Symantec Endpoint Protection 12 リリースアップデート 2（SEP12 RU2）が、FileConnect にアップされました。SEP12 RU2 では、Windows 8、Windows Server 2012、Mac OS 10.8 に対応、さらに VMware 環境での機能強化し、vShield 対応共有インサイトキッシュを標準で提供します。

SEP12 RU2 では、VMware 向けに vShield 対応共有インサイトキャッシュをリリースしました。オプションではなく、標準ライセンスで使用出来ます。共有インサイトキャッシュは仮想サーバー、VDI 環境でスキャンの負荷を劇的に削減します。SEP を使用すれば、サーバー専用の高価な製品は不要で、その上、物理マシンと同じ最新のテクノロジーで高い防御力を実現します。

旧バージョンや、初期の SEP12 からアップグレードするための手順です。SEP11 以降では、クライアントのアップグレードもマネージャーから集中して簡単に実行出来ます。また、グループ単位でスケジュールを組むことも出来ます。

Hello together,

for all who have asked for it or are interested in the capability of the Symantec Messaging Gateway and multiple IPs. In some cases you want to have on SMGs the accountability to use different sending IPs for certain bulk mail or simply separate your entities/customers by outbound IPs.

• Create the virtual IPs you want to use as alias on your Outbound Interface. (Administration - Configuration - Scannername - Ethernet)
  
• Add the virtual IPs to your Delivery Configuration and map it to the according domains in the "Non-Local SMTP Delivery Bindings Per Domain". (Administration - Configuration - Scannername - SMTP - Advanced Settings - Delivery)
  
• Save the settings

Now you have the possibility in using "special" IPs for such emails that should be in a way secluded from your regular mail flow.

Hope this helps

cheers,
  toby

IT Analytics offers customers unparalleled flexibility in the way they visualize, analyze, and consume their business critical data. In addition to providing users a valuable and comprehensive reporting solution out of the box, IT Analytics’ flexible architecture and use of standard technologies gives users several options for report creation. This article outlines the various way the same report can be created within IT Analytics Symantec Endpoint Protection Content Pack.

Creating a Report – Pivot Table

This example shows how to create a report showing computers with critical patches through using the pivot table cube viewer in IT Analytics.

1. In the Symantec Management Platform console, select: Reports > All Reports
2. Open the IT Analytics folder and then expand the Cubes folder
3. Select the SEP Alerts Cube
4. Click anywhere inside the cube to display the Field List
5. Drag and drop the Alerts total into the 'Drop Totals or Details Fields Here' data pane

6. Drag and drop the Virus – Threat Location attribute into the ‘Drop Row Fields Here’ pane.

7. Drag Virus – Threat Location up into the ‘Drop Filter Fields Here’ pane. Click on the downward facing triangle next to the Virus – Threat Location header to filer the result set. Uncheck (All) and select Heuristic. Then click OK.

8. Drag and drop the Alert – Actual Action attribute into the ‘Drop Totals or Details Fields Here’ data pane.

The above example illustrates the ease of use with creating a report in IT Analytics, without previous knowledge of the Symantec Endpoint Protection Manager database schema or requiring any other programming skills. This very specific view can be saved for re-use or can be shared with other individuals in the organization.

Creating a Report – Excel

This example shows how to export a pivot table view from IT Analytics and work with it in Microsoft Excel.

1. Staying with the above example without modifying the pivot table orientation, click the Export to Excel button  in the toolbar of the pivot table browser. Note that to complete this step Excel must be installed on the computer you are accessing the console from.

2. You should see the same report that was created in the pivot table format now within Excel. Note that even in Excel the same capabilities that were seen in the Symantec Management Platform console still exist, along with all the measures and dimensions that were available.
3. Locate and click the Computer – Operating System attribute from the PivotTable Field List pane on the right.

4. To regroup this report by Operating System Name first, click on the downward facing triangle next to the Computer – Operating System field in the Row Labels window in the bottom right, and select Move to Beginning.

5. This will reorder the report to group computers by Operating System.

Creating a Report – Report Builder

This example includes building a report utilizing IT Analytics cubes in Microsoft Report Builder. Report Builder is a component included with SQL Server Reporting Services that allows ad-hoc reporting functionality, enabling end users to build their own reports and charts.  Report Builder uses wizard driven steps to easily connect to data sources and locate the desired fields for creating a report. Users can then publish these reports back into the Symantec Management Platform console for viewing, as well as other venues like SharePoint and Reporting Services. For more information on using Report Builder, please see the Microsoft website.

1. Within the Symantec Management Platform console, navigate to: Settings > Notification Server > IT Analytics, then click on Reports in the left menu tree.
2.  Click the Report Builder tab and then the Launch Report Builder button. 

3. Allow a few minutes for the application to load. Note that depending on which version of SQL Server you have, you may have a different version of Report Builder. This example covers Report Builder 3.0, which comes standard with SQL Server 2008 SP2 or higher. Note that while SQL Server 2005 meets the minimum prerequisites for installation of IT Analytics, it will only include Report Builder 1.0. If possible, Symantec strongly recommends using SQL Server 2008 SP2 or higher to take advantage of new features included in Report Builder 3.0 for a more robust custom report authoring experience. 

4. From the Getting Started screen, select Table or Matrix Wizard

5. In the next step you will be prompted to choose a dataset. A dataset includes the desired fields and values to populate the report, similar to how the totals and attributes were selected when building a pivot table view in the first example. If this is the first time Report Builder has been used there will most likely be no dataset to choose from.  Make sure the Create a dataset radio button is selected and click Next.

6. The next step will prompt you to choose a connection to a data source. A data source is the repository where the data for the report is stored. In the case of IT Analytics, the data is stored in the Microsoft Analysis Services Database specified when IT Analytics was installed. If you do not know the Analysis Services Database name,  the server where it resides, or have the credentials necessary to connect to it please contact your Altiris Administrator.

7. To create a new data source, click the Browse button and navigate to the ReportServer/IT Analytics folder on the server that houses SQL Reporting Services. Within that folder there will be a data source called ITAnalytics. Select this as the data source for the report and click Open.

8. Verify that the data source you just browsed to is displayed on the next screen of the wizard.

9. Ensure the connection to the data source is valid by clicking the Test Connection button in the lower right of the wizard. Assuming the test succeeded, you should see the following message:

10. Click Next and you will be prompted to design a query, which will make up the data set for the report. 

11. Click the  button toward the top of the window and select the Sep Alerts cube.

12. Now we can drag and drop fields the same way we did in the pivot table report from the first example. Expand Measures and Alerts, then drag the Alerts into the main query window.

13. Expand the Alert attribute and drag Alert – Actual Action into the query window.

14. Expand the Computer attribute and drag Computer – Operating System into the query window, just before Alert – Actual Action.

15. Expand the Virus attribute and drag Virus – Threat Location to the filter section, which is directly above the main query window.

16. Check the Parameter box and under the Filter Expression dropdown, only select Heuristic and click OK. This will prompt the report to automatically filter by the heuristic virus threat location when executed.

17. Click Next to complete the creation of the data set.
18. The next step will prompt you to arrange the fields to display properly in the table. Drag Alerts to the Values window and drag Computer__Operating System and Alert__Actual_Action to the Row Groups window. When completed, click Next.

19. The next step will prompt you to choose the layout of the report. Accept the default settings and click Next.

20. The next step will prompt you to select a style for the report. Choose a color scheme you prefer and click Finish.

21. You should see a sample table on the report canvas. The data source and data set that display on the left navigation have already been created for you via the wizard. Rename the title of the report to Heuristic Alerts by Operating System and Alert Action.

