Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 3644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Viewing List of Viruses in Sophos Enterprise Console

mbjoe

Is there a way to view a list of found viruses/spyware over a set date range in the Sophos Enterprise Console?

Whenever a virus is found and removed, we receive an email but there is no way to quickly view a list of items founds/removed for a given day other then creating a report.

It would be nice to use a similar method for viewing reported viruses similar to that of the Application/Data/Device Event lists.

Does anyone know if there is a feature in the console similar to these for virsues logs?

:9295


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The preferred method I guess for this sort of thing would probably be to use the new reporting interface into the Sophos database:

    http://www.sophos.com/support/knowledgebase/article/112873.html

    Does your organisation use Crystal Reports or SQL Server Reporting Services (SSRS) or any "Client" software that could run SQL queries against the database?  You could even use Excel or Access if that would do?

    Otherwise as an alternative, one optional part of the Reporting Interface package is a Windows Service that generates text files based on queries, the idea being that these can be read in by something such as Splunk. Splunk: http://www.splunk.com/ is a phenominal tool for this sort of thing.

    If none of the above of use, It wouldn't be too difficult to knock up a HTA which could make queries against the database, using the supported Reporting Interface as mentioned above.  These queries could report on threat activity over a given date range.

    Here is a forum post dedicated to the interface:

    I hope that offers some guidance. 

    Jak

    Edit:

    I've posted a quick HTA example that can be used to explore the Reporting Interface and added a couple of reports as part of the following thread:

    The code is split over 2 posts due to the 20,000 character limit.

    :9309
Reply
  • 0

    Hi,

    The preferred method I guess for this sort of thing would probably be to use the new reporting interface into the Sophos database:

    http://www.sophos.com/support/knowledgebase/article/112873.html

    Does your organisation use Crystal Reports or SQL Server Reporting Services (SSRS) or any "Client" software that could run SQL queries against the database?  You could even use Excel or Access if that would do?

    Otherwise as an alternative, one optional part of the Reporting Interface package is a Windows Service that generates text files based on queries, the idea being that these can be read in by something such as Splunk. Splunk: http://www.splunk.com/ is a phenominal tool for this sort of thing.

    If none of the above of use, It wouldn't be too difficult to knock up a HTA which could make queries against the database, using the supported Reporting Interface as mentioned above.  These queries could report on threat activity over a given date range.

    Here is a forum post dedicated to the interface:

    I hope that offers some guidance. 

    Jak

    Edit:

    I've posted a quick HTA example that can be used to explore the Reporting Interface and added a couple of reports as part of the following thread:

    The code is split over 2 posts due to the 20,000 character limit.

    :9309
Children
No Data
Unfiltered HTML