Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1660 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unexpected devices have been imported to SEC 550

Faisal Raza1

Hi Everyone,

 

Somehow accidentally or unintentionally the machines and the devices are imported from Active Directory to SEC 550 by one of my colleague. The additional numbers of 700+ are exceeded to SEC.

 

Looking for any script to quickly sort or manage and revert back the console to right numbers. Unfortunately there's no backup for DB. Please advise if there's any SQL script or any other script which can help me this this scenario.

 

Also if there's a way to find how and when the devise were added to SEC by which user? 

 

Thanks in well Adv.

Regards

Faisal Raza 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Faisal Raza1,

    If the import from AD put these additional machines in a different group, simply select this group to change your view in Enterprise Console, press Ctrl + A to select all computers, right click and delete them.


    An alternative option is to back up the SQL database and run this SQL query, modifying it to the date that these computers were unintentionally imported in:

    select Name, InsertedAt from dbo.computersanddeletedcomputers where InsertedAt >= '2019-05-22'

     

    Once verified these are the computers to delete, you can run the below SQL query to delete them:

    delete from dbo.computersanddeletedcomputers where InsertedAt >= '2019-05-22'

     

    Unfortunately there is no way to find out how and who added a computer into SEC.  These actions are not logged in the audit logs: https://docs.sophos.com/esg/enterprise-console/5-5/help/en-us/PDF/sec_audit.pdf

    If there are no other options, you can delete all the computers from Sophos Enterprise Console and have all the active machines automatically repopulate once endpoints send a heartbeat back to SEC. 

  • 0 in reply to SJaramillo

    Hello SJaramillo,

     

    Thanks for your quick reply and very informative feedback on my question. So if I delete all the machines from the SEC those will automatically appear in SEC? Since I don't have Active Directory Synchronization is enabled in our environment.

    Also would highly appreciate if you please can help me in the best practice to maintain and manage the SEC and the endpoint client machines. I've several machines with different errors as Unknown or No status under Update tab or Computer Details as well.

    I will run the provided SQL query and the script once I am back to office and will update you.

     

    Thanks once again.

    Best Regards

    Faisal Raza

  • 0 in reply to Faisal Raza1

    Hello SJaramillo,

     

    The incident was happen almost 3 weeks before and I was on vacation. Unfortunately we don't have the backup for the DB so hopefully the provide SQL script will help me with 3 weeks older dates mentioning in the script.

    Thanks

    Regards

    Faisal  

Reply Children
No Data
Unfiltered HTML