22. Resize the font of the title so that it fits within the given area. Also, widen the columns of the table so that you can read the column headers. You can do this in the same way you would with Excel, simply click on the line between the columns, and when a grey bar appears at the top of the table, then expand by dragging the columns.

23. Preview the report by click the Run button.

24. The report that displays should look similar to both the pivot table report in IT Analytics and Excel. Expand Computer Operating System to identify which heuristic alert actions apply.

25. Select the Design button to go back to the Design view.

26. Click the  icon in the Report Builder toolbar to save this report to Reporting Services IT Analytics folder and name it ‘Heuristic Alerts by Operating System and Alert Action’.

27. To link this report into the Symantec Management Platform console open the console then navigate to the Reports > IT Analytics > Reports folder.
28. Right-click on the Reports folder and select New > IT Analytics Report.

29. In the Report Type dropdown box, select Report and then in the Report Name dropdown select the Heuristic Alerts by Operating System and Alert Action report. Then click the Add Report button.

30. You should see a message saying that the report was added successfully.

31. Refresh your browser and expand the Reports folder.
32. Locate and select the report you just added.

Conclusion

IT Analytics provides users several ways to author custom reports, from simple drag-and-drop views to leveraging proven 3rd party applications, all in an effort to deliver flexible and robust reporting. Creating the above examples without IT Analytics would require advanced knowledge of the underlying database schema, as well as proficiency in writing SQL queries. By utilizing IT Analytics and the techniques described above, users can significantly expand their options for custom reporting with very little effort or programming experience. 

This section will dive into advanced report creation in IT Analytics Symantec Endpoint Protection Content Pack using Microsoft Report Builder to create and publish a SQL Server Reporting Services report.

Report Builder is a component of SQL Server Reporting Services that allows ad-hoc reporting functionality, enabling end users to build their own reports and charts. Users can then publish these reports into Reporting Services where they can be accessed, viewed and incorporated back into IT Analytics alongside existing reporting.

NOTE: Although the output produced by Report Builder is integrated with IT Analytics, the tools and subsequent query language behind it are separate Microsoft entities and are thereby outside the default capabilities of the IT Analytics product itself.

Creating a Custom Dashboard

In this example we will create a custom dashboard that displays the number of alerts by virus threat type.

1. Within the Symantec Management Platform console, navigate to: Settings > Notification Server > IT Analytics, then click on Reports in the left menu tree, then click the Report Builder tab and then the Launch Report Builder button. 

2. Allow a few minutes for the application to load. Note that depending on which version of SQL Server you have, you may have a different version of Report Builder. This example covers Report Builder 3.0, which comes standard with SQL Server 2008 SP2 or higher. Note that while SQL Server 2005 meets the minimum prerequisites for installation of IT Analytics, it will only include Report Builder 1.0. If possible, Symantec strongly recommends using SQL Server 2008 SP2 or higher to take advantage of new features included in Report Builder 3.0 for a more robust custom report authoring experience. 

3. From the Getting Started screen, select Blank Report, then click on the report body and in the Properties pane, expand Size and set the Width to 11in and Height to 8.5in.

4. Click on the text ‘Click to add title’ and type in Symantec Endpoint Protection Alerts Dashboard.

5. In the Report Data pane, right-click on Data Sources and select Add Data Source.

6. Enter ITAnalytics as the data source name and select the ‘Use a connection embedded in my report’ radio button.

7. Click on the dropdown for ‘Select connection type’ and select Microsoft SQL Server Analysis Services.

8. Click the Build button in the Data Source Properties window.
9. In the Connection Properties window, enter . for the Server name, select IT Analytics as the database and click OK. This assumes you are running Report Builder on the same server where the SQL Analysis Server is hosted. If not, specify that server and add in the appropriate credential information. 

10. Click OK in the Data Source Properties window.
11. Right-click on Datasets and select Add Dataset.

12. In the Dataset Properties window, select the ‘Use a dataset embedded in my report’ radio button, click on the dropdown for Data source and select ITAnalytics.

13. Click the Query Designer button in the Dataset Properties window.
14. Click the cube selector on the upper left part of the Query Designer.

15. Select SEP Alerts from the Cube Selection window.

16. In the Metadata pane of the Query Designer window, expand Measures > Alerts.

17. Drag the Alerts measure to the query pane.

18. Drag and drop the Virus – Threat Type attribute to the query pane.

19. Click OK in the Query Designer window and the Dataset Properties window to go back to the main report builder window.
20. Click on Insert in the report builder menu and select Chart and Chart Wizard.

21. In the New Chart window, select DataSet1 and click Next.

22. Select Pie under Chart Type and click Next.

23. From Available fields, drag Virus___Threat_Type to the Series pane and Alerts to the Values pane and click Next.

24. Select Generic under the Styles pane and click Finish.

25. Right-click on Chart Title and select Title Properties.

26. Change Title text to Alerts by Virus Threat Type or something appropriate and click OK.

27. Right-click on the legend area and select Legend Properties.

28. In the Legend Properties, set the following settings:

• Layout:  Column
• Legend position:  Bottom, centered

29. Click OK.
30. Select the chart and in the Properties pane, expand size and set Width to 5in and Height to 3in.

31. Preview the report by clicking the Run Report button in the toolbar and make any other adjustments.

32. After selecting the Run Report button you will be presented with a preview of your report with realtime data.

33. Select the Design button on the toolbar to return to the Design view.

34. Click the  icon in the Report Builder toolbar to save this report to Reporting Services IT Analytics folder and name it ‘Symantec Endpoint Protection Alerts Dashboard’.

35. To link this report into the Altiris Console Open the Altiris Console from the shortcut on your desktop then navigate to the Reports > IT Analytics > Dashboards folder.
36. Right-click on the Dashboards folder and select New > IT Analytics Report.

37. In the Report Type dropdown box, select Dashboard.

38. In the Report Name dropdown box locate and select the report you just saved and click the Add Report button.

39. Refresh your browser and expand the Dashboards folder.
40. Locate and select the report you just added.

Optional - Adding Another Chart to the Dashboard

In this example we will add an additional report to the dashboard created in above.

1. In Report Builder, repeat steps 11 to 19 from exercise 4 to create another Dataset, but instead of using the measure, Alerts in step 17 and the attribute Virus – Threat Type in step 18, use Computers for the measure and Alert – Source for the attribute.

2. Repeat steps 20 to 30 to create a second chart.  Use Dataset2 for step 21 instead of Dataset1.  For step 23, drag Alert___Source to the Series pane and Computers to the Values pane.  For step 26, name the chart Computers by Alert Source.

3. Move the newly inserted chart to the right of the Alerts by Virus Threat Type chart by dragging the chart using the move icon on the upper left corner of the chart.

4. Click the  icon in the Report Builder toolbar to save this report.
5. Open the Altiris Console from the shortcut on your desktop then navigate to the Reports > IT Analytics > Dashboards folder.
6. Locate and the report you just updated.

Optional - Add a Date Range Selector (Advanced)

In this example we will add a date range selector to the dashboard created above.

1. In Report Builder, right click on the Datasets folder and select Add Dataset.
2. Specify dFrom for the name and select Use a dataset embedded in my report then select your data source from the dropdown list.

3. Click Query Designer then click the  icon.

4. Replace the SELECT statement with this one and select OK:

WITH

MEMBER  [Measures].[Date] AS 'CDate(Format(DateAdd(‘d’, -90, Now()), ‘yyyy-MM-dd 00:00:00’))'

SELECT [Measures].[Date] ON COLUMNS

FROM [SEP Alerts]

5. Right click on the Datasets folder and select Add Dataset.
6. Specify dTo for the name and select Use a dataset embedded in my report then select your data source from the dropdown list.

