will occur when attacks are detected. 

One of those Trigger objects is of type "Report" and allows a graphical summary report to be sent by email to multiple addresses on a daily or weekly schedule.

## Setting up a Report Trigger

#### Step 1: Create a new "Report" trigger

Browse to **Policy->Triggers** and create a new Trigger object of type **Report**.

<div align="left"><figure><img src="/files/1O3TUCQouV3uZHLtF3KV" alt=""><figcaption></figcaption></figure></div>

Configure a new name to the new trigger object:

![](/files/oNkHJvTn8RF3PEn8EwHo)

#### Step 2: Configure schedule and email addresses

1. **Schedule** - Set up the hour in a daily schedule in which you wish the report to be sent.\
   Or change the schedule to be a weekly schedule and add the day/s of the week in which you want the report to be sent:

<div align="left"><figure><img src="/files/D1QQIJwxi4MBAY3ee7Qk" alt=""><figcaption></figcaption></figure></div>

2. **Email recipients** - Add all email addresses to which the report should be sent.

#### Step 3: Setup your security practice to use the new Log Trigger object/s

Browse to **Policy**->**Assets** and edit the asset you wish to modify.

Go to the **relevant practice** tab and scroll to the bottom.

![](/files/vLGra1Xzsy7E6mddjVVo)

Click on the '**+**' icon next to **Triggers** and add your new Report Trigger object.

## WAF Report&#x20;

According to the configured schedule an email report will be sent for each asset that uses the Report Trigger object and will include a PDF attachment that contains the actual report.

<figure><img src="/files/k3Soa7JRWHGAr1VqVDv0" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/myYbG7vNQkMNWmnKmcOx" alt=""><figcaption><p>(In this example, the top countries are shown due to being used in example attacks from various locations, not by real attackers)</p></figcaption></figure>

The email report contains several sections:

1. The **domains of the protected asset** (Top 3 in case the asset contains more).
2. **Statistics and traffic** information:
   1. [Learning](/how-to/track-learning-and-move-from-learn-detect-to-prevent.md) status and number of suggestions pending for fine tuning.
   2. Numbers of sources, suspected requests and benign/prevented events.
   3. Numbers of total requests, as well as breakdown by method and response code for the past day, week and month.
3. **Graphical representation of the top valuable security data**:
   1. Top countries and the number of malicious requests coming from them.
   2. Top attack types and sources.
   3. Top URLs being attacked.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/setup-instructions/setup-report-triggers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.