RSA^® enVision Discussions

SandraCarielli · ‎2011-05-31

Please post your entries for the enVision Reporting BASH here.

RSAAdmin · ‎2011-06-09

This report is called Ironport ESA - Attachment Quarantined Report.

I run this report daily to track how many emails with attachments are quarantined daily and for what reason, typically either because they are block protected or because it is an executable attachment.

RSAAdmin · ‎2011-06-26

this is a scheduled weekly report that I run for our NZ operations manager to track his staffs Citrix remote access usage. I also run similar reports for other divisions to track remote access by contractors as well.

JimHarbin · ‎2011-07-01

A couple Motorola AirDefense reports that I have put together since out of the box, the event source is installed for AirDefense but no canned reports come with it.

Similar reports, sorted in a couple different ways. Run against your AirDefense device grouping for the desired time range.

#1 - Sorted by Severity of the Alarm and subsorted by most recent

JimHarbin · ‎2011-07-01

A couple Motorola AirDefense reports that I have put together since out of the box, the event source is installed for AirDefense but no canned reports come with it.

Similar reports, sorted in a couple different ways. Run against your AirDefense device grouping for the desired time range.

#2: Sorted by Category (Rogue, Exploit, etc.)

JimHarbin · ‎2011-07-01

A couple Motorola AirDefense reports that I have put together since out of the box, the event source is installed for AirDefense but no canned reports come with it.

Similar reports, sorted in a couple different ways. Run against your AirDefense device grouping for the desired time range.

#3- Sorted by the potential attacker MAC address. Useful for seeing trends from a MAC address, especially if you have auditors trying multiple methods to get into your system

JimHarbin · ‎2011-07-01

A couple Motorola AirDefense reports that I have put together since out of the box, the event source is installed for AirDefense but no canned reports come with it.

Similar reports, sorted in a couple different ways. Run against your AirDefense device grouping for the desired time range.

#4: Like the previous Category report but this includes the MessageIDs as well. Been using it to see which IDs are tripping the most. There are a couple of IDs that are not parsing correctly out of the box, so this is my "debug" report.

JimHarbin · ‎2011-07-15

We have a dashboard report that shows the top failed Windows logins in the past hour, but sometimes we need a report to show where these devices are failing to log into successfully. This occurs for us when a service account or a mobile user changes a password that somehow gets out of sync on their device or the servers.

So I wrote a simple report that shows, for the specified timeframe, all of the Windows account failed logins and where they failed sorted by the number of time they have failed. This helps me to track down our top offenders.

Run this report for your desired timeframe and against a device set of your AD Domain Controllers that perform user validation.

RSAAdmin · ‎2011-07-20

I use this report to find the devices that are attempting to authenticate to Cisco Secure ACS, but are not configured in the server. So when that pesky network team calls and asks "Why isn't my device authenticating to TACACS?" or "What's wrong with your TACACS server?" you'll have an answer for them.

RSAAdmin · ‎2011-07-27

This report givs you the Virus affected System which are left alone without any actions.

This can be run as Daily / Weekly Report

RSA® enVision Discussions

enVision Reporting BASH: Post Your Entries Here

RSA^® enVision Discussions