Showing results for 
Search instead for 
Did you mean: 

When to become concerned with reporting?

We run a weekly "threats detected" report.  If threats have been detected it is assumed that it is cleaned or corrected via Artemis.  At what point do we become concerned?  should we be concerned?

4 Replies

Re: When to become concerned with reporting?

a good idea would be to enable the automatic response to send you a notification when a threat is found and  not cleaned or deleted. You can then action those detections.

Re: When to become concerned with reporting?

In particular I am looking at the Threats detected report, Week of January 18 there were total 6556 detected.  Week of January 25th there were 10,025 and that is a huge spike.  Are you saying don't worry about that spike and just worry about the items that are not cleaned or deleted?  I don't need to be concerned with the increase of detections?  Looking forward to your thoughts and anyone else that has any..  thanks!

Re: When to become concerned with reporting?

Personally with a spike like that I would spend a little time drilling-down into the report to see what caused it, even if it is just for peace of mind. It could even be just one machine.

With that knowledge you will be better placed to know if policies need adjusting or you need to speak with a few users.

Certainly I would look into any clean failures.



Re: When to become concerned with reporting?

i agree with Rob, spend some time looking through the reports. You might find it to be scanner time outs, then you can filter those out of the queries.

Two reports I would create and get them emailed to you on a daily basis:

  1. Top 10 Machines reporting infections, where the scan result was no action taken.
  2. Top 10 Sources of infections

Remember, the new ePO query builder is highly customizable, so play around with it. Make it do what you want to see.