Generate a quick report by selecting from the Basic Settings options that appear under "What filter settings would you like to use." If you want to configure additional options to construct a report, click Advanced Settings. The Basic Settings and Advanced Settings vary from report to report.
For a description of each advanced setting that you can configure, you can click Tell me more for that type of report on the Symantec Endpoint Protection Manager Console. Clicking Tell me more displays the context-sensitive Help for that type of report.
You can save the report settings so that you can run the same report at a later date, and you can print and save reports.
Note:The filter option text boxes that accept wildcard characters and search for matches are not case-sensitive. The ASCII asterisk character is the only asterisk character that can be used as a wildcard character.
Table 7-4describes all the Basic Settings available for all types of quick report. Table 7-4 Basic filter settings for quick reports
Description Setting
Specifies the time range of events you want to view in the report. Select from the following times:
■ Past 24 hours
■ Past week
■ Past month
■ Current month
■ Past three months
■ Past year
■ Set specific dates
If you choose Set specific dates, some reports require that you set a Start date and End date. Other reports require that you set the Last checkin time, which is the last time that the computer checked in with its server.
The default is Past 24 hours. Time range
Specifies the start date for the date range.
Only available when you select Set specific dates for the time range. Start date
Specifies the end date for the date range.
Only available when you select Set specific dates for the time range.
Note:You cannot set an end date that is the same as the start date or earlier than the start date.
End date
Using logs and reports to monitor security
Creating quick reports
Table 7-4 Basic filter settings for quick reports (continued) Description
Setting
Specifies that you want to see all entries that involve a computer that has not checked in with its server since this time.
Only available for Computer Status reports when you select Set specific dates for the time range.
Last checkin after
Available for the Network Compliance Status Compliance report. Select from the following:
■ Authenticated
■ Disconnected
■ Failed
■ Passed
■ Rejected
Available for the Compliance Status Compliance report. Select from the following actions:
■ Passed
■ Failed Status
Many of the reports can be grouped in appropriate ways. For example, the most common choice is to view information for only one group or subnet, but some reports provide other appropriate choices.
Table 7-4 Basic filter settings for quick reports (continued) Description
Setting
Available for the Top Targets Attacked Network Threat Protection report. Select from the following:
■ Group
■ Subnet
■ Client
■ Port
Available for the Attacks Over Time Network Threat Protection report. Select from the following: ■ All ■ Group ■ IP Address ■ Operating System ■ User Name ■ Attack Type
Available for the Blocked Applications Over Time and Traffic Notifications Over Time Network Threat Protection reports. Select from the following:
■ All
■ Group
■ IP Address
■ Operating System
■ User Name
Available for the Top Traffic Notifications Network Threat Protection report. Select from the following:
■ All
■ Traffic
■ Packet Target
Available for the Top Risk Detections Correlation Risk report. Select from the following:
■ Computer ■ User Name ■ Domain ■ Group ■ Server ■ Risk Name X-axis Y-axis
Specifies the width of a bin for forming a histogram. Available for the Scan Statistics Histogram Scan report.
Bin width
Using logs and reports to monitor security
Creating quick reports
Table 7-4 Basic filter settings for quick reports (continued) Description
Setting
Specifies the number of bins you want used to form the bars of a histogram. Available for the Scan Statistics Histogram Scan report.
Number of bins
The Advanced Settings provide additional control over the data that you want to view. They are specific to the report type and content.
For a description of each advanced setting that you can configure, you can click Tell me more for that type of report on the console. Clicking Tell me more displays the context-sensitive Help for that type of report.
To create a quick report
1
In the console, click Reports.2
On the Quick Reports tab, in the Report type list box, select the type of report that you want to create. For example, select Risk.3
Under What type of Scan Report would you like to see, in the Select a report list box, select the name of the report you want to view. For example, select Risk Detections Count.4
In the Use saved filter list box, select a saved filter configuration that you want to use, or leave the default filter.5
Under What filter settings would you like to use, in the Time range list box, select the time range for the report.6
If you selected Set specific dates, then use the Start date and End date list boxes. These options set the time interval that you want to view information about.7
If you want to configure additional settings for the report, click AdvancedSettings and set the options that you want. You can click Tell me more on
the Quick Reports tab to see descriptions of the filter options in the context-sensitive Help.
When the 3-dot button is available, it takes you to a list of known options for that choice. For example, this option can take you to a list of known servers or a list of known domains.
You can save the report configuration settings if you think you will want to run this report again in the future.
Using logs and reports to monitor security
Creating quick reports