Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 4837 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reports Top10 Alerts & Locations [URGENT]

JahnTello Flores

Mr. Sophos:

Our customers [ALL] who are using Sophos Central are complaining about the reports that exist, they require, for example, the Top 10 Alerts and Locations Report, similar to Sophos On-Premise.

This report is one of those used by customers to know what kind of threats are attacking the network of each of them.

 

Señores Sophos:

Nuestros clientes [TODOS] los que están utilizando Sophos Central se están quejando sobre los reportes que existen, requieren por ejemplo como principal pedido el Reporte del Top10 de Alertas y Ubicaciones, similar al que existe en Sophos On-Premise.

Este reporte es uno de los utilizados por los clientes para saber que tipo de amenazas están atacando la red de cada uno de ellos.



This thread was automatically locked due to age.
  • 0

    Hi,

    I see three options for getting and presenting this data:

    1. Export the data as seen in the UI to csv. Import into Excel and create a pivot table where Event is the Row and Count of the Event is the Value. Clearly this is manual and would need to be done at least every 3 months so keep all data.

    2. Use the new SIEM interface to pull the data.
    https://community.sophos.com/kb/en-us/125339

    3. Call the current UI APIs to get the data from a script.  This would be unsupported but may offer something.

    Both 2 and 3 could be scheduled and consumed by something like Splunk which has Dashboards setup.  

    There was talk of a scheduled report being emailed to the admins.  That might be enough but I'm not sure where that went.

    Regards,

    Jak

  • 0 in reply to jak

    Dear Jak:

    Thank you very much for your response, as distributors we are doing step 1, but that is not a job that the Final Customer should be doing. They need to make reports on the times that they think are convenient [of course within the 90 days that Sophos saves the data].

    Another problem is that if there are more than 1000 alerts simply can not be exported in .CSV and must be done every 15 days, every 20 or depending on what Sophos Central supports.

    QUESTION: How can this happen, if there are more than a thousand alerts, you have to get the reports out?

    Believe it or not, this does not leave a good impression on the end customers.

    =========================

    Estimado Jak:

    Muchas gracias por su respuesta, como distribuidores venimos haciendo el paso 1, pero eso no es un trabajo que deba estar haciendo el Cliente Final. Ellos lo que necesitan es hacer reportes en los tiempos que ellos crean convenientes [claro está dentro de los 90 días que Sophos guarda la data].

    Otro de los problemas que se viene presentando es que si hay más de 1000 alertas simplemente no se puede exportar en .CSV y hay que hacerlo cada 15 días, cada 20 o dependiendo de lo que Sophos Central soporta.

    PREGUNTA: Cómo es posible que suceda eso, que si hay más de mil alertas se tenga que sacar por partes los reportes?

    Créase o no, esto no deja buena impresión hacia los clientes finales.

  • 0 in reply to JahnTello Flores

    Hi,

     

    This kind of report is still not available !!

    Can someone from Sophos please confirm..

  • +1

    Hi Everyone,

    As of now, the requested reports are not available under the predefined set of conditions in Sophos Central. However, you can get the statics report by any of the above method that was already suggested. 

    If you can wish to have more reports on statics for Audit, I would request you to vote this feature request.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Unfiltered HTML