We use the Sophos Enterprise Console (SEC) 5.3.0 and currently we get e-mails only with a virus-warning-message in the subject of this mail, but without detailled content about the virus or the maschine who is infected. Is it possible to configure the SEC in that way to send our admins per mail more details about the issue?
we have had the same issue in regards to reporting and its something we have feed back time and time again. In the end with the help of a friendly SQL admin we created another DB and used this to pull the data in. What this allows us to do is to get all the information held about a threat event and then use the 2nd DB and its table to feed our call logging system. hope this helps
SELECT SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatInstanceID AS EventID, dbo.Events.MarvalID, SOPHOS521.dbo.ComputersAndDeletedComputers.Name,
CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 / 256 / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress % 256 AS VARCHAR) AS IPAddress,
SOPHOS521.dbo.ComputersAndDeletedComputers.DomainName, SOPHOS521.dbo.ComputersAndDeletedComputers.LastLoggedOnUser,
SOPHOS521.dbo.ComputersAndDeletedComputers.LastMessageTime, SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatName,
ThreatTypes.Description AS ThreatType, ThreatSubTypes.Description AS ThreatSubType, SOPHOS521.dbo.ThreatInstancesOutstanding.FullFilePath,
SOPHOS521.dbo.ThreatInstancesOutstanding.CleanUpable, SOPHOS521.dbo.ThreatInstancesOutstanding.Outstanding,
SOPHOS521.dbo.ThreatInstancesOutstanding.IsRebootRequired, SOPHOS521.dbo.ThreatInstancesOutstanding.FirstDetectedAt,
SOPHOS521.dbo.ThreatInstancesOutstanding.InsertedAt, SOPHOS521.dbo.ThreatInstancesOutstanding.ActionSubmittedAt,
SOPHOS521.dbo.ThreatInstancesOutstanding.DealtWithAt, CleanupStatuses.Description AS CleanupStatus
FROM SOPHOS521.dbo.ComputersAndDeletedComputers INNER JOIN
SOPHOS521.dbo.ThreatInstancesOutstanding ON
SOPHOS521.dbo.ComputersAndDeletedComputers.ID = SOPHOS521.dbo.ThreatInstancesOutstanding.ComputerID INNER JOIN
dbo.Events ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatInstanceID = dbo.Events.EventID LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations
WHERE (EnumID = 2)) AS CleanupStatuses ON SOPHOS521.dbo.ThreatInstancesOutstanding.Status = CleanupStatuses.EnumValue LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations AS Enumerations_2
WHERE (EnumID = 7)) AS ThreatSubTypes ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatSubType = ThreatSubTypes.EnumValue LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations AS Enumerations_1
WHERE (EnumID = 1)) AS ThreatTypes ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatType = ThreatTypes.EnumValue
WHERE (SOPHOS521.dbo.ComputersAndDeletedComputers.LastMessageTime >= CONVERT(DATETIME, '2015-09-09 00:00:00', 102))
we have had the same issue in regards to reporting and its something we have feed back time and time again. In the end with the help of a friendly SQL admin we created another DB and used this to pull the data in. What this allows us to do is to get all the information held about a threat event and then use the 2nd DB and its table to feed our call logging system. hope this helps
SELECT SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatInstanceID AS EventID, dbo.Events.MarvalID, SOPHOS521.dbo.ComputersAndDeletedComputers.Name,
CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 / 256 / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress / 256 % 256 AS VARCHAR)
+ '.' + CAST(SOPHOS521.dbo.ComputersAndDeletedComputers.IPAddress % 256 AS VARCHAR) AS IPAddress,
SOPHOS521.dbo.ComputersAndDeletedComputers.DomainName, SOPHOS521.dbo.ComputersAndDeletedComputers.LastLoggedOnUser,
SOPHOS521.dbo.ComputersAndDeletedComputers.LastMessageTime, SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatName,
ThreatTypes.Description AS ThreatType, ThreatSubTypes.Description AS ThreatSubType, SOPHOS521.dbo.ThreatInstancesOutstanding.FullFilePath,
SOPHOS521.dbo.ThreatInstancesOutstanding.CleanUpable, SOPHOS521.dbo.ThreatInstancesOutstanding.Outstanding,
SOPHOS521.dbo.ThreatInstancesOutstanding.IsRebootRequired, SOPHOS521.dbo.ThreatInstancesOutstanding.FirstDetectedAt,
SOPHOS521.dbo.ThreatInstancesOutstanding.InsertedAt, SOPHOS521.dbo.ThreatInstancesOutstanding.ActionSubmittedAt,
SOPHOS521.dbo.ThreatInstancesOutstanding.DealtWithAt, CleanupStatuses.Description AS CleanupStatus
FROM SOPHOS521.dbo.ComputersAndDeletedComputers INNER JOIN
SOPHOS521.dbo.ThreatInstancesOutstanding ON
SOPHOS521.dbo.ComputersAndDeletedComputers.ID = SOPHOS521.dbo.ThreatInstancesOutstanding.ComputerID INNER JOIN
dbo.Events ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatInstanceID = dbo.Events.EventID LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations
WHERE (EnumID = 2)) AS CleanupStatuses ON SOPHOS521.dbo.ThreatInstancesOutstanding.Status = CleanupStatuses.EnumValue LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations AS Enumerations_2
WHERE (EnumID = 7)) AS ThreatSubTypes ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatSubType = ThreatSubTypes.EnumValue LEFT OUTER JOIN
(SELECT EnumID, EnumValue, Description
FROM SOPHOS521.dbo.Enumerations AS Enumerations_1
WHERE (EnumID = 1)) AS ThreatTypes ON SOPHOS521.dbo.ThreatInstancesOutstanding.ThreatType = ThreatTypes.EnumValue
WHERE (SOPHOS521.dbo.ComputersAndDeletedComputers.LastMessageTime >= CONVERT(DATETIME, '2015-09-09 00:00:00', 102))
