Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

The comprehensive risk report needs to have more information about the IPS risk detected or a new report needs to be created for these risks.

Created: 14 Sep 2009 • Updated: 12 Dec 2009 | 7 comments
James Lawson's picture
26 Agree
0 Disagree
+26 26 Votes
Login to vote
Status: In Review

The comprehensive rish report does not have enough information to determine what IPS threat have been detected and what computers have been found with threats that need to have fixed.  Either the report needs to be changed to include the following or another report needs to be added to the list for the items shown. 

The following items are needed to help determine what machines need attention and why they need attention.

IPS attacks alerts

       Type           Amount                   Source
  RPC BO          5 Attacks            Computer 1
                        10 Attacks            Computer 2

  Smurf              30 Attacks            Computer 3
               Total  45 Attacks
 

Comments 7 CommentsJump to latest comment

Leigh Tomkinson's picture

This is definitely needed , otherwise you do not know how to remediate the IPS Attack. Apparently this is a known defect and has not been fixed as not enough people have complained about it....So people please start voting!

+1
Login to vote
CJ ROUX's picture

To remediate an attack, this information is really important.

I can see no reason why this should not be working. Customers and Symantec benefits.

+1
Login to vote
JimW's picture

ill check into what it will take to add.

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

0
Login to vote
Clint's picture

I'm currently running SEPM 12.1.5 where I was trying to find a report that shows the IPS alerts but came up empty.  One of our security guys tried to get to a website and got "[SID: 28821] Web Attack: Mass Injection Website 19 detected".  Found http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28821 which describes the attack but wanted to see the alert the user got in my SEPM along with their computer name to validate the popup that they saw.  So are you guys saying such a report doesn't exist; even in the latest 12.1.6?

Clint

0
Login to vote