-----Original Message-----
From: Serge Vondandamo [mailto:serge.vondandamo@wanadoo.fr]
Sent: Sunday, June 18, 2006 1:15 AM
To: 'Ted Senn'
Cc: focus-virus@securityfocus.com; 'sekure'
Subject: RE: Symantec AV reporting metrics.
I forgot to add that,
I have up to 6000 Clients located WW (Europe, Americas, APAC,
and Middle-east).
Thanks,
Serge
-----Message d'origine-----
De : Serge Vondandamo [mailto:serge.vondandamo@wanadoo.fr]
Envoyé : dimanche 18 juin 2006 08:11
À : 'Ted Senn'
Cc : 'focus-virus@securityfocus.com'; 'sekure'
Objet : RE: Symantec AV reporting metrics.
All,
Thank you for your pointers.
I have tried the manual process but it doesn't give good
metrics for my audience (CTO, CSO, CIOs, IT Managers).
I have tried to convince IT folks to upgrade to 10.1 so I can
use the reporting module but no one want to upgrade to a
vulnerable version of the AV.
They don't believe in the patch provided by Symantec since I
am not able to test it and provide a technical report - patch
the app and try to exploit the vulnerability and report.
Please, could you help me on the following?
1. Do you have a screenshot of the reporting module? Graphs,
type of metrics it can provide, etc?
2. Do you know how I can patch 10.1 and test the
effectiveness of the patch?
Thanks,
Serge
-----Message d'origine-----
De : Ted Senn [mailto:ted.senn@zurichna.com]
Envoyé : vendredi 9 juin 2006 15:58
À : serge.vondandamo@wanadoo.fr
Cc : focus-virus@securityfocus.com; 'sekure'
Objet : RE: Symantec AV reporting metrics.
Installing the reporting server is the start. Unless you
have a small number of clients I would recommend a separate
system. The reporting server is somewhat CPU intensive in my
experience.
Each AV server will need to have reporting agents installed
on them. However for testing you can set up the reporting
server and only those AV servers that you want to test with
would need the reporting agents installed. You will need the
SAV 10.1 SSC to configure the agents
Yes 10.1 needs to be maintenance patched to 10.1.0.400 and
point patched to 10.1.0.401
Ted Senn
Security Engineer
Distributed Security
847-605-6837
"Serge Vondandamo"
<serge.vondandamo@ To: "'Ted Senn'"
<ted.senn@zurichna.com>
wanadoo.fr> cc:
<focus-virus@securityfocus.com>, "'sekure'" <sekure@gmail.com>
Subject: RE:
Symantec AV
reporting metrics.
06/08/2006 09:26
PM
Thanks Ted,
If I understand, I just need to install the 10.1 and the
reporting server in one of my primary and that is it?
Is there any eval version of it? I will like to test it on my
lab first. BTW, is the 10.1 affected by the recent Symantec
products vulnerability?
Thanks,
Serge
-----Message d'origine-----
De : Ted Senn [mailto:ted.senn@zurichna.com]
Envoyé : mardi 6 juin 2006 14:24
À : serge.vondandamo@wanadoo.fr
Cc : focus-virus@securityfocus.com; 'sekure'
Objet : RE: Symantec AV reporting metrics.
I am running Reporting server without any problem on version
10, and 9 servers. The agent installs and reports back to
the reporting server. You may need a special group with 10.1
for the reporting server only, but the reporting will work
with the lower version AV servers ( agent will not install on
NT systems)
Ted Senn
Distributed Security
"Serge Vondandamo"
<serge.vondandamo@ To: "'sekure'"
<sekure@gmail.com>
wanadoo.fr> cc:
<focus-virus@securityfocus.com>
Subject: RE:
Symantec AV reporting metrics.
06/05/2006 03:30
PM
Sekure and all,
Thanks but we don't have version 10.1 and unfortunately, I
have to find a way to report with the versions we have. I may
suggest to upgrade but that will not be possible now - IT Ops
folks and other IS Managers will be difficult to convince -
given the heavy IT Governance and change process we have in place.
We currently have version 8 in few sites, version 9 and 10 in
the majority of the sites.
Paul, your pointers are more than welcome!!!
Thanks,
Serge
-----Message d'origine-----
De : sekure [mailto:sekure@gmail.com]
Envoyé : lundi 5 juin 2006 20:51
À : Serge Vondandamo
Cc : focus-virus@securityfocus.com
Objet : Re: Symantec AV reporting metrics.
Symantec Corp AV 10.1 has a reporting server module, which
provides pretty pictures for lots of these metrics.
On 6/3/06, Serge Vondandamo <serge.vondandamo@wanadoo.fr> wrote:
All,
I have been tasked to develop Symantec AV reporting metrics. The
metrics should help provide visual information (graphs, tables, etc)
to
Senior management on weekly, monthly, quarterly and annual basis per
region
and WW if needed.
I am focusing on providing the followings:
- Number of AV clients per region,
- Number of AV engines, versions, per region,
- Information on AV defs per region, frequency of updates,
versions of
AV definitions, age of AV definitions (i.e. two weeks old,
two months
old,
very
old, etc).
- Status of AV clients per region - i.e. auto-protect enabled or
disabled,
threat found, old definitions, etc.
- Any other information that will be useful for big boss not
interested
on
technical data.
I am looking for pointers, idea and suggestion from those who have
already
done so; I will not try to re-invent the wheel ;)
Thanks for your inputs.
Regards,
Serge Vondandamo, HND, CISSP, CCNA.
******************* PLEASE NOTE *******************
This E-Mail/telefax message and any documents accompanying
this transmission may contain privileged and/or confidential
information and is intended solely for the addressee(s) named
above. If you are not the intended addressee/recipient, you
are hereby notified that any use of, disclosure, copying,
distribution, or reliance on the contents of this
E-Mail/telefax information is strictly prohibited and may
result in legal action against you. Please reply to the
sender advising of the error in transmission and immediately
delete/destroy the message and any accompanying documents. Thank you.
