Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stats from daily scan or on access scan

samueltb

Hi, I have been tasked with obtaining stats regarding daily scan and on access scan results, in the past I have used Excel to tap into various SQL databases and create queries, I haven't attempted this with our Sophos endpoint database yet, before I start I thought I should ask the experts, can I use Excel to attach to the Endpoint database and pull back data, what tables would hold results for daily and on access Scans, are the details of which methods finds the virus etc held in the database.

The reason for the stats is to determine if we have to run the daily scan or whether we can change the frequency of the scan but first we want to ensure that we are not putting our estate at risk.

Thanks for any help Sammy

:22389


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    You can certainly connect to the Sophos database for reporting.  There is nothing to stop you accessing any table, view, or stored procedure but to be "supported" with regards to queries, you should use the Sophos Reporting Interface:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/Sophos-Reporting-Interface/m-p/8285

    This has 2 parts to it:

    1 The SQL file that adds additional tables, views, functions and SPs.  Apparently as of SEC 5.1 this will be installed into the database automatically.

    2. A service for writing results to a file to be used by something like Splunk.

    As you're going to be using Excel as the 'client' then you just need to install the interface, by running the SQL file as extracted by the download.

    You'll see an "Enumerations" table which holds some mappings:

    EnumID	EnumValue	Language	Position	Description
4	200	en	5	Unknown
4	201	en	2	On access
4	203	en	3	On demand
4	205	en	4	Scheduled
4	206	en	1	In memory
4	207	en	6	Web browser

    So you can map the threat back to the method that found it, if that's what you need to distinguish.

    I guess have a read of the Reporting Interface PDF and see if it gives you what you need.  If not then you can get at most of the data from the following 2 views:  ThreatInstancesALL and ComputerListData2 but this is less supported as they may disappear, columns change without warning :).
     

    Regards,

    Jak

    :22421
Reply
  • 0

    Hi,

    You can certainly connect to the Sophos database for reporting.  There is nothing to stop you accessing any table, view, or stored procedure but to be "supported" with regards to queries, you should use the Sophos Reporting Interface:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/Sophos-Reporting-Interface/m-p/8285

    This has 2 parts to it:

    1 The SQL file that adds additional tables, views, functions and SPs.  Apparently as of SEC 5.1 this will be installed into the database automatically.

    2. A service for writing results to a file to be used by something like Splunk.

    As you're going to be using Excel as the 'client' then you just need to install the interface, by running the SQL file as extracted by the download.

    You'll see an "Enumerations" table which holds some mappings:

    EnumID	EnumValue	Language	Position	Description
4	200	en	5	Unknown
4	201	en	2	On access
4	203	en	3	On demand
4	205	en	4	Scheduled
4	206	en	1	In memory
4	207	en	6	Web browser

    So you can map the threat back to the method that found it, if that's what you need to distinguish.

    I guess have a read of the Reporting Interface PDF and see if it gives you what you need.  If not then you can get at most of the data from the following 2 views:  ThreatInstancesALL and ComputerListData2 but this is less supported as they may disappear, columns change without warning :).
     

    Regards,

    Jak

    :22421
Children
No Data