Decided to post something other than questions for a change.
I was recently assigned the task of creating an monthly executive report based on the MVM data. Using the built-in reports was out of question for obvious reasons (one I can remember is the lack of a Top x vulnerabilities... go figure why its not included...).
Since selecting data directly from the SQL is not advisable, I have decided to work with the CSV report types. However the first obstacle was the recommendation and banners fields, on which the line breaking chars (\n) where messing with the parsing scripts. So how to remove them?
I have edited the file x:\Program Files\Foundstone\XML Reports\CSV\config.xml to:
<?xml version="1.0" encoding="UTF-8" ?>
By editing the values to '1' the items are excluded
These new csv files are much easier to import into excel and therefore used for building charts.
You can also use the CSV in MS Log Parser (look for Log Parser Lizard) and build SQL queries to select data from the CSV files. This will allow you to build Top x Vulnerabilities, and many others.
If anyone is interested, I already have a pack of queries that can share.
Thanks for the post, it's great to see it when our community members share information, that's what this forum is all about.
I do want to suggest backing up the original config.xml in case of typo or something.
And as always, manual changes like this would be unsupported, and overwritten by any future product updates.
Have a great day!
The modification that I've suggested isn't really not that 'crafty'. Its a configuration file, properly structured for allowing that modifications, that wasn't (yet?) ported to the web management interface.
Sure that upgrade might erase the configuration file, no problem, I will look for the file manually and change it again.
At this time 100% of my reports are based on the CSV & Log Lizard, in order to generate the charts needed. I'm no longer using the PDF/HTML reports.
AFAIK, the biggest flaw is selling the remediation module without any kind of report support. That means that we can't track reports assignees, takings metrics of ticket response time, number of closed/ignored/etc tickets. Without reporting the remediation module is only useful if you export to another ticketing solution...
Hi Friends, I am Cine and I have read your site in a very deep and I would like to appreciate you on this brilliant effort. You have provided some thing so much different that I can't have words for thanks.
Sure .Can you post them here . If not ,let me know and I can send you my gmail address . By the way ,I am also waiting for the day when Mcafee Product team starts focusing on Reporting as well .
Currently i am having challenges in generating executive summary reports from MVM.
Can you share pack of queries to fetch required data through MS log parser?