8 Replies Latest reply on Mar 2, 2015 3:57 PM by robert.white

    Reporting Device\Datasource Status

    pepelepuu

      Hey all,

      Does anyone know a work around for the another reporting limitation I have encountered?  Here is what I'm trying to accomplish:

      • Click on any reciever, or even the losal ESM, then select the Device status view. That's it.

      Right now, if a client, executive or boss ask me, what I think is a reasonable requests:

      Boss\Client: Joe, what HIPAA devices are you guys monitoring, and what is the status of those devices?

      PEPELePuu: Uhmmm, Sorry sir, all I can give you are screen shots....

      Boss\Client: WTH...

      PePELePuu: I will see what I can do....

      Boss\Client: Ok, well, can you give me a report of all the devices being monitored, and whats being monitored?

      PePeLePuu: Uhhmmm....I can give you a screen print

      Boss\Client: WTH... . Well, since we paid for intergration with ePO, can't you run a report from there.

      PePELePuu: No. Product Limitation.

      Boss\Client: WTH... . Well tell them to "Enhance it".

      PePELePuu: I did that with your last request. And no, it hasn't been responded to yet.

       

      Someone please help. This is becoming a daily scenario for me!!!!!

        • 1. Re: Reporting Device\Datasource Status
          tlcrain

          Great way to ask a question!  I agree with you that a Data Source status report would add value.

           

          In the mean timeTry this :

           

          Select the time frame.

          Select ELM

          Select Event Views -> Source IP Summary

          Under Source IPs -> Export -> Text -> Up to a maximum number of pages [ 10 ]  <<10 is enough for me >>

           

          This should give you a file of IPs, with the number of events collect in the selected time frame.

           

          I would prefer to have the Host name as opposed to IP addresses.

          I would like to also have Data sources with no ( 0 ) events.

          1 of 1 people found this helpful
          • 2. Re: Reporting Device\Datasource Status
            pepelepuu

            Thanks, but I've done that one already. Can't help in my kind of environment. Too big. International, multiple Compliance, VERY LEGAL and time constrained. I have 1000's of data sources in 3 countries, and 5 US cities...

            I think I may have found a work around, but need to test before posting. I appreciate the assist though!!!

            • 3. Re: Reporting Device\Datasource Status
              rcavey

              pepe,

               

                Not sure if this is possible but I thought I read in some release notes/doc that it is possible to add tags/labels.   Sooooo, wonder if it is possible to label/tag or a last ditch effort to group the HIPAA data sources and then generate a daily report with the pretty charts/graphs the execs like?

               

                Just a thought. If I can remember where I read about labels/tags I'll let you know. 

              • 4. Re: Reporting Device\Datasource Status
                acommons

                Have you tried the Overview item in an Event View? That will show you the devices that are generating events. I think you can create a correlation rule (??) for devices that have gone quiet.

                 

                Flow Count will allow you to do something similar for your flow devices.

                • 5. Re: Reporting Device\Datasource Status
                  pepelepuu

                  Thats not what I'm looking for, already have that. But thanks

                  • 6. Re: Reporting Device\Datasource Status
                    rth67

                    One way you could automate it, instead of having to do the screen shots, would be to create a report with section 4 set to "View PDF" - section 5 then allows you to select your View that you would normally screen shot to be created as a PDF - schedule it to run and be emailed to the Exec's.

                     

                    I am looking at other options using the "Query CSV" option in Section 4.

                    • 7. Re: Reporting Device\Datasource Status
                      pepelepuu

                      Thanks RTH67, but I tried this method already and came up empty. McAfee Platinum Support told me to submit a PER.

                      • 8. Re: Reporting Device\Datasource Status
                        robert.white

                        Apologies if you have already tried this:

                        Go to top of the Physical Display tree in the System Navigation Pane.  Click on the Properties icon (far left) in the Actions Toolbar.  In the System Properties pop-up window, right side, near the bottom, there should be a Device Summary Reports line with a View Reports button next to it.  Click it, then click on the Event Time tab in the next pop-up window.  This shows *all* your devices, by Device Name and Type, with the last time reported.  It can be exported, then you can massage these results in a spreadsheet to get numbers for your manager.  HTH.

                        BTW I would like to see this in a graphic display so I can put it in a dashboard but no joy so far.