Endpoint Protection

 View Only

  • 1.  TOP 10 Attack Types

    Posted Jul 29, 2014 11:49 AM

    Hello,

     

    Is there a way to pull Top 10 Attack types report within SEPM in a given time, say 1 year?

     

    Thanks.



  • 2.  RE: TOP 10 Attack Types

    Posted Jul 29, 2014 11:51 AM

    You should be able to get this from the Risk report section. If you keep logs for a year then yes but depends on how long you retain them



  • 3.  RE: TOP 10 Attack Types

    Posted Jul 29, 2014 01:32 PM
      |   view attached

    In our environment, I have gone to reports, Risks and Risk Distribution by Name .  One of the names that comes up is Microsoft Windows  Operating Systems, along with other virus names.  What does Microsoft Windows Operating System means in this report?

     

     



  • 4.  RE: TOP 10 Attack Types

    Posted Jul 29, 2014 01:48 PM

    It means it's a MS Windows file (svchost possibly) or a valid signed file by MS that the risk injected itself into. Do you have have logging turned on for DNS or HOSTS changes?



  • 5.  RE: TOP 10 Attack Types

    Posted Jul 29, 2014 01:52 PM

    yes, so even if we have logging turned on that means researching these hosts individually?



  • 6.  RE: TOP 10 Attack Types

    Posted Jul 29, 2014 01:56 PM

    Yep