Report distribution is configured through the “Mailing” menu section.

Before creating a distribution, it is recommended to set up a recipient group: go to Mailing → Add New Recipient Group, assign a name to the group, and add all necessary email addresses.

Custom templates can be created for different types of distributions.

1. Go to Mailing → Add new mailing template.
2. Assign a template name, which will appear in the list when creating a distribution (Step 2).
3. Fill in the template content. You can insert a System Template by clicking “System Template” and then modify its content and formatting as needed.
   
   1. First, select the data format for the distribution:
      • If the distribution includes multiple reports, choose whether they should arrive as separate files or combined into one (to combine reports into one file, use parameters with “merged” in the name);
      • Choose the format: CSV or Excel (for CSV — use parameters with “csv” in the name, for Excel — use parameters with “xlsx”);
      • Specify whether the report will be an attachment or a link in the email text (attachment — “as_file” in the parameter name);
      • If it will be an attachment, specify if the file will be archived or unarchived (archive — “zip” in the parameter name).
        If you need to attach a file rather than a link, we recommend selecting “Archive with file” as the report size may exceed the email attachment limit.
   2. Update the file in the email text by inserting a new identifier:
      • Click the Template Parameters button , choose the identifier(s) needed, then use Ctrl+C to copy and Ctrl+V to paste it into the email template.

If necessary, you can edit the email text. Remember to save your changes!

1. Go to Distribution → Add Distribution.
2. Set the Name. The name will appear in the Distribution List section and in the attached file name.
3. Set the Email Subject.

1. Click the Select Templates button.
   
2. In the opened window, select the appropriate template and click Insert. The template can be edited immediately if needed.
   

You may also fill out the content directly in the editing window, following the instructions from the Creating a Template section from Step 3 onward.

Configure the schedule: select days of the week, the report generation time, and email sending time. There are two options:

1. Set only the Distribution Time.
   For example, if Distribution Time is set to 9:00 and Day of the Week is Monday, the report will cover the period from 9:00 Sunday to 9:00 Monday, and will be sent at 9:00 on Monday.
2. Set both Distribution Time and Report Time by enabling the “Configure Report Time” toggle.
   For example, if Distribution Time is 15:00, Report Time is 11:00, and Day of the Week is Wednesday, the report will cover the period from 11:00 Tuesday to 11:00 Wednesday, and will be sent at 15:00 Wednesday.

1. Click Add under “Queries”. A default entry “Top Subscribers with High RTT” will appear.
2. To change the report, click the Report cell in the added entry. For example, select a report containing IP addresses of hosts. Here, the Raw Complete NetFlow → Tables → Attack Detection → Top Host IP Addresses → By Traffic report would be appropriate.
3. Rename the report. This name will appear in the file attached to the distribution.
4. Configure the report:
   1. For a table report, specify columns visibility, rows limits, display filter, and page orientation;
      
   2. For a chart report, specify chart type, chart step, items limit, display filter, and page orientation.
      

Filters can narrow down reports based on traffic direction or AS, for instance.

1. Click the filter icon.
   
2. Enable the desired filter and set its value in the opened window.
   
3. If the filter needed is not in the list, add it by clicking the + icon (a new entry will appear), then select the filter by clicking “Filter” in the new entry.
   

Choose the time range for the report data. For instance, for daily data, select “Period from” — “now - 24 hours”, “Period to” — “now”.

It is recommended to set the Maximum Report Execution Time to 30 minutes.

To check if the query is correctly configured, preview the report by clicking the preview icon to the right of it.
Reports can include up to 1 million records.

Select a group and click Add.

Save the distribution once configured.

After creating a distribution, it is recommended to test it. Forced Distribution will initiate email sending outside of its schedule.

1. Go to Mailing → Mailing List.
2. Click Force Run Mailing.
3. Choose the report time:
   1. Selecting "now" will generate a report for the past 24 hours and send the distribution immediately.
   2. Selecting a specific time (e.g., 9:00) will generate a report for the period from 9:00 yesterday to 9:00 today and send it immediately, reflecting the desired time period data in the report.

In the Mailing → Mailing List section, you can:

• View basic information about created distributions: name, email subject, creation date;
• Enable and disable distributions;
• Track distribution status: Waiting, Caching, Checking, Notification.
• Search, refresh the list of distributions.
• Edit a distribution by clicking its name or the edit icon to the right.
• View distribution logs by clicking the log icon , showing the time and recipients of the distribution and its status.
• Manually start a distribution by clicking the lightning icon .
• Delete a distribution by clicking the trash icon .
• Export the distribution list in Excel, CSV, PDF, PNG formats.