Jump to content

Security Summary Reports


Recommended Posts

These reports appear to be the only automated client-deliverable for those of us using Oneview.   While it is generally good (I've seen MUCH worse attempts from other vendors in my sphere), I'm wondering what the development plans are for this report.  I have several comments/questions:

  • I note that items that would naturally prompt a question, don't give any data to answer that question.  For example, the endpoints listed as "Not seen in 30 days", would naturally prompt the question "which one(s)?", but no data is given.   Also, that line starts with total endpoints, then reports "Active in the last 7 days", then "Not seen in 30 days", but the total of these two detail items don't always equal the total endpoints.     My one clients shows 13 total endpoints, 10 active in the last 7 days, and 1 not seen in 30 days.   10 + 1 = 11, so what happened to the other two endpoints?   Are they "not seen in over 30 days"?   Something else?
  • For the Endpoint Protection section, the endpoints listed as "Unprotected" are not listed or explained.   Are these machines detected on the network that don't have the agent installed?   Something else?
  • In the "Endpoints needing attention" section, it doesn't list who they are, so I'm leaving the client with this question outstanding instead of pointing to a needed task.
  • In the "Top 5 operating systems" section, shouldn't the numbers add up to 100%?  In my 13-endpoint client example, I see 76% for Win10 Pro, 15% for Server 2016 and 7% for Win10 Home.  That's 98% total.   The leftover has to be rounding as it's too small to equal 1 unidentified machine somewhere. 
  • Some clients have endpoints identified as "Win 10 business" which are in addition to those listed as "Win 10 pro".    What exactly is "Win 10 Business"?
  • In the "Threats" section, they list all of the "Detections" but don't mention whether or not all of these were addressed.   Admittedly, this is better than showing detections as NOT addressed, and it allows the client to assume that all detections were, in fact, addressed or remediated.   However, it is not clear that this is actually the case from looking at the report.
  • In the "Top 5 Threats" section, there is often a line titled "compromised".   What exactly is this referring to?   I understand "trojan", "malware", "pup", "exploit", etc., but "compromised?   That makes me worry and begs additional explanation.
  • In the end section, where it starts with "We're here to help - for technical support, please contact" - so far so good.   Unfortunately, it only follows with my company name and address.  No phone number or email address.    I looked into where this might be controlled in the Oneview portal, but couldn't find a place.   Does anyone know where this is controlled?
  • Lastly, there doesn't appear to be a way to have these reports sent (on a schedule) directly to the client.   If I generate the report for every client at once, I get all of the reports in a single zip file sent to my OneView login email, so I can't setup an auto-forward rule in Exchange do make this job easier.   I have to unzip the file, then forward each report individually to the correct client - more time-consuming for sure, and opens up the possibility for error, plus yet another month-end job that has to be assigned to someone.   Is there any way to automate this more?

Thankfully, I couldn't find any formatting problems or misspellings in the report, so kudos for that!

Edited by HCHTech
  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Thank you for the feedback @HCHTech

We have created a story to track progress of possible changes for future builds. OCF-823

As for specific answers to your questions, I'll see if I can get someone to reply if possible.


Edited by AdvancedSetup
Updated information
  • Thanks 1
Link to post
Share on other sites

On 10/4/2022 at 6:19 PM, AdvancedSetup said:

We have created a story to track progress of possible changes for future builds. OCF-823

Thanks, @AdvancedSetup - forgive me, but I'm not sure what this means.   I'll presume it is some sort of internal project tracking, but since there is an ID code there, does that mean it's something I might have access to somewhere?   Or perhaps just to refer to with any support tickets I might open on the subject....


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.