Reports to Baseline "normal" behavior of SEP clients in your environment
We are trying to determine how to stop virus outbreak before it happens. In our environment, we maybe get one or two each year, and it is easily contained.
I am trying to determine the type of reports I should create to baseline normal behavior of SEP client. Normal meaning that there are no virus outbreaks, and anything that looks different means there is a sign there may be an outbreak on the horizon.
There are seven report types that are available
1. Application and Device Control
3. Computer Status
4. Network Threat Protection
So far, I narrowed it down to three reports we may want to look at
1. Network Threat Protection
But, I am stumped on how to break it down further. For instance Network Threat Protection: Traffic has many options (see attached).
Are there recommended metrics to use? Perhaps Symantec wrote about this, or there may be case studies on other organizations that have baselined their environment to detect when they are few steps away from a virus outbreak.
Any guidance is greatly appreciated.