This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console 5.5.1 - possible to report on Expolit Prevention alerts?

Hi,

We have set up basic reporting for our information security team to review things like, no. of machines protected, number of viruses/malware detected and resolved etc. but want to know if there's a way to add the number of machines reporting Exploit Prevention alerts as well? There does not seem to be an option in the reports for this, just malware, pua, virus etc.

Running Sophos Enterprise Console v5.5.1 on Server 2008R2.

Thanks,

Steve



This thread was automatically locked due to age.
Parents
  • Hello Steve,

    neither EXP nor Web and Patch numbers are available - don't ask me why. Just curious - what do these numbers tell anyway?

    Christian

  • Hi QC,

    Sorry for the slow reply - i've been away. It was just a request from our InfoSec team to see how manyof these type of alerts we are generating and maybe speak to the users who keep generating them in case they are continually doing something they shouldn't be. I guessed, as you say, that this isn't possible, but it was worth an ask..

    Steve

Reply
  • Hi QC,

    Sorry for the slow reply - i've been away. It was just a request from our InfoSec team to see how manyof these type of alerts we are generating and maybe speak to the users who keep generating them in case they are continually doing something they shouldn't be. I guessed, as you say, that this isn't possible, but it was worth an ask..

    Steve

Children
  • Hello Steve,

    this isn't possible
    it's not possible to modify the predefined reports that you can schedule. With some clicks you can export the data from the Event Viewer as CSV, admittedly deadly dull if you have to do it daily.

    It can be automated using the Reporting Interface or Log Writer, as far as I can see these haven't been updated so that you can specifically extract EXP events and their details, basic information might be in the common data - regrettably I have fortunately no EXP events so I can't check.

    Christian