2 of 2 people found this helpful
Every night? Double check success rate:
Build a threat event query / Configure Chart: Multi-line Chart: Line values - # of threat events <> Line labels - Event Description <> Time base - Event Generated <> Under Filter Event ID: Equals - 1202 or Equals - 1203 <> run. This should provide a line graph of start/finish of your on-demand scan.
How large is your environment?
Yes every night we have about 30K clients
1 of 1 people found this helpful
Add the following to the query: Under the filter: Event Generated Time - 1 week ... or 1 day. You'll be able to get a good idea of how many scans are actually starting/completing.
As for if that's a "good time"; depends on if it's impacting your business environment and/or the query results. Are you seeing an increase of daily infections? Meaning, if you're seeing an increase in daily infections, check the last time those systems successfully completed your scan. This type of information builds a case for increasing the time / amount of scans OR leaving your current schedule alone and perhaps going down the road of AUP training for the end user.