GFI EndPointSecurity 4.
http://www.gfi.com Email: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of GFI SOFTWARE Ltd. GFI EndPointSecurity Report Pack–Last updated 25 September 2009 Version number: ESECRP-ACM-EN-01.00.
Contents 1 Introduction 1.1 1.2 1.3 1.4 2 Installation 2.1 2.2 2.3 2.4 3 Introduction Scheduling a report Configuring advanced settings Viewing the list of scheduled reports Viewing the scheduled reports activity Enable/disable a scheduled report Editing a scheduled report Deleting a scheduled report Example: Scheduling a report Configuring default options 6.1 6.2 6.3 6.
7.2 7.3 8 Appendix: GFI EndPointSecurity Default Reports 8.1 8.2 8.3 8.4 8.5 9 Executive Reports Statistical Reports Top active users/machines reports Technical Reports Security reports Troubleshooting 9.1 9.2 9.3 9.4 9.
1 Introduction 1.1 About GFI ReportCenter Figure 1 - Centralized reporting framework GFI ReportCenter is a centralized reporting framework that allows you to generate various reports using data collected by different GFI products. GFI releases specialized reports for each of its products, referred to as a ReportPack; for example, the GFI EndPointSecurity ReportPack. A ReportPack can be downloaded as an add-on to the GFI product.
Figure 2 – Several ReportPacks plugged into the GFI ReportCenter framework A ReportPack plugs into the GFI ReportCenter framework; allowing you to generate, analyze, export and print the information generated through these reports. 1.2 About the GFI EndPointSecurity 4.0 ReportPack The GFI EndPointSecurity ReportPack is a full-fledged reporting companion to GFI EndPointSecurity.
GFI ReportCenter framework The GFI ReportCenter framework is the management console through which you can generate the specialized product reports which are shipped with a product ReportPack. The GFI ReportCenter framework offers a common application interface through which you can navigate, generate, customize and schedule reports.
Help – Use this navigation button to show this Quick Reference Guide in the Report Pane of the GFI ReportCenter management console. Report Pane - Use this multi-functional pane to: View and analyze generated reports. Maintain the scheduled reports list. Explore samples and descriptions of default reports. Export – Use this button to export generated reports to various formats including HTML, Adobe Acrobat (PDF), Excel (XLS), Word (DOC), and Rich Text Format (RTF).
Distribution of reports via email GFI ReportCenter allows you to automatically distribute generated reports via email. In scheduled reports, this can be achieved automatically after the successful generation of a scheduled report. Report export to various formats By default, GFI ReportCenter allows you to export reports to various formats. Supported formats include HTML, PDF, XLS, DOC and RTF. When scheduling reports, you can optionally configure the preferred report output format.
2 Installation 2.
Screenshot 2 - GFI ReportCenter framework detection dialog 2. GFI EndPointSecurity detects and lists missing prerequisites, if any. Click Next to download and install the prerequisites. 3. When all prerequisites are installed, click Next in the welcome screen wizard. 4. In the license dialog, read the licensing agreement carefully. Select I accept the Licensing agreement option and click Next to continue.
5. Specify the full user name, the company name and the license key of GFI EndPointSecurity. If you will be evaluating the product for 10 days, leave the evaluation key as default (i.e. “Evaluation”). Click on Next to continue. Screenshot 4 – SQL Server selection dialog 6. Specify the details of the SQL Server which is hosting your GFI EndPointSecurity database backend, and the database name.
Screenshot 5 – Product Selection drop down list For example, to run the reports provided in the GFI EndPointSecurity ReportPack: 1. Launch GFI ReportCenter from Start ► Program Files ► GFI ReportCenter. 2. Select „GFI EndPointSecurity 4.2 ReportPack‟ from the Product Selection drop down list. NOTE: Select the „ALL PRODUCTS‟ option to display and navigate all the ReportPacks that are currently installed in GFI ReportCenter.
3 Getting started: Default reports 3.1 Introduction After installing the GFI EndPointSecurity ReportPack, a number of specialized pre-configured reports can immediately be generated on the data stored in the database backend of GFI EndPointSecurity. These default reports are organized into the following categories: Executive Reports: Use the reports in this category to generate a high-level activity summary of all devices being controlled across the network.
