This issue needs a solution.

IT Analytics for SEP - New SEP Pack released includes new reports, dashboards, cubes

Created: 01 Aug 2011 • Updated: 01 Aug 2011
Login to vote
+11 11 Votes

I've been Beta testing the latest IT Analytics pack for SEP and I was just told it is now released and available for download. The latest IT Analytics for SEP pack includes many more cubes, reports, and dashboards compared to the previous release. You can now view and report on just about anything within SEP from HIPS events to Policy Exceptions. 

If you are running SEP 12.1 you will be happy to know that SONAR and INSIGHT detection cubes and reports are now available in this release.

A few screen shots included below:

 View Inline Image

View Inline Image

View Inline Image

View Inline Image

View Inline Image

View Inline Image

Filed Under

Comments

_Brian
Trusted Advisor
Certified
01
Aug
2011

Can these break out

Can these break out individual machines/IPs or is it just a high level view?

01
Aug
2011

All have drill down

All have drill down capabilities and you can get all of the details. Most if not all are basically linked to the reports you see in screenshot 1

01
Aug
2011

By the way if your using

By the way if your using custom IPS signature please refer to the article I just submitted to make sure the alerts appear in Analytics. It's a simple fix but took me all day to figure out during my testing. Hopefully it saves others from banging their head against the wall ;)

 

https://www-secure.symantec.com/connect/articles/how-make-custom-sep-ips-signatures-show-it-analytics-reporting-sep

01
Aug
2011

hi

Thanks for writeup, its nice!! 

GrahamA
Symantec Employee
02
Aug
2011

Check out the great new IPS reporting capabilities!

A great addition to this latest refresh of the ITA pack for SEP is the addition of some granular IPS reporting capabilities.

These can for example, allow you to quickly and clearly see who are my most risky users outside the corporate perimeter, what attack types are most commonly hitting our machines, is there anything 'phoning home' that we should be aware of, etc.

I've attached some further screenshots in case you are interested. Lastly, worth noting that ITA can also snap in to the Symantec Protection Center 2.0 console, which increase the power of your centralised mgmt and reporting capabilities even further.

ITA for SEP 12.1 - IPS Detections Trending.png ITA for SEP 12.1 - IPS Detections Reporting.png ITA for SEP 12.1 - IPS Detections Dashboard.png

GrahamA Product Management, Symantec Security Solutions

02
Aug
2011

By the way I forgot to

By the way I forgot to mention that out of the box IT Analytics won't look like some of my screen shots. It's close but I did make some minor changes to the rdl files to display newer looking color palette and a few other things.

I can attach the modified rdl files if your interested.

Ian_C.
Partner
03
Aug
2011

Please attach RDL

Hi.

Please attach the RDL. I like the look of your screenshots.

Please mark the post that best solves your problem as the answer to this thread.
Yahya
Partner
Certified
11
Aug
2011

Version

What version are you exactly using? the RDL modifications look great. Attach please.

24
Aug
2011

Sorry for the delay in

Sorry for the delay in response. I'm still trying to figure out if I can post the RDL's without violating any licensing agreements with Symantec or Bay Dynamics.

In the meantime I will work on step by step instructions on how to edit them and create new ones. This would be more helpful anyways as it allows you to customize everything to fit your needs. The changes I made in the examples are very easy and take very little time.

Yahya
Partner
Certified
30
Aug
2011

Great

Looking forward for your guide :-) 

Vikram Kumar-SAV to SEP
Symantec Employee
Accredited
18
Sep
2011

I am trying to install IT

I am trying to install IT Analytics for a customer but its failing to install NS server. Haven't got time to troubleshoot it. 

But I am really looking forward to install it as the customer has more than 60k clients so it would be very useful.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

19
Sep
2011

What errors ate you getting?

What errors ate you getting? Can you post the log?

Vikram Kumar-SAV to SEP
Symantec Employee
Accredited
28
Sep
2011

Well the first machine where

Well the first machine where I was trying to install it was failing as it was not able to create the share. That server was a hardened server.

So I selected a 2nd machine my bad luck it was a 2003 64 bit machines..after installing .net and asp I found only 2k8 R2 is supported for 64 bit platform. Currently I am waiting for a 2k3 32bit non-hardened server.

Once I get that I'll try again.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.