Hi, I am looking to pull some specific SEPM metrics for our environment. Can someone assist as to the best place to get the following informaiton -

• Number of worm outbreaks
• Top 10 malware list
• Top malware sources by geography that is detected/prevented
• Number of E-mail virus events
• Number of rootkits detected/prevented
• Number of SEPM detections
• Number of SEPM auto-prevented attacks
• Number of SEPM quarantined files

Any help would be much appreciated.

Thanks

Check out the Reports section in the SEPM. You can set report types for Risk, NTP, etc. Those reports can be very helpful for what you need.

These links may also be helpful, although slightly older, they still apply:

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm-part2

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm-part-three

Check this excellent article from Jeff

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm

Many thanks guys...

Any more suggestions?

Thanks for the above links guys, I was able to compile some very useful information using the above guides.

Can somone tell me whether it is possible to detect the source (geographically) of a threat that is prevented within SEP? Therefore the possibility of informing us where the threat is coming from (I appreciate that proxies may distort this information but any info would be a help).

Cheers

You need to use Risk Tracer for that. Here is the info related to that.

What is Risk Tracer?

http://www.symantec.com/business/support/index?page=content&id=TECH102539