Endpoint Protection

Hi guys,

1st post.

The reporting tools for SEP sucks, so my boss would like me (the SQLDBA) to pull data from the SEP database so we could link it to some tables in remedy, and do our own reports on it.

The problem I am having is making since of the info in the tables. For example, if I look in the SEM_Agent table, there are fields for "Last Download" and Last Update, etc, but they use some sort of timestamp code, and I dont know how to translate that into normal datetime standards. Has anybody done something like this, or know where I can find some info on the SEP tables and their descriptions.

Also, do you know if messing with the database voids warranties and support contracts with Symantec.

Thanks for the help guys.


RH

RH,

You may want to look at IT Analytics for Symantec Endpoint Protection. IT Analytics converts the relational data in SEP to OLAP cubes for easy reporting. Read this article for some details https://www-secure.symantec.com/connect/articles/altiris-it-analytics-61-users-guide. There are default reports and trends with the real power being easy reporting with pivot tables and charts. IT Analytics is a member of the Altiris product family and only requires the implementation of the Notification Server for reporting on SEP data although there are advanced views if when used with the Altiris Asset Managment products.

Talk to your account manager about a demo.

Here are some screenshots of SEP reporting via IT Analytics:

Client Dashboard


Scan Trend Report


Alert Pivot Table

The Altiris software looks nice, but we shouldn't have to purchase yet another product to get the reports we need. Our organization has DBA's capable of creating the proper reports. We just need some documentation on the schema used in the db so that we can know "what's what" and where to find it.

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/mr3/11.0_MR3_Database_Schema_Reference.pdf