1 of 1 people found this helpful
Great way to ask a question! I agree with you that a Data Source status report would add value.
In the mean timeTry this :
Select the time frame.
Select Event Views -> Source IP Summary
Under Source IPs -> Export -> Text -> Up to a maximum number of pages [ 10 ] <<10 is enough for me >>
This should give you a file of IPs, with the number of events collect in the selected time frame.
I would prefer to have the Host name as opposed to IP addresses.
I would like to also have Data sources with no ( 0 ) events.
Thanks, but I've done that one already. Can't help in my kind of environment. Too big. International, multiple Compliance, VERY LEGAL and time constrained. I have 1000's of data sources in 3 countries, and 5 US cities...
I think I may have found a work around, but need to test before posting. I appreciate the assist though!!!
Not sure if this is possible but I thought I read in some release notes/doc that it is possible to add tags/labels. Sooooo, wonder if it is possible to label/tag or a last ditch effort to group the HIPAA data sources and then generate a daily report with the pretty charts/graphs the execs like?
Just a thought. If I can remember where I read about labels/tags I'll let you know.
Have you tried the Overview item in an Event View? That will show you the devices that are generating events. I think you can create a correlation rule (??) for devices that have gone quiet.
Flow Count will allow you to do something similar for your flow devices.
Thats not what I'm looking for, already have that. But thanks
One way you could automate it, instead of having to do the screen shots, would be to create a report with section 4 set to "View PDF" - section 5 then allows you to select your View that you would normally screen shot to be created as a PDF - schedule it to run and be emailed to the Exec's.
I am looking at other options using the "Query CSV" option in Section 4.
Thanks RTH67, but I tried this method already and came up empty. McAfee Platinum Support told me to submit a PER.
Apologies if you have already tried this:
Go to top of the Physical Display tree in the System Navigation Pane. Click on the Properties icon (far left) in the Actions Toolbar. In the System Properties pop-up window, right side, near the bottom, there should be a Device Summary Reports line with a View Reports button next to it. Click it, then click on the Event Time tab in the next pop-up window. This shows *all* your devices, by Device Name and Type, with the last time reported. It can be exported, then you can massage these results in a spreadsheet to get numbers for your manager. HTH.
BTW I would like to see this in a graphic display so I can put it in a dashboard but no joy so far.