Focus on Virus
RE: Symantec AV reporting metrics. Jun 05 2006 06:02PM
Howe, Paul H (paul howe nwa com)
Or the expensive way.....

I pull the log files from the various parent servers, import into
MS/Access and generate reports.

Serge - your metrics seem less than usfull. Engine version, dat updates
etc are rarely very far out of compliance at our site (10K+ desktops).
I post #s on how many different viruses are circulating, # of different
PC infected during the period (not the number of infections, since the
AV reports every infected file). BTW: the usual 80/20% rule applies....
80 % of our PC infections are the same 20% of the users.

Are you looking at reporting on gateway filtering effectivness?

> -----Original Message-----
> From: paul (at) murgatroyd.org (dot) uk [email concealed] [mailto:paul (at) murgatroyd.org (dot) uk [email concealed]]
> Sent: Monday, June 05, 2006 10:17 AM
> To: focus-virus (at) securityfocus (dot) com [email concealed]
> Subject: re: Symantec AV reporting metrics.
>
>
> resending to due to evil HTML email...
>
> ------------------------------
>
> what version of SAV are you running?
>
> Depending on version I can give you ideas on several
> different reporting solutions.
>
> I'm not trying to sell our products or services... just want
> to let you know whats available if you dont want to do this
> the hard way.
>
> Paul Murgatroyd
> Symantec Professional Services
>
> -------- Original Message --------
> > From: "Serge Vondandamo" <serge.vondandamo (at) wanadoo (dot) fr [email concealed]>
> > Sent: Monday, June 05, 2006 2:32 PM
> > To: focus-virus (at) securityfocus (dot) com [email concealed]
> > Subject: Symantec AV reporting metrics.
> >
> > All,
> >
> > I have been tasked to develop Symantec AV reporting metrics. The
> > metrics should help provide visual information (graphs,
> tables, etc)
> > to Senior management on weekly, monthly, quarterly and annual basis
> > per region and WW if needed.
> >
> > I am focusing on providing the followings:
> >
> > - Number of AV clients per region,
> > - Number of AV engines, versions, per region,
> > - Information on AV defs per region, frequency of updates,
> versions of
> > AV definitions, age of AV definitions (i.e. two weeks old,
> two months
> > old, very old, etc).
> > - Status of AV clients per region - i.e. auto-protect enabled or
> > disabled, threat found, old definitions, etc.
> > - Any other information that will be useful for big boss not
> > interested on technical data.
> >
> >
> > I am looking for pointers, idea and suggestion from those who have
> > already done so; I will not try to re-invent the wheel ;)
> >
> > Thanks for your inputs.
> >
> > Regards,
> > Serge Vondandamo, HND, CISSP, CCNA.
>
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus