Sophos Reporting Interface user guide. Product version: 5.2



Similar documents
Sophos Reporting Log Writer user guide

Sophos Enterprise Console Auditing user guide. Product version: 5.2

Sophos Deployment Packager user guide. Product version: 1.2

Sophos Enterprise Console server to server migration guide. Product version: 5.2

Sophos SafeGuard Native Device Encryption for Mac quick startup guide. Product version: 7

Sophos Anti-Virus for Mac OS X network startup guide

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

Sophos Reporting Interface Creating Reports using Crystal Reports 2008

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Sophos Anti-Virus for NetApp Storage Systems startup guide

SafeGuard Enterprise upgrade guide. Product version: 7

SafeGuard Easy upgrade guide. Product version: 7

Sophos Endpoint Security and Control on-premise installation best practice guide. Endpoint Security and Control 10 Enterprise Console 5

Sophos for Microsoft SharePoint Help

Sophos Cloud Migration Tool Help. Product version: 1.0

Sophos for Microsoft SharePoint Help. Product version: 2.0

SafeGuard Enterprise upgrade guide. Product version: 6.1

Sophos SafeGuard File Encryption for Mac Quick startup guide. Product version: 6.1

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Sophos Endpoint Security and Control Windows Embedded test guide. Product version: 10

Sophos for Microsoft SharePoint startup guide

Sophos Computer Security Scan startup guide

Sophos Endpoint Security and Control How to deploy through Citrix Receiver 2.0

Sophos Endpoint Security and Control standalone startup guide

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Sophos Enterprise Console quick startup guide. Product version: 5.1 Document date: June 2012

SafeGuard Enterprise Web Helpdesk

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Sophos Endpoint Security and Control Managed Service Provider guide for single server. Product version: 10

SMALL BUSINESS EDITION. Sophos Control Center startup guide

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Mobile Control Technical guide

SafeGuard Easy startup guide. Product version: 7

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Sophos Endpoint Security and Control Managed Service Provider guide for a single server. Product version: 10

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

Sophos Mobile Control Installation prerequisites form

How to Configure a Secure Connection to Microsoft SQL Server

Management Center. Installation and Upgrade Guide. Version 8 FR4

Sophos Mobile Control User guide for Windows Mobile

Sophos Enterprise Console policy setup guide. Product version: 5.2

MBAM Self-Help Portals

4.0. Offline Folder Wizard. User Guide

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

MadCap Software. Upgrading Guide. Pulse

Sage 100 ERP. Installation and System Administrator s Guide

Sophos Mobile Control Super administrator guide. Product version: 3

Sophos Enterprise Console Help

Data Domain Discovery in Test Data Management

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

Release 2.0. Cox Business Online Backup Quick Start Guide

How To Encrypt A Computer With A Password Protected Encryption Software On A Microsoft Gbk (Windows) On A Pc Or Macintosh (Windows Xp) On An Uniden (Windows 7) On Pc Or Ipa (Windows 8) On

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

Sophos Endpoint Security and Control Managed Service Provider guide for a distributed system. Product version: 10

Sophos Mobile Control Installation guide

Generating an Apple Push Notification Service Certificate

Connecting to Manage Your MS SQL Database

Sophos Anti-Virus for Linux startup guide. Product version: 9

Sage ERP MAS 90 Sage ERP MAS 200 Sage ERP MAS 200 SQL. Installation and System Administrator's Guide 4MASIN450-08

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Compatibility with Encryption Products

Virtual Web Appliance Setup Guide

Copyright Texthelp Limited All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Sophos Anti-Virus for Linux user manual

Top Four Considerations for Securing Microsoft SharePoint

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Data Domain Profiling and Data Masking for Hadoop

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

CA Nimsoft Monitor. Probe Guide for Active Directory Response. ad_response v1.6 series

Server Installation Guide ZENworks Patch Management 6.4 SP2

SafeGuard PrivateCrypto 2.40 help

Symantec Endpoint Encryption Full Disk

Creating Reports Crystal Clear

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Desktop Release Notes. Desktop Release Notes 5.2.1

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

How to Configure Sophos Anti-Virus for Home Systems

ESET REMOTE ADMINISTRATOR. Migration guide

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Windows Hard Disk Encryption

Server Installation ZENworks Mobile Management 2.7.x August 2013

Decision Support System Software Asset Management (SAM)

Asset Inventory Reference

Integration with IP Phones

Transcription:

Sophos Reporting Interface user guide Product version: 5.2 Document date: January 2013

Contents 1 About this guide...3 2 What is Sophos Reporting Interface...4 3 About using Sophos Reporting Interface...5 4 What information can be accessed?...6 5 Reporting Interface data sources...9 6 Appendix: Configure Crystal Reports with Reporting Interface...15 7 Technical support...16 8 Legal notices...17 2

user guide 1 About this guide This guide describes Sophos Reporting Interface that enables you to use third-party reporting software to generate reports from threat and event data in Sophos Enterprise Console. It is intended for use by system administrators and database administrators. It is assumed that you are familiar with and already using Sophos Enterprise Console (SEC) version 5.2. Note: If you want to export data to third-party log-monitoring applications, for example Splunk, you can do so with Sophos Reporting Log Writer. For more information, see the Sophos Reporting Log Writer user guide. Sophos documentation is published at http://www.sophos.com/en-us/support/documentation.aspx. 3

Sophos Reporting Interface 2 What is Sophos Reporting Interface Sophos Reporting Interface provides a means of generating detailed and custom-made reports about the endpoints that are managed by Sophos Enterprise Console. Sophos Reporting Interface allows third-party applications, such as Crystal Reports and SQL Reporting Services to access data in the SQL server stored by Enterprise Console. The required database objects are installed as part of the Enterprise Console database installation. 4

user guide 3 About using Sophos Reporting Interface Important: Sophos Reporting Interface makes Enterprise Console data available to third-party applications. The data may contain confidential information about your users and computers. By using Sophos Reporting Interface you assume the responsibility of the security of the data made available, which includes ensuring the data can only be accessed by authorized users. Besides restricting access to the data retrieved by Reporting Interface, we also strongly recommend that you encrypt connections between any clients and the Enterprise Console database. For more information, see the SQL Server documentation: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager), SQL Server 2012 Encrypting Connections to SQL Server 2008 R2 How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console, SQL Server 2005 Note: In some system environments, additional queries made to the Enterprise Console database whilst accessing the Reporting Interface could impact the performance of other database operations. There may be a noticeable decrease in performance of Enterprise Console during large transfers of data from the Reporting Interface. We recommend using numeric IDs instead of string values if you want to bind any external logic to the data retrieved by Reporting Interface. This will help to avoid potential compatibility issues should any string values change in a future release of Enterprise Console. You can use Reporting Interface with third-party applications such as Microsoft Excel, Microsoft Access, Microsoft SQL Server Reporting Services, or Crystal Reports. For an example on how to use Crystal Reports to access Reporting Interface, see Appendix: Configure Crystal Reports with Reporting Interface (section 6). For shared information on using your own reporting tools, please refer to the Sophos Reporting Interface thread on SophosTalk. 5

Sophos Reporting Interface 4 What information can be accessed? Sophos Enterprise Console records information on: Computers Packages Groups Events Threats 4.1 Computers Computers are the individual endpoints currently being monitored by Enterprise Console and are uniquely identified by their ComputerID. You can access computer information using the following database views: vcomputerhostdata provides information on each computer monitored by Enterprise Console. vpolicycompliancedata lists which policies have been applied to each computer as well as the policy compliance status. 4.2 Groups Groups are a logical grouping of computers made from within Enterprise Console and are uniquely identified by their GroupID. You can access group information using the following database views: vgrouppathandnamedata provides a list of group paths. vcomputergroupmapping lists which computers belong in which groups. 4.3 Packages Packages are particular versions of Sophos Anti-Virus that may be present on the network and are uniquely identified by their PackageID. You can access package information using the following database views: vpackagedata lists the versions of Sophos Anti-Virus that are currently available or have been available in the past. vcomputerpackagemapping lists which package each computer currently has installed. 6

user guide 4.4 Events Events are notifications of events that have occurred on endpoints and are uniquely identified jointly by their EventID and EventTypeID. Events are classified by their type into different categories. veventscommondata provides basic information on all events that have occurred and includes an EventTypeName to denote which of the following views will contain additional category-specific information on the event: 4.5 Threats Application Control using veventsapplicationcontroldata Data Control using veventsdatacontroldata Device Control using veventsdevicecontroldata Firewall using veventsfirewalldata Tamper Protection using veventstamperprotectiondata Web Control using veventswebdata Threat actions using vthreateventdata Threats are files or applications which have been identified as belonging to one of the alert item categories (Viruses/spyware, Suspicious behavior/files, Adware and PUA). They are uniquely identified by their ThreatID. You can access threat information using the following database views: vthreatinstances lists the threats that have been detected on each computer. vthreateventdata provides a list of actions that have been performed in response to threats detected on the network. 4.6 Which datasources are linked? When merging data from multiple views, rows from each view that reference the same entity will need to be joined. This can be achieved by joining the rows that reference the same entity ID numbers. The following diagram shows which fields to use for joining each of the available views. 7

