I'm working towards generating some reports for our other IT departments and I noticed the correlated events have some really nice information that might indicate when someone is infected with Malware. I'd like to get that information over to our desktop support team but I'm not sure the best way to do it.
I could certainly give them restricted read-only accounts to Panorama to access relevant monitoring data but I see there are also a lot of reporting options. I do not, however, see any reporting or notification triggers for when correlated events are detected.
Is there something I'm missing or has this just not been implemented yet?
I am actually running 8.0 on Panorama so I should have access to this. I'm hoping for something fairly easy to read for the end users who will likely be desktop technicians in this case. I guess even a CSV would be something in this case.
I've also just run across a use case for needing a config change report. I'd like to schedule a weekly report that lists information about config changes... maybe not so much the entire config change but user-selectable columns like we already have on other reports so that we can do something like just select the date/time, administrator username, and the commit description.
Anyone know if that is possible?
*edit* I see there is a config option on the Log Collector Forwarder so I'm trying that out along with the Correlated Events forwarder. I'm still definitely intersested to see if we could do Custom Reports and email schedules for these types of things or if it is on the radar as a requested feature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!