3 Replies Latest reply on Mar 18, 2012 10:50 PM by epoNovice

    VSE 8.8 reporting on Weekly scan

    epoNovice

      Hi,

       

      We have a full system weekly scan running and I'm trying to create a query on the server which reports on any findings these scans are running.

       

      I can't quite get it right - any ideas.

       

      I've created a new query and selected Threat Events, but am having trouble getting the right detail selected to run the query for just the last week, i can sort the filters etc...any idea or more info needed?

       

      Cheers

        • 1. Re: VSE 8.8 reporting on Weekly scan

          Hi ePO novice,

           

          could you just clarify

           

          do you wants to receive the alert mail wen threats detected ?

           

          or

           

          do you wants the out put of the ODS scan results ?

          • 2. Re: VSE 8.8 reporting on Weekly scan

            Hi ePOnovice,

             

            I think this could help you,

             

            1) Kindly duplicate the query "VSE top 10 detected threats" and edit the duplicated query 

            2)increase the Maximum items from 10 to highest value

            3)click next and next then add the threat events "Analyzer detection method" and select the MAnaged ODS task for example "weekly scan servers" also modify the event generated time as per your requirements

            4)run and save the query

             

             

            1.JPG

            2.JPG

             

            3.JPG

             

            5)create a new server task server task  and scedule it after the scan complete( but you need to aware when the scan will gets complete )

             

            Note : am not 100 % sure this will perfectly work because we need some fine tune this  to get successfull

            1 of 1 people found this helpful
            • 3. Re: VSE 8.8 reporting on Weekly scan
              epoNovice

              Hi Lakshmanan,

               

              Thanks for your reply, I was just after the Output of the scan results to see what we were being hit by and what was being caught/ deleted. (workstations only)

               

              What I've ended up doing is creating threat queries and basing them on Event ID's from the server.

               

              So My First scan is based on Event ID 1202 (number of Scans started)

              - Event 1203, Number of On Demand scans completed

              - Event 1039, Scan found and cleaned/deleted....etc  ( I think for this I might just need to trawl through the event ID's and add in an entry for each ID that relates to a action that cleans or removes a threat.

              - Event 1035, Scans that were cancelled.

               

              I just set the generation time to the last 4 days and on Monday morning I can get a decent understanding of what ran on the friday scan.

               

              Any other tips would be much appreciated.

               

              Thanks