Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Symantec AV reporting metrics.

from [paul] Network Security [Permanent Link]
Subject: RE: Symantec AV reporting metrics.
Date: Mon, 5 Jun 2006 22:20:35 +0100 
apologies for the delay in replying... i was on my way home!

We have seen customers use many ways to get information out of our log files, 
I've seen some quite useful information extracted using Microsofts Log Parser 
tool. (and could possibly get hold of some scripts)

What you will need if you want to go the manual route however is this link: 
http://service1.symantec.com/SUPPORT/ent-security.nsf/0/57757c1d149130b788256c760069f7f7?OpenDocument

It tells you exactly what the contents of the log file is, what each field 
means and how it is stored - the key point is that the date is stored in hex, 
and corresponds to the date since 1970

However, as reporting has been a big concern for a lot of our customers, we 
have recently released SAV 10.1 which now includes a Reporter tool which is 
also backwards compatible with the previous versions.  Before people slate me 
for trying to sell more product, if you already have either Gold or Platinum 
support, you should be able to get SAV 10.1 for free as part of your 
maintenance contract.  In order to get Reporting working, you only need to 
install the Reporting server onto one server and install agents onto your 
remaining Primary servers.  (If you only have one Primary, you can still 
install the Reporting server onto it without a problem).

In terms of commercially available products, Sawmill have a couple of modules 
now for interpreting our log files and they work very well indeed.

There is of course our SSIM product, but for pure AV log monitoring they really 
are overkill (and expensive) unless you are talking about a serious amount of 
data!

I do hope that helps to some extent, if you have any other questions (I am sure 
there will be!) please feel free to ask (or flame!)

p.

 -------- Original Message --------

Return-Path: <serge.vondandamo@wanadoo.fr> Mon Jun 05 19:11:24 2006
Received: from smtp8.wanadoo.fr [193.252.22.23] by padme.x-entiahost.com with 
SMTP;
   Mon, 5 Jun 2006 19:11:24 +0100
Received: from cheers (APlessis-Bouchard-153-1-79-4.w86-203.abo.wanadoo.fr 
[86.203.134.4])
      by mwinf0808.orange.fr (SMTP Server) with ESMTP id CFCF01C0025B;
      Mon,  5 Jun 2006 20:11:18 +0200 (CEST)
X-ME-UUID: 20060605181118852.CFCF01C0025B@mwinf0808.orange.fr
From: "Serge Vondandamo" <serge.vondandamo@wanadoo.fr>
To: <paul@murgatroyd.org.uk>, <focus-virus@securityfocus.com>
Subject: RE: Symantec AV reporting metrics.
Date: Mon, 5 Jun 2006 20:11:14 +0200
Message-ID: <005301c688cb$6efeaa80$0a01a8c0@cheers>
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_0054_01C688DC.32877A80"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
In-Reply-To: <4759c9e52ea24dbbb0350f532d07074d@murgatroyd.org.uk>
Thread-Index: AcaIr+pomVCYtJhRSreuiXaMKrK73AAG2s0g
X-SmarterMail-Spam: SPF_None

Hi Paul,

 

Versions 9 and 10.

 

Thanks,

Serge

 

  _____  

De : paul@murgatroyd.org.uk [mailto:paul@murgatroyd.org.uk] 
Envoyé : lundi 5 juin 2006 16:52
À : serge.vondandamo@wanadoo.fr; focus-virus@securityfocus.com
Objet : re: Symantec AV reporting metrics.

 

what version of SAV are you running?

Depending on version I can give you ideas on several different reporting
solutions.

I'm not trying to sell our products or services... just want to let you know
whats available if you dont want to do this the hard way.

Paul Murgatroyd
Symantec Professional Services

  _____  

From: "Serge Vondandamo" <serge.vondandamo@wanadoo.fr>
Sent: Monday, June 05, 2006 2:32 PM
To: focus-virus@securityfocus.com
Subject: Symantec AV reporting metrics.

All,

I have been tasked to develop Symantec AV reporting metrics.
The metrics should help provide visual information (graphs, tables, etc) to
Senior management on weekly, monthly, quarterly and annual basis per region
and WW if needed.

I am focusing on providing the followings:

- Number of AV clients per region,
- Number of AV engines, versions, per region,
- Information on AV defs per region, frequency of updates, versions of AV
definitions, age of AV definitions (i.e. two weeks old, two months old, very
old, etc).
- Status of AV clients per region - i.e. auto-protect enabled or disabled,
threat found, old definitions, etc.
- Any other information that will be useful for big boss not interested on
technical data.


I am looking for pointers, idea and suggestion from those who have already
done so; I will not try to re-invent the wheel ;)

Thanks for your inputs.

Regards,
Serge Vondandamo, HND, CISSP, CCNA.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Symantec AV reporting metrics., Howe, Paul H
Next by Date:  Re: Symantec AV reporting metrics., sekure
Previous by Thread:  RE: Symantec AV reporting metrics., Howe, Paul H
Next by Thread:  RE: Symantec AV reporting metrics., Serge Vondandamo
Indexes:  [Date] [Thread] [Top] [All Lists]