3.2 Generating a default report To generate a default report: 1. Click on the Default Reports navigation button to launch the list of default reports available. Screenshot 6 – Selecting the data set period 2. Right-click on the report that you wish to generate, select Generate report and specify which device activity data will be represented in the report. NOTE: Default reports can be based on the device activity data collected today, yesterday, during the last 7 days or over the last 30 days.
Screenshot 7 - Configuring custom date/time period 3. Select Day option and expand the provided drop down. This will launch the date selection calendar. 4. Navigate to the required month (i.e. September) and select the required day (i.e. 15). 5. Click Finish to generate the report. Example 3: Generating a “Device usage summary” report based on data collected over a specific date/time period.
Screenshot 8 - Configuring custom date/time period 3. Select Date range option and specify the required parameters: From – 08/18/2009 12:00:00 AM To – 09/01/2009 12:00:00 PM NOTE: Date and time format are based on the regional settings configured on your computer. 4. Click Finish to generate the report. 3.
Generated reports are shown in the right pane of the GFI ReportCenter. Use the toolbar at the top of the report pane to access common report related functions: Report browsing options Browse the generated report page by page. Zoom in/Zoom out. Search the report for particular text or characters. Go directly to a specific page. Breakdown the report into a group tree (e.g. by date/time). Print report. Report storage and distribution options Export the generated report to a specific file format.
4 Custom reports 4.1 Introduction GFI ReportCenter allows you to create custom reports which are tailored to your reporting requirements. This is achieved by building up custom data filters which will analyze the data source and filter out the information that matches the specified criteria. 4.2 Creating a new custom report To create a custom report: 1. Click on the Default Reports navigation button. 2.
Screenshot 12 – Specifying data filter conditions 4. Configure the data filter conditions that will be applied against the selected data source. Click on Next to continue. NOTE: For more information on how to configure filter conditions, refer to the section „Configuring data filter conditions‟ in this manual. 5. Specify a name and description for the customized report. Click on Next to continue. 6. Click on Finish to finalize your configuration settings. 4.
Screenshot 13 - Custom Report Wizard: Filters dialog Click Add… to launch the „Edit filter properties‟ dialog. Configurable options in this dialog include: Filter condition – This is the data source area on which the filter will focus (for example, select „Computer Name‟ to filter the device activity data that is related to a particular computer). Logical relation – The condition comparison parameter. Value – The string to which source data will be compared.
Screenshot 14 - Filter conditions configuration dialog For more specific reports, you can limit the range of information to be displayed by tightening your search criteria. This is achieved by configuring and applying multiple data filters against the selected data source. When more than one filter is used, you will also have to specify how these filters will be logically linked.
Parameters Filter 1 Filter 2 Filter condition Computer Name User Name Logical relation Is equal to Includes Value „WinXp01 „BJones‟ The data which will be included in this custom report will vary according to how these filters will be applied against your data. This is defined through the „Filter property condition…‟ drop-down.
Screenshot 16 – Selecting the data source to use 4. Select Month option and specify the following parameters: Month : September. Year : 2009. 5. Click on Next to proceed to the data filters dialog.
5. Click on the Add… button and configure the parameters of filter 1 as follows: Filter condition : Computer Name Condition : Equal to Value : WinXp01 7. Click OK to finalize your filter configuration settings. 8. Click again on the Add… button and configure the parameters of filter 2 as follows: Filter condition : User Name Condition : Equal to Value : Bob Jones Filter Property condition… : and 9. Click OK to finalize your filter configuration settings. 10.
Screenshot 18 - Custom Report Wizard: Welcome dialog 2. Right-click on the custom report that you wish to modify and select Edit. This will launch the Custom Reports Wizard through which you can make the required changes. NOTE: For more information on how to configure the parameters of a custom report refer to the Creating a custom report section in this chapter. 4.6 Deleting a custom report To delete a custom report: 1. Click on the Custom Reports navigation button. 2.