7. Click Query Designer then click the  icon.

8. Replace the SELECT statement with this one and select OK:

WITH

MEMBER  [Measures].[Date] AS 'CDate(Format(Now(), ‘yyyy-MM-dd 00:00:00’))'

SELECT [Measures].[Date] ON COLUMNS

FROM [SEP Alerts]

9. Right click on the Parameters folder and select Add Parameter.
10. Enter pFrom in the Name field,  Start in the Prompt field and Date/Time in the Data type dropdown then click on Default Values.

11. Select Get values from a query and enter select  dFrom as the Dataset and Date in the Value field, click OK.

12. Right click on the Parameters folder and select Add Parameter.
13. Enter pTo in the Name field,  End in the Prompt field and Date/Time in the Data type dropdown then click on Default Values.

14. Select Get values from a query and enter select  dTo as the Dataset and Date in the Value field, click OK.

15. Right click on dataset1 and select Query, then click .

16. Replace the SELECT statement with this one:

SELECT NON EMPTY

{

                [Measures].[Alerts]

} ON COLUMNS,

NON EMPTY

{

                ([Virus].[Virus - Threat Type].[Virus - Threat Type].ALLMEMBERS )

} ON ROWS

FROM ( SELECT ( STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pFrom), ‘yyyy-MM-dd’) + ‘]’) : STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pTo), ‘yyyy-MM-dd’) + ‘]’) ) ON COLUMNS

FROM [SEP Alerts])

17. Click on the Parameters button .
18. Enter the Parameters indicated below and ensure the default values are specified, click OK.

19. Click OK.

20. Right click on dataset2 and select Query, then click  

21. Replace the SELECT statement with this one:

SELECT NON EMPTY

{

                [Measures].[Computers]

} ON COLUMNS,

NON EMPTY

{

                ([Alert].[Alert - Source].[Alert - Source].ALLMEMBERS )

} ON ROWS

FROM ( SELECT ( STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pFrom), ‘yyyy-MM-dd’) + ‘]’) : STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pTo), ‘yyyy-MM-dd’) + ‘]’) ) ON COLUMNS

FROM [SEP Alerts])

22. Click on the Parameters button .
23. Enter the Parameters indicated below and ensure the default values are specified, click OK.

24. Click OK.

25. Click the  icon to save your report.
26. Return to your dashboard in the SMP Console and adjust the date range to modify the result set (seen at the top of the report).

IT Analytics offers customers unparalleled flexibility in the way they visualize, analyze, and consume their business critical data. In addition to providing users a valuable and comprehensive reporting solution out of the box, IT Analytics’ flexible architecture and use of standard technologies gives users several options for report consumption. This article outlines creating report subscriptions using SQL Reporting Services so that reports can be delivered via e-mail to specific users on a set schedule.

NOTE: This article assumes IT Analytics is already installed and configured, and that you have the proper rights to SQL Reporting Services. 

Creating a Subscription

1. On the server hosting SQL Reporting Services, open a web browser and go to the following URL: http://localhost/Reports/
2. Click on the IT Analytics folder.

3. Locate the report or dashboard you would like to subscribe to, in our example we will use the Computer Inventory Dashboard, however you can select any report from any the installed content packs (SEP, DLP, CSP, ServiceDesk or Altiris Client Server Management). Once you have located the desired report, click the downward facing triangle and select Subscribe.

4. Specify Windows File Share in the Delivered by field, assign a File Name, Specify a UNC Path, select a Render Format, provide credentials to access the file share, and specify appropriate overwrite options.

5. Click on the Select Schedule button to define the subscription schedule.

6. Define the schedule as required and select OK.

7. If your report or dashboard contains parameters, specify them as required, in our case we will select the Use Default options, then click OK.

8. Navigate to the UNC path specified above to view the subscription (will be empty until the execution time has occurred).

9. View your report to ensure it appears as expected.

Modifying an Existing Subscription (E-mail Delivery Option)

In this section, we will modify the subscription previously created to send an email instead of posting to a UNC share. In order to use this functionality, SQL Reporting Services must have properly configured E-Mail settings.

1. On the server hosting SQL Reporting Services, navigate again to the Report Server home page http://localhost/Reports/
2. In the upper right hand corner of the page click on My Subscriptions.

3. Click the Edit link next to Computer Inventory Dashboard.

4. Change the Delivered by option to E-Mail and specify the To address as required.

5. Click on the Select Schedule button to define the subscription schedule.

6. Define the schedule as required and select OK.

7. If your report or dashboard contains parameters, specify them as required, in our case we will select the Use Default options, then click OK.

8. At the scheduled time, the report will be emailed to recipients specified in step 4.

Symantec Endpoint Protection Small Business Edition 2013

A virus or malware attack can destroy your business in minutes. Symantec Endpoint Protection Small Business Edition 2013 protects it just as fast. It’s the simple, fast and effective way to give your business the world-class protection from Symantec.

Symantec Endpoint Protection Small Business Edition 2013 is a truly Cloud-managed solution. What that means to you is simplicity; simpler installation, and simpler management. Everything happens over the Web, effortlessly delivering critical protection to laptops, desktops, and file servers. Updates happen seamlessly and automatically, saving you time and hassle, and you always know you’re protected against the latest batch of viruses or malware. Managing Symantec Endpoint Protection Small Business Edition 2013 is easier too, thanks to our web-based console where you can change security settings, set up alerts, and view reports with just a few clicks.

Without the need for special hardware or servers, you benefit from low upfront costs and protection that can stay in step with you easily as your business grows. Symantec Endpoint Protection Small Business Edition 2013 is mobile too, ensuring up-to-date protection for your laptops even when you or your staff are on the road.

Not quite ready for the Cloud? Ask about the on-premise management option of Symantec Endpoint Protection Small Business Edition 2013 that you can install and manage on your own servers. When the time is right, you can transition to the Cloud at no additional cost.

Thanks to Symantec Endpoint Protection Small Business Edition 2013, you have easy tools to help you protect your business—while still being free to run your business.

Features:

• Simple, fast and effective protection against viruses and malware
• Available as a cloud-managed service or as an on-premise management application
• Easy setup and wsed management
• Symantec Insight and SONAR technologies detect new and rapidly mutating malware stopping malicious behavior, including new and previously unknown threats
• Simple subscription pricing covers either management choice

Benefits:

• Fast and effective scans protects against viruses, worms, Trojans, spyware, and won’t slow down your systems so you can focus on running your business
• Gain flexibility to enjoy the power and convenience of a cloud-managed service with always-on protection or manage on-site with a server
• Save on time and labor with set up in just minutes with no additional hardware, and no special staff or training required
• Strong core security technologies from a world-leader in security technologies
• A single subscription fee flattens operating costs and covers maintenance, service updates and 24x7 support, regardless of whether you opt for the cloud-managed service or on-premise management.

How Symantec Endpoint Protection Small Business Edition 2013 works.

System Requirements

To know more check here.. 

Symantec Endpoint Protection Small Business Edition 2013

http://www.symantec.com/endpoint-protection-small-business-edition-2013

VIDEO: 

https://www-secure.symantec.com/connect/videos/symantec-endpoint-protection-small-business-edition-2013-0

Datasheets Attached:

• Symantec Endpoint Protection Small Business Edition 2013

          Running your business in a smarter and more secure way.

• Symantec Endpoint Protection Small Business Edition 2013 - Customer FAQ

          Frequently Asked Questions about Symantec Endpoint Protection Small Business Edition 2013

Whitepapers Attached

• Taking a Comprehensive Approach to Cloud Security

          You can better protect your data, reduce costs, and make your security infrastructure more flexible and easier to manage.

