Logs will only be present for attacks if the Network Scanning feature is enabled on the SEP clients. This report will show the top machines that are specifically trying to spread a threat throughout the environment. Note: These can be exported into CSV format for manipulation within a spreadsheet program. Choose Log Type: "Network and Host Exploit Mitigation" Steps to pull the Network Threat Protection Attack logs:ģ. You can get specifics by pulling the Network Threat Protection Attack logs. While the above report will give you a quick overview of the top offenders, it does not go into specifics such as exactly what was detected. Choose the time range to cover such as "Past week" Choose Report Type: "Network and Host Exploit Mitigation"Ĥ. Steps to generate the Network Threat Protection Top Sources of Attack Report:ģ.
These logs will only be present if the machines have the Intrusion Prevention (IPS) feature installed and enabled. Information like this is useful when (for example) seeking to identify which infected endpoints are attempting to spread W32.Qakbot to other machines. This report will show you the IP addresses of the machines generating the most attacks on the network.
Some of those reports, and the requirements necessary for reporting to work properly, are outlined below.
Within the SEPM, reports and logs can be generated to identify infected machines and locate the top sources of infection. When dealing with a threat outbreak, the various reports and logs within the SEPM (Symantec Endpoint Protection Manager) can greatly assist in identifying machines that are infected and trying to spread the threat to other computers on the network.
0 kommentar(er)
