Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

How to make custom SEP IPS signatures show up in IT Analytics Reporting for SEP

Created: 01 Aug 2011 • Updated: 01 Aug 2011
Language Translations
thatdude's picture
+3 3 Votes
Login to vote

The latest release of the IT Analytics for SEP pack includes many new reports and dashboards including Host Intrusion Prevention System information. If you currently implement custom HIPS signatures in your SEP deployment please follow the steps below to make sure the data appears in your IT Analytics reports and dashboards.

1. Open you custom HIPS signature policy in SEPM
2. Click Add if you currently do not have a custom signature or click edit to modify existing signatures.
3. In the content field you should see the string "msg= This is your custom IPS message".
4. Please add the following: "msg=[SID: 123456] This is your custom IPS message" (Note: You can use any combination of numbers, 123456 is just an example).
5. Repeat for each signature you have.

Why is this needed. IT Analytics for SEP parses the information and looks for the [SID: xxxxx] string and without it the date is ignored and is never added to the IPS reports or dashboards.