Sophos Reporting Interface 8

user guide 5 Reporting Interface data sources The following data sources are available for Reporting Interface. Note: Letter of the alphabet listed beside a data source is used to represent the data source in the matrix below. A. vcomputerhostdata B. vthreatinstances C. veventscommondata D. veventsapplicationcontroldata E. veventsdatacontroldata F. veventsdevicecontroldata G. veventsfirewalldata H. veventstamperprotectiondata I. veventswebdata J. vthreateventdata K. vcomputergroupmapping L. vgrouppathandnamedata M. vcomputerpackagemapping N. vpackagedata O. vpolicycompliancedata The following matrix shows which data fields are available in which data sources. All date-time columns are returned in UTC in the format "yyyy-mm-dd hh:mi:ss" (24 hours). New Data fields that are available with SEC 5.0 or later versions are highlighted in bold. Data field Data type Data source A B C D E F G H I J K L M N O EventID ThreatID ComputerID Name 9

Sophos Reporting Interface Data field Data type Data source A B C D E F G H I J K L M N O EventTime datetime EventTypeID EventTypeName ReportingName UserName ActionID ActionName ScanTypeID ScanTypeName SubTypeID SubTypeName InsertedAt datetime Domain IPAddress Description LastMessageReceived Time DNSName (SEC 5.2 or later) OperatingSystemID (SEC 5.2 or later) OperatingSystem Name (SEC 5.2 or later) ServicePack (SEC 5.2 or later) ThreatTypeID 10

Data source Data type Data field O N M L K J I H G F E D C B A ThreatTypeName ThreatSubTypeID ThreatSubTypeName Priority ThreatName FullFilePath FileVersion CheckSum datetime FirstDetectedAt RuleName TrueFileType DestinationPath DestinationTypeID DestinationType Name SourcePath FileName DestinationValue long FileSize (SEC 5.0 or later) DeviceTypeID DeviceTypeName Model DeviceID Role 11 user guide

Data source Data type Data field O N M L K J I H G F E D C B A FileName FilePath FileVersion FileChecksum CommandLine Session Desktop Location ProtocolID ProtocolText DirectionID DirectionText LocalAddress RemoteAddress LocalPort RemotePort TargetTypeID TargetTypeText Target RuleID BlockedSite ReferringURL ReasonID (SEC 5.0 or later) 12 Sophos Reporting Interface

user guide Data field Data type Data source A B C D E F G H I J K L M N O ReasonName (SEC 5.0 or later) CategoryID (SEC 5.0 or later) CategoryName (SEC 5.0 or later) ActionTakenID ActionTakenName ScannerTypeID ScannerTypeName StatusID StatusName GroupID PathAndName Depth PackageID Product SAVVersion EngineVersion VirusDataVersion ExpiryTime datetime NotificationTime datetime Expired bit PolicyTypeID PolicyTypeName ComplianceID 13

Sophos Reporting Interface Data field Data type Data source A B C D E F G H I J K L M N O ComplianceName 14

user guide 6 Appendix: Configure Crystal Reports with Reporting Interface This example shows you how to use Crystal Reports version 2008 or later to access Reporting Interface. The Crystal Reports Wizard will automatically link columns with identical names between views that have been included in a report. However, some of the connections must be removed as similarly named columns do not necessarily have identical values for a single log event. For example, the InsertedAt column is present in every view which denotes when each entry was added to the database. However, a single event may have different InsertedAt times for its corresponding entries in each view. If the Crystal Reports Wizard automatically links these columns, the links must be removed to prevent missing data. For information on which data sources are linked, see Which datasources are linked? (section 4.6) To create Reporting Interface connection with Crystal Reports: 1. Open Crystal Reports and create a new connection using OLE DB (ADO) and choose Microsoft OLE DB Provider for SQL Server. 2. Enter the connection information and complete the wizard. Sophos Reporting Interface will now be listed in the available data sources. For information on how to generate custom reports, see the Crystal Reports documentation. For a list of data sources that are available for Reporting Interface, see Reporting Interface data sources (section 5). For more information and examples on using Crystal Reports to access data provided by the Sophos Reporting Interface, see the Sophos knowledge base article 112873 http://www.sophos.com/en-us/support/knowledgebase/112873.aspx. 15

Sophos Reporting Interface 7 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk community at community.sophos.com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at www.sophos.com/en-us/support.aspx. Download the product documentation at www.sophos.com/en-us/support/documentation/. Send an email to support@sophos.com, including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages. 16

user guide 8 Legal notices Copyright 2010 2013 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information