(imported topic written by mwilson91)
I’m used to Trend’s Anti-Virus mgmt console that sends out an email (to a configurable list of email addresses) when a virus is found on a host. The email contains the name(s) of the host, the virus found, the result (no action, cleaned, deleted, etc.) and the file name(s) of the affected files.
How do I achieve the same level of reporting from the BigFix (CA) product?
Thanks.
Michael
(imported comment written by jessewk)
Hi Michael,
We’ll publish an update to the ‘BigFix AntiVirus Top 10 Most Recent Viruses’ report shortly. Once we do, you can use web reports’s scheduled activities feature to email you any time that report changes. When there is a new virus detection it will email you with the computer name, virus name, and detection time.
I’ll post again when the update is published.
Jesse
(imported comment written by mwilson91)
Thanks – a couple of requests for the report. The infected file path and name (not truncated) and the AV result.
Also, what if there is a massive outbreak or a host that has more than 10 results. It would be nice to have the number of detected viruses available as a variable for the report – for example, top 10, top 25, top 50, or all.
-michael
(imported comment written by jessewk)
Gathering the infected file path will not make it into the first iteration as it requires changes to the underlying properties feeding the report, but we’ll add that as an enhancement request.
If you’d like to change the number of reported values just store a copy of the report and then click ‘configure’ in the navigation bar on the left. Look for the part of the code where it says i < 10 and change it to i < n where n is the number of results you’d like to see. For all results, just remove ‘&& (i < 10)’ or create a report off of the BigFix AntiVirus Scan Statistics analysis.
Jesse
(imported comment written by Danny_Leung91)
Hi Michael,
The web report ‘BigFix AntiVirus Top 10 Most Recent Viruses’ has been updated to be useable with scheduled activities to email changes. You can find the update if you gather the most recent BigFix AntiVirus site version 330.
As Jesse mentioned, if a scheduled activity is setup for this report, the notification email will include the latest virus detection information which will look like:
New Virus Detected
Computer Name: WIN2KPRO
Virus Name: Eicar test virus
Detection Time: Tue, 29 Jul 2008 17:53:09 -0700
The Activity Triggers:
-Generate report every refresh.
-Send email/store archive only when report has changed
Having variable variable number of detected viruses is a good suggestion and we will pursue its inclusion in the next update to this web report. Adding file path and remediation results with the report is a bit more complex so that probably will not happen soon.
Danny
(imported comment written by bc6591)
Danny:
You indicated the following: “Having variable variable number of detected viruses is a good suggestion and we will pursue its inclusion in the next update to this web report. Adding file path and remediation results with the report is a bit more complex so that probably will not happen soon.”
This fix for file path/name and remediation results is not perchance included in the 7.1.1.315 update is it ?
If not is there any other way to obtain this information in the mean time ? That information can be vitally important when it is needed.
Thanks, bc
(imported comment written by bc6591)
Also, would it be possible to obtain all of the above information for Antipest too ?
Thanks, bc