You can group and access frequently used reports through the Favorite Reports navigation button. To add a custom report to the list of favorite reports: 1. Click on the Custom Reports navigation button to launch the list of available reports. 2. Right-click on the custom report that you wish to add to favorites and select Add to Favorites List.
5 Scheduling reports 5.1 Introduction GFI ReportCenter allows you to generate reports on a pre-defined schedule as well as at specified intervals. In this way you can automate the generation of reports which need to be created and delivered on a regular basis. Further to this, GFI ReportCenter can also be configured to automatically distribute scheduled reports via email. For every scheduled report, you can configure custom emailing parameters including the list of report recipients and the file format (e.
Screenshot 20 – Report Scheduling Wizard: Data-set selection dialog 3. Select the device usage period to be covered by this report. Screenshot 21 – Report Scheduling Wizard: Time schedule dialogue 4. Specify the report scheduling parameters (date/time/frequency). Click on Next to continue.
Screenshot 22 – Report Scheduling Wizard: Advanced Settings dialog 5. To export the generated report to file, select Export to file option. To customize the report export configuration settings click on the Settings button underneath this option. NOTE: For information on how to configure export-to-file settings refer to Configuring report export to file options section in this chapter. 6. To automatically distribute generated reports via email, select the Send by mail option.
Format Description Adobe Acrobat (.PDF) Use this format to allow distribution of a report on different systems such as Macintosh and Linux while preserving the layout. 2 MS Excel (.XLS) Use this format if you want to further process the report and perform more advance calculations using another (external) program such as Microsoft Excel. 3 MS Word (.DOC) Use this format if you want to access this report using Microsoft Word. 4 Rich text (.
Screenshot 24 - Advanced Settings: Export to file options 2. Select the Override the default folder options for this report. 3. Specify the complete path where the exported report will be saved. 4. Specify the file format in which the exported report will be saved. 5. Click OK to finalize your configuration settings. NOTE: For information on how to configure the default export to file settings refer to the Configuring default scheduling options section in this manual. 5.3.
1. From the „Advanced Settings‟ dialog, click on the Settings button underneath the „Send by email‟ option. Screenshot 26 - Report distribution options 2. Select Override the default email options for this report. 3. Specify the following parameters: To/CC : Specify the email address(es) where the generated report will be sent. From: Specify the email account that will be used to send the report. Server: Specify the name/IP of your SMTP (outbound) email server.
5.4 Viewing the list of scheduled reports Screenshot 27 - List of Scheduled reports Click on the Scheduled Reports navigation button to show the list of scheduled reports which are currently configured for automatic generation. This information is displayed in the right pane of the management console and includes the following details: GFI ReportCenter Schedule Name: The custom name that was specified during the creation of the new scheduled report.
5.5 Viewing the scheduled reports activity Screenshot 28 - Schedule activity monitor GFI ReportCenter also includes a schedule activity monitor through which you can view events related to all scheduled reports that have been executed. To open the schedule activity monitor, click on the Scheduled Reports navigation button and select the Scheduled Reports Activity node. This will launch the activity information in the right pane of the GFI ReportCenter management console .
Description: Information related to the state of a scheduled report that has been executed. The format and contents of the activity description vary, depending on the event type. NOTE: The description is often the most useful piece of information, indicating what happened during the execution of a scheduled report or the significance of the event. 5.6 Enable/disable a scheduled report Scheduled reports can be enabled or disabled as required.
3. Click on Next and perform the required changes. For information on how to configure the parameters of a scheduled report refer to the Creating a scheduled report section in this chapter. 5.8 Deleting a scheduled report To delete a scheduled report: 1. Click on the Scheduled Reports navigation button. 2. Right-click on the scheduled report that you wish to permanently remove from the list and select Delete. 5.
3. Select the option Relative and from the provided drop down list select Today. Click on Next to proceed to the next dialog. 4. Since no data filters will be applied in this example, click Next to proceed to the next dialog. Screenshot 31 – Specifying the scheduling options 5. To generate this report on daily basis, select option Generate this report every: and set the interval to 1 Day. 6. Set the start date to 09/16/2009 and time to 12:00:00 AM. Click Next to proceed to the next dialog.
Screenshot 32 - Advanced Settings dialog 7. From the Advanced Settings dialog, click Settings under Export to file option.
