Export Option for Intrustion Summary

I need a solution

I am wondering if there is any way to export the Intrusion Summary lists. Specifically the Attack: Intrusion Histroy. About once a week I have to manually copy 500 pages into a text document. It would save me a lot of time if I could simply export this list as a csv or even a .txt document is fine. Let me know if there is a solution like this or you plan on doing it in the near future.

0

Related:

  • No Related Posts

Scheduling automated agent status report for DLP

I need a solution

Hi,

Our DLP setup mainly consists of two roles that we’re currently using, System Admins who set everything up and do the backend management of the Enforce server, and Investigators who review incidents and mark them appropriately.

I’ve been asked if we can set up a weekly or daily report that shows all endpoint agents with a status of Critical or Warning, so our Investigators can check these machines and make sure they’re still online and have a functioning DLP agent.

Only SysAdmins currently have access to the System tab, so only we can check the status of agents. Investigators don’t have access to this, and the only way I can find to give them this is to grant the role the user privileges for Agent Management, however this also gives them the ability to delete agents, change their detection servers and agent group, plus shutdown/restart the agent. This is a bit more control than we’d like to give these users.

I’ve managed to create a shared report which does this, and I’d like to have this run weekly and email to a distribution list. However I can’t seem to find any way to schedule this, the Schedule button is grayed out, so I can only Edit or Delete the report.

My only options at the moment seem to be to manually run the report and export it myself, or delegate Agent Management priveleges. Does anyone know a way I can resolve this?

Cheers

0

Related:

  • No Related Posts

Peer-to-peer Image Restore

I need a solution

I want to ghost an image from one computer to another, over an ethernet connection,

I have Symantec Ghost  (12.0.0.8065) on the Windows 10 server side (where the .gho file is), and Symantec Ghost (12.0.0.10618) on the Windows 10 WinPE client.

What command lines do I need on the server and client to ghost the image on to the client?

I have tried:

        ghostsrv.exe “C:ImagesMy Image Name.gho” mysession -N1 -C -UU

and

       ghost32.exe -clone,src=@MCmysession,dst=1

but both sides just sit there waiting ’til the client times out after a few minutes

0

Related:

  • No Related Posts

Cannot release the message. It has either been released already or a delivery error occurred

I need a solution

When I Try to release an email from the Spam Quarantine, it is giving me the following message: Cannot release the message. It has either been released already or a delivery error occurred. Please check Brightmail Log for details. Other users are able to release Messages from Spam Quaratine, it is just this one. When I go into the the logs, it tells me [QuarantineManager] ERROR – error.quarantine.unable.release.delivery javax.mail.MessagingException: Exception reading response;

Can someone please let me kno what the issue may be in releasing this one email? The rest of the log entry is listed below:

Dec 12 2018 07:38:17 [http-bio-443-exec-581] [QuarantineManager] ERROR – error.quarantine.unable.release.delivery
javax.mail.MessagingException: Exception reading response;
  nested exception is:
 java.net.SocketException: Connection reset
 at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1764)
 at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1647)
 at com.sun.mail.smtp.SMTPTransport.finishData(SMTPTransport.java:1473)
 at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:738)
 at com.symantec.smg.controlcenter.internal.mail.transport.TransportFactory.sendMessage(TransportFactory.java:311)
 at com.symantec.smg.controlcenter.internal.mail.transport.MailTransportImpl.sendMessage(MailTransportImpl.java:100)
 at com.symantec.smg.controlcenter.internal.mail.transport.MailTransportImpl.sendMessage(MailTransportImpl.java:111)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.releaseToMTA(QuarantineManager.java:1470)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.release(QuarantineManager.java:1412)
 at com.symantec.smg.controlcenter.quarantine.spam.QuarantineManager.release(QuarantineManager.java:814)
 at com.symantec.smg.controlcenter.quarantine.spam.MessageDetailAction.notSpam(MessageDetailAction.java:240)
 at sun.reflect.GeneratedMethodAccessor1758.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:274)
 at com.symantec.smg.controlcenter.internal.action.DefaultAction.dispatchMethod(DefaultAction.java:97)
 at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:194)
 at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
 at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
 at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
 at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
 at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063)
 at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1001)
 at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:560)
 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:209)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.accesscontrol.AdministratorRoleChecker.doFilter(AdministratorRoleChecker.java:210)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.SessionChecker.doFilter(SessionChecker.java:146)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.CacheBuster.doFilter(CacheBuster.java:97)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.http.CharacterEncoder.doFilter(CharacterEncoder.java:93)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.internal.struts.Struts1ParamFilter.doFilter(Struts1ParamFilter.java:44)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at com.symantec.smg.controlcenter.accesscontrol.HostACL.doFilter(HostACL.java:331)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: Connection reset
 at java.net.SocketInputStream.read(Unknown Source)
 at java.net.SocketInputStream.read(Unknown Source)
 at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:106)
 at java.io.BufferedInputStream.fill(Unknown Source)
 at java.io.BufferedInputStream.read(Unknown Source)
 at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:84)
 at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1742)
 … 76 more
 

0

Related:

  • No Related Posts

How do I have two default gateways one for mgmt and one for interception?

I need a solution

Hi;

I have port 0:0 as the management port with a default gateway associated with the default route domain and I want port 2:0 to have its own default route. Shall I create a new route domain, a new vlan and associate them with interface 2:0, which already has an IP address.

then shall I define a Default gateway for the new route domain?

Would this work?

Kindly

Wasfi

0

1544671730

Related:

  • No Related Posts

How do I install a CA for SSL decryption with its intermediate cert?

I need a solution

Hi;

I have a CA signed by an Intermediate certificate, which is in turn signed by a Root CA. So the trust chain is 

Root CA signed Intermediate Certificate CA, which signed the associated with the Keyring on the ASG.

How can I install the CA used to resign server certificates on the Proxy SG with its intermediate Certificate linked to it?

Kindly

Wasfi

0

Related:

  • No Related Posts

Why does not all devices show up in console?

I need a solution

I have a number of klients with SEP-C installed and connectet to my portal.

In subscriptions i can see i use 85 licences, (devices, not server inkluded).

If i go to “Groups, Users and Devices” i count a total of 82 devises in 2 groups, (Desktops and laptops), and 22 servers in another group.

Desktop show 54 devices, but if i go into that group, only 49 is showing and is searchable.

same with the others, laptop counts 28, but only 27 exists, and servers show 22 and only 20 is there.

If i go to “Manage Devices”, i se today 102 of my total 107 devices, but some days it can be as low as 50.

We ran out of licenses because of we could not find a device in consol and had to reinstall it, then it needed a licens to be registered, and now we have a licens free again, without explanation?

Why does the portal do this?

And can we do something to fix it?

0

Related:

  • No Related Posts