This example includes building a dashboard utilizing IT Analytics cubes in Microsoft Report Builder. Report Builder is a component included with SQL Server Reporting Services that allows ad-hoc reporting functionality, enabling end users to build their own reports and charts.  Report Builder uses wizard driven steps to easily connect to data sources and locate the desired fields for creating a report. Users can then publish these reports back into the Symantec Management Platform console for viewing, as well as other venues like SharePoint and Reporting Services. For more information on using Report Builder, please see the Microsoft website.

NOTE: Although the output produced by Report Builder is integrated with IT Analytics, the tools and subsequent query language behind it are separate Microsoft entities and are thereby outside the default capabilities of the IT Analytics product itself.

Creating a Custom Dashboard

In this exercise we will create a custom dashboard that displays the number incidents by type and severity.

1. Within the Symantec Management Platform console, navigate to: Settings > Notification Server > IT Analytics, then click on Reports in the left menu tree, then click the Report Builder tab and then the Launch Report Builder button. 

2. Allow a few minutes for the application to load. Note that depending on which version of SQL Server you have, you may have a different version of Report Builder. This example covers Report Builder 3.0, which comes standard with SQL Server 2008 SP2 or higher. Note that while SQL Server 2005 meets the minimum prerequisites for installation of IT Analytics, it will only include Report Builder 1.0. If possible, Symantec strongly recommends using SQL Server 2008 SP2 or higher to take advantage of new features included in Report Builder 3.0 for a more robust custom report authoring experience. 

3. From the Getting Started screen, select Blank Report, then click on the report body and in the Properties pane, expand Size and set the Width to 11in and Height to 8.5in.

4. Click on the text ‘Click to add title’ and type in Admin Dashboard.

5. In the Report Data pane, right-click on Data Sources and select Add Data Source.

6. Enter ITAnalytics as the data source name and select the ‘Use a shared connection in my report’ radio button.

7. Click the Browse button and navigate to the IT Analytics directory, then select the ITAnalytics data source.

8. Click the Test Connection button and verify the data source has a valid connection.
9. Click OK to close the window and complete the creation of the data source.

10. In the Report Data pane on the left, right-click on Datasets and select Add Dataset.

11. In the Dataset Properties window, rename this as ‘AdminEvents’ then select the ‘Use a dataset embedded in my report’ radio button, click on the dropdown for Data source and select ITAnalytics.

12. Click the Query Designer button in the Dataset Properties window.
13. Ensure that the DLP Administrative Events cube is selected in the cube selector window (upper left).

14. In the Metadata pane of the Query Designer window, expand Measures > Administrative Events, then drag the Administrative Events Count measure to the query pane.

15. Expand DLP Administrative Event dimension and drag and drop the Event - Username attribute to the query pane.

16. Expand DLP Administrative Event Date dimension and drag and drop the Administrative Event Date - Quarter attribute to the query pane.

17. From the DLP Administrative Event dimension drag and drop the Event – Entity attribute to the filter pane, located just above the query section.

18. Ensure the Parameter checkbox is selected and in the Filter Expression dropdown select ‘Incident’ and click OK. This will change the result set in the query window.

19. From the DLP Administrative Event dimension drag and drop the Event – Action attribute to the filter pane, just below the filter you previously added.

20. DO NOT select the Parameter checkbox for this filter and in the Filter Expression dropdown select ‘View, Status Changed and Delete’ and click OK.      

21. Click OK in the Query Designer window and the Dataset Properties window to go back to the main report builder.
22. Click on Insert in the report builder menu and select Chart and Chart Wizard.

23. In the New Chart window, select AdminEvents and click Next.

24. Select Pie under Chart Type and click Next.

25. From Available fields, drag Administrative_Events_Count to the Values pane and Administrative_Event_Date___Quarter and Event___Username to the Series pane and click Next.

26. Select Generic under the Styles pane and click Finish.

27. Drag the width of the chart space out to the right and then right-click on Chart Title and select Title Properties.

28. Change Title text to Incident Views by User or something appropriate and click OK.

29. Right-click on the pie chart and select 3D Effects.

30. Ensure that the Enable 3D checkbox is selected.

31. Right-click on the pie chart again and select Show Data Labels.

32. Preview the report by clicking the Run report button in the toolbar and make any other adjustments.

33. After selecting the View Report button you will be presented with a preview of your report with realtime data.

34. Select the Design button on the toolbar to return to the Design view.

35. Click the   icon in the Report Builder toolbar to save this report to the Reporting Services IT Analytics folder and name it ‘DLP Admin Dashboard’.

36. To link this report into the Altiris Console Open the Altiris Console from the shortcut on your desktop then navigate to the Reports > IT Analytics > Dashboards folder.
37. Right-click on the Dashboards folder and select New > IT Analytics Report.

38. In the Report Type dropdown box, select Dashboard, ensure the IT Analytics folder is selected and then locate and select the report you just saved. Make the Parameter Area Initially Visible and click the Add Report button.

39. Wait to see a message that your report was added successfully, then close the pop up window.

40. Refresh your browser and expand the Dashboards folder.
41. Locate and select the report you just added.

SQL Server Analysis Services has a wide range of advanced security opportunities. You can explore these opportunities through the SQL Server Management Studio. One such feature is the ability to filter the data that a role has access to by restricting access to specific members of a dimension.

For example, you can restrict access for the IT Analytics Users role to return the cube data only for entries within the DLP Policy Group for Data at Rest. Here we will assume you at least have granted access to the Computer cube for the IT Analytics Users role.

 To filter a role-based cube

1. In SQL Server Management Studio, in the IT Analytics analysis services database, navigate to the Properties for the IT Analytics Users role.
2. In the Edit Role dialog box, navigate to the Dimension Data page.
3. In the Dimension drop-down list, click the DLP Policy Group dimension and select OK. 

IT Analytics offers customers unparalleled flexibility in the way they visualize, analyze, and consume their business critical data. In addition to providing users a valuable and comprehensive reporting solution out of the box, IT Analytics’ flexible architecture and use of standard technologies gives users several options for report creation. This article outlines the various way the same report can be created within IT Analytics Data Loss Prevention Content Pack.

Creating a Report – Pivot Table

This example shows how to create a report showing high severity incidents by type through using the pivot table cube viewer in IT Analytics.

1. In the Symantec Management Platform console, select: Reports > All Reports
2. Open the IT Analytics folder and then expand the Cubes folder
3. Select the Incident Summary Cube.
4. Click anywhere inside the cube to display the Field List.
5. Drag and drop the Incident Count totals into the “Drop Totals or Details Fields Here” data pane.

6. Drag and drop the Incident - Severity attribute into the “Drop Row Fields Here” pane.

7. Drag Incident – Severity up into the “Drop Filter Fields Here” pane. Click on the downward facing triangle next to the Incident – Severity header to filer the result set. Uncheck all severity levels except High. Then click OK.

8. Drag and drop the Incident - Type attribute into the “Drop Totals or Details Fields Here” data pane.

9. Right-click on the Incident - Count column header and select Sort Descending. This will sort the number of high incidents by type.

The above example illustrates the ease of use with creating a report in IT Analytics, without previous knowledge of the DLP Enforce database schema or requiring any other programming skills. This very specific view can be saved for re-use or can be shared with other individuals in the organization.

Creating a Report – Excel

This example shows how to export a pivot table view from IT Analytics and work with it in Microsoft Excel.

1. Staying with the above example without modifying the pivot table orientation, click the Export to Excel button  in the toolbar of the pivot table browser. Note that to complete this step, Excel must be installed on the computer you are accessing the console from.

2. You should see the same report that was created in the pivot table format now within Excel. Note that even in Excel the same capabilities that were seen in the Symantec Management Platform console still exist, along with all the measures and dimensions that were available.
3. Locate and click the Incident – Status attribute from the PivotTable Field List pane on the right.

4. To regroup this report by Status first, click on the downward facing triangle next to the Incident - Status field in the Row Labels window in the bottom right, and select Move to Beginning.

5. This will reorder the report to group Incidents by Status.

6. You can then drill down within each status and see the same High incidents by specific status.

Creating a Report – Report Builder

This example includes building a report utilizing IT Analytics cubes in Microsoft Report Builder. Report Builder is a component included with SQL Server Reporting Services that allows ad-hoc reporting functionality, enabling end users to build their own reports and charts. Report Builder uses wizard driven steps to easily connect to data sources and locate the desired fields for creating a report. Users can then publish these reports back into the Symantec Management Platform console for viewing, as well as other venues like SharePoint and Reporting Services. For more information on using Report Builder, please see the Microsoft website.

1. Within the Symantec Management Platform console, navigate to: Settings > Notification Server > IT Analytics, then click on Reports in the left menu tree.
2. Click the Report Builder tab and then the Launch Report Builder button. 

3. Allow a few minutes for the application to load. Note that depending on which version of SQL Server you have, you may have a different version of Report Builder. This example covers Report Builder 3.0, which comes standard with SQL Server 2008 SP2 or higher. Note that while SQL Server 2005 meets the minimum prerequisites for installation of IT Analytics, it will only include Report Builder 1.0. If possible, Symantec strongly recommends using SQL Server 2008 SP2 or higher to take advantage of new features included in Report Builder 3.0 for a more robust custom report authoring experience. 

4. From the Getting Started screen, select Table or Matrix Wizard

5. In the next step you will be prompted to choose a dataset. A dataset includes the desired fields and values to populate the report, similar to how the totals and attributes were selected when building a pivot table view in the first example. If this is the first time Report Builder has been used there will most likely be no dataset to choose from.  Make sure the Create a dataset radio button is selected and click Next.

6. The next step will prompt you to choose a connection to a data source. A data source is the repository where the data for the report is stored. In the case of IT Analytics, the data is stored in the Microsoft Analysis Services Database specified when IT Analytics was installed. If you do not know the Analysis Services Database name,  the server where it resides, or have the credentials necessary to connect to it please contact your Altiris Administrator.

7. To create a new data source, click the Browse button and navigate to the ReportServer/IT Analytics folder on the server that houses SQL Reporting Services. Within that folder there will be a data source called ITAnalytics. Select this as the data source for the report and click Open.

8. Verify that the data source you just browsed to is displayed on the next screen of the wizard.

9. Ensure the connection to the data source is valid by clicking the Test Connection button in the lower right of the wizard. Assuming the test succeeded, you should see the following message:

10. Click Next and you will be prompted to design a query, which will make up the data set for the report. 

11. Click the  button toward the top of the window and select the DLP Incidents Summary cube.

12. Now we can drag and drop fields the same way we did in the pivot table report from the first example. Expand Measures and Incidents, then drag the Incident Count into the main query window.

13. Expand the DLP Incident Type attribute and drag Incident - Type into the query window.

14. Expand the DLP Incident Status attribute and drag Incident - Status into the query window, just before Incident - Type.

15. Expand the DLP Incident severity attribute and drag Incident – Severity to the filter section, which is directly above the main query window.

16. Check the Parameter box and under the Filter Expression dropdown, only select High and click OK. This will prompt the report to automatically filter by high severity when executed.

17. Click Next to complete the creation of the data set.
18. The next step will prompt you to arrange the fields to display properly in the table. Drag Incident_Count to the Values window and drag Incident__Type and Incident_Status to the Row Groups window. When completed, click Next.

19. The next step will prompt you to choose the layout of the report. Accept the default settings and click Next.

20. The next step will prompt you to select a style for the report. Choose a color scheme you prefer and click Finish.

21. You should see a sample table on the report canvas. The data source and data set that display on the left navigation have already been created for you via the wizard. Rename the title of the report to Incidents with High Severity.

22. Resize the font of the title so that it fits within the given area. Also, widen the columns of the table so that you can read the column headers. You can do this in the same way you would with Excel, simply click on the line between the columns, and when a grey bar appears at the top of the table, then expand by dragging the columns.

23. Preview the report by click the Run button.

24. The report that displays should look similar to both the pivot table report in IT Analytics and Excel. Expand OS types to identify which High Severity Incidents apply.

25. Select the Design button to go back to the Design view.

26. Click the  icon in the Report Builder toolbar to save this report to Reporting Services IT Analytics folder and name it “Incidents with High Severity”.

27. To link this report into the Symantec Management Platform console open the console then navigate to the Reports > IT Analytics > Reports > Data Loss Prevention folder.
28. Right-click on the Reports folder and select New > IT Analytics Report.

29. In the Report Type dropdown box, select Report and then in the Report Name dropdown select the Incidents with High Severity report. Then click the Add Report button.

30. You should see a message saying that the report was added successfully.
31. Refresh your browser and expand the Reports folder.
32. Locate and select the report you just added.

Conclusion

IT Analytics provides users several ways to author custom reports, from simple drag-and-drop views to leveraging proven 3rd party applications, all in an effort to deliver flexible and robust reporting. Creating the above examples without IT Analytics would require advanced knowledge of the underlying database schema, as well as proficiency in writing SQL queries. By utilizing IT Analytics and the techniques described above, users can significantly expand their options for custom reporting with very little effort or programming experience. 

As a central component to IT Analytics Symantec Endpoint Protection Content Pack, SQL Server Analysis Services provides a wide range of advanced security opportunities. You can explore these opportunities through the SQL Server Management Studio. One such feature is the ability to filter the data that a role has access to by restricting access to specific members of a dimension.

For example, you can restrict access for the IT Analytics Users role to return the cube data only for computers with a workstation Operating System installed. Here we will assume you at least have granted access to the EP Computer cube for the IT Analytics Users role.

 To filter a role-based cube

1. In SQL Server Management Studio, in the IT Analytics analysis services database, navigate to the Properties for the IT Analytics Users role.
2. In the Edit Role dialog box, navigate to the Dimension Data page.
3. In the Dimension drop-down list, click the EP Computer dimension and select OK.

4. Select the Deselect all members radio symbol.
5. In the Attribute Hierarchy drop-down list, click Computer – Operating System. 

6. Select the dimension members that you want the role to have access to. In our example, there are three workstation Operating System members. Actual names are specific to each instance of Notification Server. 

7. Navigate to the Advanced tab of the Dimension Data page.
8. Click Enable Visual Totals. This step prevents the role from seeing the aggregate totals that are independent of the configured filtering and restricts aggregations. 

9. Click OK to save the role configuration. Users in the configured role now see the results only for the computers that have a workstation Operating System across all cubes. This filtering is enforced across all means of accessing the cubes including dashboards, cubes, reports, and third-party applications. 

This article serves as a quick reference listing all cube fields (measures and dimensions) within the IT Analytics Symantec Endpoint Protection Content Pack. For the complete list of out-of-the-box reports and dashboards, please see the appendicies within the IT Analytics Symantec Endpoint Protection User Guide.

For the complete cube reference list, as well as a listing of all dimension attributes, please see the PDF files attached to this article.

This article serves as a quick reference listing all cube fields (measures and dimensions) within the IT Analytics Data Loss Prevention Content Pack. For the complete list of out-of-the-box reports and dashboards, please see the appendicies within the IT Analytics Data Loss Prevention User Guide.

For the complete cube reference listing, please see the PDF file attached to this article.

IT Analytics offers users several ways in which they can consume their systems management data. One of the more popular ways to expose IT Analytics data to business users, without granting them access to the Symantec Management Console, is through utilizing some of the rich reporting capabilities within Microsoft SharePoint. This article will provide step by step guidance on creating dashboards using the IT Analytics Data Loss Prevention Content Pack while leveraging Microsoft SharePoint’s PerformancePoint solution. There is also an optional process for including a link to the out-of-the-box IT Analytics reports hosted by SQL Reporting Serivces.

NOTE: This example uses Microsoft PerformancePoint, which is only available in the Enterprise version of SharePoint. If you are running SharePoint Standard you can still add links to IT Analytics default reports and dashboards by simply using the URL exposed by SQL Reporting Services. However, without PerformancePoint you will not be able to create and publish the dashboards outlined below. 

Creating a Dashboard in PerformancePoint

1. Within SharePoint, navigate to the Business Intelligence Center and select the "Create Dashboards"

2. Click "Start using PerformancePoint Services”

3. Click "Run Dashboard Designer"

4. Wait a few moments for the application to launch

5. Select the "Workspace" tab, click "Create" in the ribbon bar and select "Data Source"

6. Select "Analysis Services" and click "OK"

7. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

8. Enter the analysis server “Name”, choose the “IT Analytics” database, select the cube “DLP Incident Summary”, then click “Test Data Source” and ensure the connection succeeds, click “Close”

9. Repeat steps 5 and 6 to add another Data Source
10. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

11. Enter the analysis server“Name”, choose the “IT Analytics” database, select the cube “DLP Administrative Events”, then click “Test Data Source” and ensure the connection succeeds, click “Close”

12. Click the “Save All” icon, specify a location and file name for the project, then press “Save”

13. Click “PerformancePoint Content” in the workspace browser and select the “Workplace” tab and chose “Analytic Chart” from the Create ribbon bar

14. Select the “DLP Incident Summary” data source created in step 8, then click “Finish”

15. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Design" tab

16. From the details pane on the right, expand “Measures” and“Dimensions”

17. Drag “DLP Incident Type Incident – Type” to the “Series” section and the “Incident Count” and “DLP Incident Severity Incident – Severity” to the “Bottom Axis” section. The chart will now display data

18. Right click on the white space in the report, expand “Report Type” and select “100% Stacked Bar Chart”

19. The chart will be refreshed. Right click on a column, expand “Sort” and select “Smallest to Largest”

20. The chart will be refreshed. Click on the downward facing triangle next to “DLP Incident Severity Incident – Severity” and select everything except “Info”, Press “OK”

21. The chart will be refreshed. Click on the “Save All” icon to save your changes

22. Click “PerformancePoint Content” in the workspace browser and select the “_DLP” folder and chose“Analytic Chart” from the Create ribbon bar

23. Select the “DLP Admin Events” data source created in step 11, then click “Finish”

24. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Design" tab

25. From the details pane on the right, expand “Measures” and“Dimensions”

26. Drag “DLP Administrative Event Event – Username” and “DLP Administrative Event Administrative Event Date – Quarter” to the “Series” section, the “Administrative Events Count” to the “Bottom Axis” section, and “DLP Administrative Event Event – Entity” and “DLP Administrative Event Event – Action” to the “Background “ section. The chart will now display data

27. Click on the downward facing triangle next to “DLP Administrative Event Event – Entity”, clear the checkmark in “Default Member (All)”, expand “All” and select “Incident”, then click “OK”. The chart will be refreshed

28. Click on the downward facing triangle next to “DLP Administrative Event Event – Action”, clear the checkmark in “Default Member (All)”, expand “All” and select “Delete”, “Status Change” and “View”, then click “OK”. The chart will be refreshed

29. Right click on the white space in the report, expand “Report Type” and select “Pie Chart”

30. The chart will be refreshed. Click on the “Save All” icon to save your changes

31. Click “PerformancePoint Content” in the workspace browser and select the “_DLP” folder and chose “Reporting Services” from the Create ribbon bar

32. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

33. Enter your “Server Name” and click browse

34. Select “DLP Incident Trend” from the list and click “OK”NOTE: If the report you are selecting contains parameters, you can select from the predefined parameter set in the report itself, the <Default> value is automatically selected

35. Click on the “Save All” icon to save your changes
36. Click on "Dashboard" from the Create ribbon bar, select "2 Rows" as the template then click “OK”

37. Select the "Properties" tab and enter a meaningful Name, Description, and Display Folder, then click on the "Editor" tab

38. From the "Details" pane on the right hand side of the screen, expand "Reports" and browse to the PerformancePoint Content previously created

39. Drag the report “DLP Incidents by Severity and Type” from the Details pane to the "Top Row" pane of the dashboard 

40. Drag the report “DLP Admin Dashboard” from the Details pane to the "Bottom Row" pane of the dashboard 

41. Right click on Top Row and select “Add Right”

42. Drag the report “DLP Incident Trend” from the Details pane to the "Zone 1" pane of the dashboard

43. Right click “Top Row” and select “Zone Settings”

44. Select the “Size” tab and enter “30” in the “Width” box, then select “OK”

45. Your dashboard should look like this now. Click on the “Save All” icon to save your changes

46. Click on the Home button and select "Deploy"

47. In the "Deploy To" dialog box, select "Include page list for navigation" and select "OK"

48. Once the Dashboard is deployed, it will automatically be opened in Internet Explorer to view

49. To access the dashboard from the Business Intelligence Center, click on the "Dashboards" link and then click on your dashboard

50. Click on the "Name" hyperlink to display the dashboard

Linux is Growing Ever More Popular

Over the past twenty years, the Linux OS has secured a foothold in the market.  Now its popularity is growing faster than ever before.  Estimates indicate that five percent of all computers are running some disto of Linux, including more than 90% of today's most powerful supercomputers.  

The number of questions about Symantec AntiVirus for Linux (the current protection client for Linux which ships with Symantec Endpoint Protection) keeps growing, too.  So, following on SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide, here is a second article in the series which describes the various ways to configure your SAVFL client.

Choices, choices, choices....

SAV for Linux uses a local configuration database to store configuration data for the product.  This is a binary file rather than text-based, so changing settings is not as easy as editing an .ini or .cfg file, and there's really no setting that can be changed through the savtray GUI.  Other tools are necessary.

SAVFL can be configured from the command line, by dropping on a GRC.DAT file, or by changing settings using an unsupported tool called xsymcfg.

Be extremely careful when performing any manual configuration: invalid entries or typos may cause SAVFL to stop functioning correctly, potentially resulting in the infection of a key Linux server! 

Command Line

The Symantec AntiVirus for Linux Implementation Guide has an extensive section on "Using the sav CLI to interact with Symantec AntiVirus"

You can use the sav CLI to perform the following tasks:

• enable and disable Auto-Protect
• start and schedule LiveUpdates and view the current LiveUpdate schedule
• start and stop manual scans
• create, delete, enable, and disable scheduled scans
• view a list of scheduled scans and detailed information about each scan
• display items and act on items in the local Quarantine
• roll back to a previous version of virus and security risk definitions
• use the latest version of local virus and security risk definitions
• display general product information

There is a symcfg command line tool which can change the settings of SAVFL: symcfg can be used to display, create, remove, and change the value of data that is stored in the product's settings database.

For example: suppose it is desired to check what settings are present regarding the scheduled LiveUpdate task.  Using sudo, from the /opt/Symantec/symantec_antivirus directory, use the command ./symcfg -r list -k 'Symantec Endpoint Protection\AV\PatternManager'

The results are displayed on screen.  These can also be piped out to a text file if needed.

To disable LiveUpdate, change the Enabled value from 1 to 0:

./symcfg add -k '\Symantec Endpoint Protection\AV\PatternManager\Schedule' -v Enabled -t REG_DWORD -d 0

Re-enable it:
 
./symcfg add -k '\Symantec Endpoint Protection\AV\PatternManager\Schedule' -v Enabled -t REG_DWORD -d 1

Be very careful when adding or deleting anything via symcfg!  Values will be overwritten or removed without any "Are you sure?" prompt.

GRC.DAT

Back in the SAV 10.1 days, there way a file called GRC.DAT which served roughly as the equivalent of the sylink.xml file in today's SEP 11 and SEP 12.1.  This file could be copied from the correct Windows or NetWare SAV server and dropped onto Windows SAV clients, and the various settings would be set or restored.  This same technology was built into SAV for Linux: instead of being copied from the SAV server, though, the GRC.DAT files are built using a ConfigEd.exe tool on a Windows machine.

Here is an overview of how the process works:  

How to configure Symantec AntiVirus for Linux using a GRC.DAT file
Article URL http://www.symantec.com/docs/TECH93386 
 

... and here is a proposed enhancement request for an updated ConfigEd tool.  The existing tool offers only partial functionality unless it is installed on a Windows-based SAV machine.

Update Configuration Editor (ConfigEd) Tool for SAVFL
https://www-secure.symantec.com/connect/ideas/update-configuration-editor-configed-tool-savfl

Once a GRC.DAT file is ready, it is copied into the /var/symantec directory.  Be sure that ownership and permissions on the file are not restrictive!  A valid GRC.DAT will be processed automatically after a few minutes, or it can be processed immediately if a command is run:

sudo /opt/Symantec/symantec_antivirus/symcfg add -k 'Symantec Endpoint Protection\AV\ProductControl' -v ProcessGRCNow -d 1 -t REG_DWORD

The GRC.DAT file disappears when it has been successfully read and inserted into the SAVFL client's configuration database.

xsymcfg

The unsupported xsymcfg tool is located in /opt/Symantec/symantec_antivirus/unsupported directory.  Just in case this article has not been clear, this tool is handy but it is unsupported.  Use it at your own risk, because Technical Support will not be able to help reverse any damage done if xsymcfg is used incorrectly.  The only option will be to uninstall SAVFL and re-install it using the default settings. 

Here is what xsymcfg looks like:

In brief, it operates just like the Registry on a windows computer.  Using this graphical tool to change key values will alter the way that SAVFL behaves.

For example, from the Symantec AntiVirus for Linux Implementation Guide:

By default, the maximum number of items that can be added to a manual scan that is generated from the command line interface is 100. You can use symcfg to change the DWORD value VirusProtect6\MaxInput to increase this limit. To remove the limit entirely, you must set it to 0.

To change that value, just open up HKEY_CURRENT_USER, Symantec Endpoint Protection, AV in xsymcfg.  Right-click on MaxInput and chose to Modify.  Change the value to 0 and click OK.

Final Notes

Many thanks for reading!  Please do add comments and feedback below.

Linux admins may wish to cast their support for these proposed enhancement requests:

Managed SEP client for Linux
https://www-secure.symantec.com/connect/ideas/managed-sep-client-linux

Create a tool to verify the minimum requirements for SAVFL - Sav For Linux
https://www-secure.symantec.com/connect/ideas/create-tool-verify-minimum-requirements-savfl-sav-linux

Remote Deployment Tool for SAVFL
https://www-secure.symantec.com/connect/ideas/remote-deployment-tool-savfl

IT Analytics offers users several ways in which they can consume their systems management data. One of the more popular ways to expose IT Analytics data to business users, without granting them access to the Symantec Management Console, is through utilizing some of the rich reporting capabilities within Microsoft SharePoint. This article will provide step by step guidance on creating dashboards using the IT Analytics Symantec Endpoint Protection Content Pack while leveraging Microsoft SharePoint’s PerformancePoint solution. There is also an optional process for including a link to the out-of-the-box IT Analytics reports hosted by SQL Reporting Serivces.

NOTE: This example uses Microsoft PerformancePoint, which is only available in the Enterprise version of SharePoint. If you are running SharePoint Standard you can still add links to IT Analytics default reports and dashboards by simply using the URL exposed by SQL Reporting Services. However, without PerformancePoint you will not be able to create and publish the dashboards outlined below. 

Creating a Dashboard in PerformancePoint

1. Within SharePoint, navigate to the Business Intelligence Center and select the "Create Dashboards"

2. Click "Start using PerformancePoint Services”

3. Click "Run Dashboard Designer"

4. Wait a few moments for the application to launch

5. Select the "Workspace" tab, click "Create" in the ribbon bar and select "Data Source"

6. Select "Analysis Services" and click "OK"

7. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

8. Enter the analysis server “Name”, choose the “IT Analytics” database, select the cube “SEP Alerts”, then click “Test Data Source” and ensure the connection succeeds, click “Close”

9. Repeat steps 5 and 6 to add another Data Source
10. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

11. Enter the analysis server“Name”, choose the “IT Analytics” database, select the cube “SEP Server System Events”, then click “Test Data Source” and ensure the connection succeeds, click “Close”

12. Click the “Save All” icon, specify a location and file name for the project, then press “Save”

13. Click “PerformancePoint Content” in the workspace browser and select the “Workplace” tab and chose “Analytic Chart” from the Create ribbon bar

14. Select the “SEP Alerts” data source created in step 8, then click “Finish”

15. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Design" tab

16. From the details pane on the right, expand “Measures” and“Dimensions”

17. Drag “Virus – Threat Type” and “Alerts” to the “Series” section and the “Alert – Actual Action” to the “Bottom Axis” section. The chart will now display data

18. Right click on the white space in the report, expand “Report Type” and select “100% Stacked Bar Chart”

19. The chart will be refreshed. Right click on a column, expand “Sort” and select “Smallest to Largest”

20. The chart will be refreshed. Click on the downward facing triangle next to “Alert – Actual Action” and select everything except “None”, Press “OK”

21. The chart will be refreshed. Right click on the white space in the report, expand “Format Report” and select “Show Legend at Top” 

22. The chart will be refreshed. Click on the “Save All” icon to save your changes

23. Click “PerformancePoint Content” in the workspace browser and select the “_SEP” folder and chose“Analytic Chart” from the Create ribbon bar

24. Select the “SEP Server System Events” data source created in step 11, then click “Finish”

25. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Design" tab

26. From the details pane on the right, expand “Measures” and“Dimensions”

27. Drag “Server System Event Type – Type” to the “Series” section, and the “Event Count” to the “Bottom Axis” section. The chart will now display data

28. Right click on the white space, expand “Report Type” and select “Pie Chart”

29. The chart will be refreshed. Right click on the chart, expand “Filter” and select “Top 10…” from the “Series” section

30. Change the number in the screen to “5” and click “OK”

31. The chart will be refreshed. Click on the “Save All” icon to save your changes

32. Click “PerformancePoint Content” in the workspace browser and select the “_SEP” folder and chose “Reporting Services” from the Create ribbon bar

33. Select the "Properties" tab and enter a meaningful Name, Description, and DisplayFolder, then click on the "Editor" tab

34. Enter your “Server Name” and click “Browse”

35. Select “Scan Trend” from the list and click “OK”NOTE: If the report you are selecting contains parameters, you can select from the predefined parameter set in the report itself, the <Default> value is automatically selected

36. Click on the “Save All” icon to save your changes
37. Click “PerformancePoint Content” in the workspace browser and select the “_SEP” folder and chose“Dashboard” from the Create ribbon bar

38. Select “2 Rows” and press “OK”

39. Select the "Properties" tab and enter a meaningful Name, Description, and Display Folder, then click on the "Editor" tab

40. From the "Details" pane on the right hand side of the screen, expand "Reports" and browse to the PerformancePoint Content previously created

41. Drag the report “SEP Alerts by Event Type and Severity” from the Details pane to the "Top Row" pane of the dashboard, then drag the report “Top 5 SEP Server System Events by Type” from the Details pane to the "Bottom Row" pane of the dashboard

42. Right click on Top Row and select “Add Right”

43. Drag the report “Scan Trend” from the Details pane to the "Zone 1" pane of the dashboard

44. Right click “Top Row” and select “Zone Settings”

45. Select the “Size” tab and enter “30” in the “Width” box, then select “OK”

46. Your dashboard should look like this now. Click on the “Save All” icon to save your changes

47. Click on the Home button and select "Deploy"

48. In the "Deploy To" dialog box, select "Include page list for navigation" and select "OK"

49. Once the Dashboard is deployed, it will automatically be opened in Internet Explorer to view

50. To access the dashboard from the Business Intelligence Center, click on the "Dashboards" link and then click on your dashboard

51. Click on the "Name" hyperlink to display the dashboard

Le mode de contrôle, configurable via les paramètres spécifiques aux emplacements des Clients dans la console SEPM, vous permet de définir ce que les utilisateurs sont habilités à faire vis-à-vis des règles de pare-feu du SEPM.

1. Contrôle Serveur :

   - Seules les règles de pare-feu de la politique du SEPM sont appliquées

   - Impossibilité pour l’utilisateur de créer de nouvelles règles

   - Impossibilité pour l’utilisateur de voir localement la liste des règles appliquées par le SEPM

2. Contrôle Client :

   - Seules les règles de pare-feu locales sont appliquées (pas celles de la politique du SEPM)

   - L’utilisateur peut créer/éditer les règles locales

3. Contrôle Mixte :

   - Les politiques de pare-feu locales et du SEPM sont appliquées en même temps

   - L’utilisateur peut créer/éditer les règles locales

   - Toutes les règles au-dessus de la barre bleue dans la politique du SEPM auront la priorité sur celles créées en local sur le poste

   - Les règles créées en local sur le poste auront la priorité sur celles présentes en dessous de la barre bleue dans la politique du SEPM

   - L’utilisateur a la possibilité de voir l’ensemble des règles (locales + SEPM) appliquées (http://www.symantec.com/docs/TECH104877). Les règles locales y sont soulignées

Remarque : ces effets s’appliquent, même si vous avez configuré toutes les fonctionnalités du mode Mixte pour être gérées coté serveur, dans le menu de personnalisation du mode de contrôle Mixte (j’ai fait le test durant notre conversation téléphonique).

Voici d'autres liens intéressants concernant les modes de contrôle et l'impact sur les politiques de pare-feu :

http://www.symantec.com/docs/HOWTO55475
http://www.symantec.com/docs/HOWTO55484
http://www.symantec.com/docs/TECH98423

This article provides best practices for migrating IT Analytics and all installed content packs in the event the underlying SQL server is moved. These steps are only specific to IT Analytics with respect to the migration of SQL Server Analysis Services and SQL Server Reporting Services. This article does not detail information regarding migrating the underlying databases for the Symantec point products for which IT Analytics content packs are currently available (Symantec Endpoint Protection, Data Loss Prevention or Critical System Protection). Depending on the way you have IT Analytics configured or if any customizations have been implemented, you will need to follow one of the following scenarios detailed below.

Scenario 1 - Migrating a Default Install of IT Analytics

Choose this scenario if you have not made any custom modifications to the default cube set within IT Analytics (i.e. no custom cubes have been created or modified). This scenario follows the process for installing and configuring a new instance of IT Analytics.

1. On the server hosting the Symantec Management Console, ensure IT Analytics and all relevant content packs have been installed. Please see the ‘Installing IT Analytics and Content Packs’ section of the following Connect articles (SEP or DLP) for more information on installing IT Analytics and content packs.
2. Configure the IT Analytics settings to point to the new server hosting SQL Server Analysis and Reporting Services. Please see the ‘Configuring IT Analytics’ section of the following Connect articles (SEP or DLP) for more information on configuring IT Analytics settings.
3. Configure connections to the SEP or DLP databases as needed. Please see the ‘Configuring the SEP/DLP Connections’ section of the following Connect articles (SEP or DLP) for more information on adding connections.
4. Install relevant cubes and reports to the new server. Please see the ‘Adding Cubes and Reports’ section of the following Connect articles (SEP or DLP) for more information on installing cubes and reports.
5. Verify and/or configure cube processing tasks to populate the newly installed cubes with data. Please see the ‘Configuring Cube Processing Tasks’ section of the following Connect articles (SEP or DLP) for more information on creating cube processing tasks.
6. Validate the data by viewing the newly installed cubes and reports within the Symantec Management Console.

Scenario 2 - Migrating IT Analytics with Modified Cubes

Choose this scenario if you have modified or created new cubes (i.e. within Business Intelligence Development Studio or another development tool).

1. Follow Steps 1 – 4 of Scenario 1 above to install and configure a new instance of IT Analytics to be hosted by the new Analysis and Reporting Server.
2. Backup the old Analysis Services database and restore it to the new server over top of the new IT Analytics Analysis Services database you installed in Step 1. For backing up and restoring an Analysis Services database, we recommend following the procedures and best practices on Microsoft’s website.
3. Verify and/or reapply any and all cube customizations previously implemented to ensure parity on the new server hosting the Analysis Services database.
4. Verify and/or configure cube processing tasks to populate the newly installed cubes with data. Please see the ‘Configuring Cube Processing Tasks’ section of the following Connect articles (SEP or DLP) for more information on creating cube processing tasks.
5. Validate the data by viewing the newly installed cubes and reports within the Symantec Management Console.

Optional - Migrating Reporting Services Reports

In addition to the scenarios listed above, follow these steps only to migrate previously created custom reports in SQL Reporting Services from the old server to the new server.

1. Open a browser on the old server hosting SQL Reporting services and navigate to the Report Manager website: http://localhost/reports
2. Select the folder where the custom Reporting Services reports reside (this is typically the main IT Analytics folder on the root, unless there was a custom folder created).
3. Click the downward arrow to the right of the report you want to export and select Download.

4. When prompted, save the report (file extension should be .rdl) to a location that can be accessed to import to the new server.

5. On the new server hosting SQL Reporting services, open a browser and navigate to the Report Manager website: http://localhost/reports
6. Select the folder where you want the custom Reporting Services reports reside (this is typically the main IT Analytics folder on the root, unless there was a custom folder created).
7. Click the  button on the toolbar of the Report Manager website.
8. Browse to the .rdl file you saved in Step 4 above and give the report file an appropriate name, then click OK to upload.

9. NOTE: If you have created a custom Reporting Services report with a data source other than the default IT Analytics data source, you will have to modify the report to point it at that source. Follow the procedure below to resolve this:

• On the server hosting the new Report Manager website, locate the report and right-click the downward facing arrow, then select Manage.

• Select the Data Sources link on the left navigation and either browse to the original shared data source or enter a connection string and appropriate credentials to specify the original custom data source used.

10. To link this report into the Symantec Management Console open the console then navigate to the Reports > IT Analytics > Reports folder.
11. Right-click on the Reports folder and select New > IT Analytics Report.

12. In the Report Type dropdown box, select Report and then in the Report Name dropdown select the name of the newly added report. Then click the Add Report button.
13. You should see a message saying that the report was added successfully.

14. Refresh your browser and expand the Reports folder.
15. Locate and select the report you just added to verify it renders as expected.