Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

IT Analytics for SEP - New SEP Pack released includes new reports, dashboards, cubes

Created: 01 Aug 2011 • Updated: 01 Aug 2011 | 13 comments

I've been Beta testing the latest IT Analytics pack for SEP and I was just told it is now released and available for download. The latest IT Analytics for SEP pack includes many more cubes, reports, and dashboards compared to the previous release. You can now view and report on just about anything within SEP from HIPS events to Policy Exceptions. 

If you are running SEP 12.1 you will be happy to know that SONAR and INSIGHT detection cubes and reports are now available in this release.

A few screen shots included below:

 

Comments 13 CommentsJump to latest comment

.Brian's picture

Can these break out individual machines/IPs or is it just a high level view?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

thatdude's picture

All have drill down capabilities and you can get all of the details. Most if not all are basically linked to the reports you see in screenshot 1

thatdude's picture

By the way if your using custom IPS signature please refer to the article I just submitted to make sure the alerts appear in Analytics. It's a simple fix but took me all day to figure out during my testing. Hopefully it saves others from banging their head against the wall ;)

 

https://www-secure.symantec.com/connect/articles/how-make-custom-sep-ips-signatures-show-it-analytics-reporting-sep

GrahamA's picture

A great addition to this latest refresh of the ITA pack for SEP is the addition of some granular IPS reporting capabilities.

These can for example, allow you to quickly and clearly see who are my most risky users outside the corporate perimeter, what attack types are most commonly hitting our machines, is there anything 'phoning home' that we should be aware of, etc.

I've attached some further screenshots in case you are interested. Lastly, worth noting that ITA can also snap in to the Symantec Protection Center 2.0 console, which increase the power of your centralised mgmt and reporting capabilities even further.

ITA for SEP 12.1 - IPS Detections Trending.png ITA for SEP 12.1 - IPS Detections Reporting.png ITA for SEP 12.1 - IPS Detections Dashboard.png

GrahamA Product Management, Symantec Security Solutions

thatdude's picture

By the way I forgot to mention that out of the box IT Analytics won't look like some of my screen shots. It's close but I did make some minor changes to the rdl files to display newer looking color palette and a few other things.

I can attach the modified rdl files if your interested.

Ian_C.'s picture

Hi.

Please attach the RDL. I like the look of your screenshots.

Please mark the post that best solves your problem as the answer to this thread.
Yahya's picture

What version are you exactly using? the RDL modifications look great. Attach please.

thatdude's picture

Sorry for the delay in response. I'm still trying to figure out if I can post the RDL's without violating any licensing agreements with Symantec or Bay Dynamics.

In the meantime I will work on step by step instructions on how to edit them and create new ones. This would be more helpful anyways as it allows you to customize everything to fit your needs. The changes I made in the examples are very easy and take very little time.

Vikram Kumar-SAV to SEP's picture

I am trying to install IT Analytics for a customer but its failing to install NS server. Haven't got time to troubleshoot it. 

But I am really looking forward to install it as the customer has more than 60k clients so it would be very useful.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vikram Kumar-SAV to SEP's picture

Well the first machine where I was trying to install it was failing as it was not able to create the share. That server was a hardened server.

So I selected a 2nd machine my bad luck it was a 2003 64 bit machines..after installing .net and asp I found only 2k8 R2 is supported for 64 bit platform. Currently I am waiting for a 2k3 32bit non-hardened server.

Once I get that I'll try again.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.