Endpoint Protection

Hi All,

I'm wondering, does anyone know if there are "management level" metrics reports that can be run in SEP?  I've looked through the reports, and they seem to list every virus, client, etc. in full detail.  I'm looking for metrics reporting; total number of viruses found in a month, overall count of the types of viruses found, total number of network intrusions prevented, total number of machines cleaned, etc.  For example, if I look under the "Risk" reports, choose "Infected and At Risk Computers," then choose a time range of "Past month," the report shows each individual system, with each individual virus...and apparently the list is too long because it ends with "The rows in this report have been limited to the maximum specified in your preferences." 

Do any "rollup" type reports exist, or is it possible to create them?  Thanks,

C. Nimmer

There is a "Full Report" option under some of the categories that will give you some of the information.  I pull the information you are looking for from there and also go directly into the database in read only mode to export specific tables to manually gather additional information.  I haven't had much luck getting detailed data on the firewall/ids components from the reporting interface yet. 

If it helps I can get more information tomorrow on the specific reports I run to gather my statistics for our mangement team.

Log on to the SEP Manager Console

Go to Reports > Quick Reports
Report type : risk
Select a report: Comprehensive Risk Report

Time Range: Past month or Current month or whatever time range you choose.

Or you can have it sent to your email on a timely interval by clicking the Scheduled Reports tab.

You can also configure the comprehensiver risk report based on below mentioned risk types

	Risk Distribution
		New risks
		Distribution by risk name
		Distribution by risk severity
		Distribution by risk type
		Distribution by computer
		Distribution by server
		Distribution by group
		Distribution by domain
		Distribution by user
		Distribution by source
		Distribution by action

Thanks and regards,
Nirav Mistry

Mon_Raralio nailed it on the head.  That's what I get for trying to think about the settings without the window in front of me.  :)

To expand on what scheduling this type of report do as Mon_raralio suggested:

Log on to the SEP Manager Console

Go to Reports > Quick Reports
Report type : risk
Select a report: Comprehensive Risk Report

Time Range: Past month or Current month or whatever time range you choose.

Before hitting Create Report, click Save Filter.  Name the saved filter something logical to you.

Click the Scheduled Reports tab.
Click Add
Fill out the Report Name, Description.
Select the Report Type
Select the Comprehensive Risk Report
Select your Saved filter
Setup the schedule (Run Every)
Finally setup the report to be emailed directly to you.

Cheers
 

Thanks all for the input, the comprehensive risk report is exactly what I was looking for!  It will be scheduled posthaste :)

Hey jeffwichman, I would be interested in the tables\columns you pull your data from in SQL though...

Thanks again!

@jeffwichman: I'm also interested on how to get the data directly from SQL assuming that it is embedded and what GUI client you'd suggest.

In response to the SQL statements... I was thinking of the SQL tables I use to get a better look at IDS alerts.  However I am writing a new article to get some really good metrics/statistics from SEPM.  It should be done by either Friday or Sunday.

Here is the first draft.  I'm going to continue working on metrics from SEP over the next couple of months.  I will update/create articles as I go.  If anyone has ideas for metrics from SEPM let me know.

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm