Endpoint Protection

In SEPM from where we will find infection source machine I.P. address in Reports tab. Generally we see only top infected clients or machines but not able extract the report to see top infection source in "Report" tab.

login to SEPM -> Monitor -> Risk distribution by Attacker.

If you have Risk tracer enabled, that area will be populated with the IP address of the bad machines.

http://www.symantec.com/business/support/index?page=content&id=TECH94526

Without enabling Risk tracer (disabled by default) the entries regarding the IP source will be empty.

What is Risk Tracer?

In SEPM Dashboard -> Favourite report -> edit -

open windows ->select Risk in Report Type & Select Infected and at risk report in Report name.

OK.

HI, 

Worms and threats that spread across networks by network shares have become more common in recent years. Risk Tracer is an optional feature in Symantec Endpoint Protection (SEP) that records information on what network source a threat has come from so that the root of the outbreak can be easily identified and fixed. 

Risk Tracer can be extremely useful in informing what computers to isolate and scan. For illustration, export a Log History Report from the Symantec Endpoint Protection Manager (SEPM) and hide many of the columns that do not relate to Risk Tracer.
Example: 
"Monitors Tab" on the left hand pane. 
"Logs" on the tab menu (Top of Screen)
"Log Type:" Risk
Default Filter
"View Log" button
Export Search Results.
Import into Excel.
Results below.

http://www.symantec.com/docs/TECH102539

In addition you will get the source information from Network Threat Protection Logs.

Hi

1. Login to SEPM

2. Goto Monitor tab

3. Goto Log tab

4. In the log type Select as "Risk"

5. Select the Time Range

6. Click on View logs

7. Export the logs

When you export the logs search for the tab source IP which will give the Source of attacker

Note: This will be available only when the Risk Tracer is enabled

Regards