1 Reply Latest reply on Feb 3, 2011 1:49 AM by Attila Polinger

    Qustion about reports

      Hi all

       

      I run several reports, among them is: "Detections per Product"

      I thought this will generate a reports with the name of the threat detected, PC and location.

      I attach a screen-dump of the output of the report, obviuosly it lack lots of info (for example, the first line is "action: None"... action for what???)

      PS - I deleted the coulmns SystemName and IP address (these details apear in the report)

       

      Can someone advise if I should choose another report to specify the information I want or another way around this?

      We run epo4.5

       

       

      thanks

      Sam

        • 1. Re: Qustion about reports
          Attila Polinger

          Hi,

           

          generally, this could be a factory report that you can enhance, extend or finetune. Usually what I recommend is to start with finetuning with events received. Many events are received superfluously, for example startup and stopping of services, update result, scan timed out events, etc.

          Unless you filter for these, these appear in the reports (mostly because the event severity). You can filter these in ePO server (thus Ĺ‘pertaining toe very report) on in selected reports.

           

          After that you could separate useful (remaining) events into events by VSE modules, such as Access Protection module, BOF module OAS or ODS modules, etc. These can be in one or in separate reports.

           

          Following you could select proper fields for the report, in many cases, for example, Action Taken is recommended to be interrpeted with Event Description, etc. to provide a complete picture.

           

          HTH

           

          Attila