Data Center Security

 View Only
  • 1.  How to create DCS reports for domain controllers

    Posted May 26, 2017 07:44 AM

    Hi All,

    To all the DCS guru's out there with knowledge on DCS 6.6 Mp1.

    I have assigned the domain controller detection policies to all domain controllers.

    Now I have to setup a monthly report for each domain controller with the following info( Please indicate if info is available or not):

    1. Creation of ID’s
    2. User ID Maintenance
    3. Password Resets
    4. Failed and Successful Logins
    5. Login after hours
    6. System Changes

    Can someone please explain how to create these reports in the DCS java console? Do I start with queries or reports on the console?

     

    Thanks in advance for any help provided.



  • 2.  RE: How to create DCS reports for domain controllers
    Best Answer

    Posted May 31, 2017 03:41 PM

    You would have to start with queries. To cover those items you'll want to document the rule names in the policy and then build your queries. You can start off with the wizard to get going an then use the advanced query option to get the actual sql statement if you want to fine tune it.



  • 3.  RE: How to create DCS reports for domain controllers

    Posted Jun 01, 2017 02:52 AM

    Ok, but why doesnt Symantec have templates that can be modified, rather than start from scratch.
     



  • 4.  RE: How to create DCS reports for domain controllers

    Posted Jun 01, 2017 01:40 PM

    They do have canned queries you can copy and move to your own workspace. You can take the queries and insert them into a report. The you have to execute the report and download it in order to send it out. PS, you're going to be disappointed...

    DCS_Queries.png



  • 5.  RE: How to create DCS reports for domain controllers

    Posted Jun 05, 2017 01:53 AM

    Thanks, the reporting feature for DCS is a complete disappointment.



  • 6.  RE: How to create DCS reports for domain controllers

    Posted Jun 07, 2017 02:27 PM

    Just an FYI, we do license SOLVE to other partners to resell which is superior to any reporting provided by DCS. It's very lightweight and all of the tables of DCS are available in the WebUI. The Scheduler can send out reports via email to stakeholders such as CISO's or Admins alike. One of the differentiaters is that it was designed by DCS focued consultants so if you know DCS, SOLVE is pretty easy to grasp right away.

    I don't have Domain Controllers to give you a demo of what you need but here is an example of what a Dashboard looks like. It would be pretty easy to create a Dashboard like this with the items you mentioned for Detection events. Something to think about.

    SOLVE4DCS_-1.png



  • 7.  RE: How to create DCS reports for domain controllers

    Posted Jun 08, 2017 01:48 AM

    Thanks,will definitely look into it.