Screenshot 33 - Advanced Settings: Export to file options 8. Select Override the default folder options for this report: 9. Specify the complete path where this report will be saved i.e. C:\Daily Reports. 10. From the report format drop down select PDF and click OK. Screenshot 34 - Advanced Settings dialog: Send by email settings button 11. From Advanced Settings dialog, click Settings button under Send by email option.
Screenshot 35 - Report distribution options 12. Select Override the default email options for this report: 13. Specify the following parameters: To : administrator@masterdomain.com From : gfireportcenter@masterdomain.com Server : Win2k3serv 14. From the report format drop down select PDF and click OK to finalize your email settings. 15.
6 Configuring default options 6.1 Introduction The GFI EndPointSecurity ReportPack allows you to configure a default set of parameters which can be used when generating reports. These parameters are first set during installation. However, you can still reconfigure any of these parameters via the Options navigation button provided in the GFI ReportCenter management console.
Screenshot 37 - Database source configuration dialog 3. Select the database type (e.g. MS SQL Server) from the provided list of supported databases. NOTE: GFI EndPointSecurity database backend supports only MSDE/MS SQL Server. 4. Specify the name or IP address of your MSDE/MS SQL Server database backend. 5. To use the credentials of an SQL Server account, select Use SQL Server authentication option and specify the user name and password in the provided fields.
6.3 Viewing the current database source settings Screenshot 38 - Database source configuration settings Click Database Source to view in the right pane window the current database source settings. 6.4 Configuring default scheduling settings To configure the default settings to be used by scheduled reports: 1. Click on the Options navigation button. Screenshot 39 - Default Scheduling Options node 1. From the pull-down menu, click on the Tools ► Default Scheduling Options. 2.
7 General options 7.1 Entering your license key after installation If you have purchased GFI EndPointSecurity, enter your License key using the Options ► Licensing node (no re-installation/reconfiguration required) NOTE: Entering the License Key should not be confused with the process of registering your company details on our website. This is important since it allows us to give you support and notify you of important product news. You may register and obtain your GFI customer account from: http://www.
Screenshot 41 - Licensing dialog 4. Type the GFI EndPointSecurity license key in the space provided. 5. Click on OK to finalize license key entry. 7.2 Viewing product ReportPack(s) version details To view the version information of a currently installed product ReportPack: 1. Select the product report from the Product Selection drop down list. 2. Click on the Options navigation button. 3. Click on the Version Information node.
Screenshot 42 - Version Properties: Check for newer builds dialog 1. Select the respective product (for example, GFI EndPointSecurity 4.0 ReportPack) from the Product Selection drop down list. 2. Click on the Options navigation button. 3. Right-click on the Version Information node and select Check for newer builds… NOTE: You can configure GFI EndPointSecurity 4.2 ReportPack to check for newer builds on startup.
8 Appendix: GFI EndPointSecurity Default Reports 8.1 Executive Reports 8.1.1 Device Usage Summary The Device Usage Summary is an executive style report that: Provides a usage summary of all controlled devices across the network. Graphically represents the percentage amount of allowed/denied access requests. Breaks down activity in device categories to allow comparisons of devices contributing to access requests.
Screenshot 44 – Sample showing extracts of device access summary report A bar chart showing how requests were distributed between different device categories. A list showing the top 10 users having the highest amount of allowed access to devices. A list showing the top 10 users having the highest amount of denied access to devices. 8.1.2 Users making use of each device This executive style report shows: A list of all controlled devices used across the network.
Device name and the category to which it belongs. List of users who have used that device. 8.1.3 Devices used by each user This executive style report shows: A list of users that have made use of controlled devices. The devices that have been used across the network. Screenshot 46 – Sample showing device usage grouped by user report Logged on user name and the computer on which the devices were connected. List of devices that were connected and accessed by the user.
Screenshot 47 - Sample report showing device usage trends A line graph showing the trend of allowed and denied access attempts for file system devices. A line graph showing the trend of allowed and denied access attempts for non-file system devices. 8.2 Statistical Reports 8.2.1 Device access statistics This device access statistics report shows: Number of allowed/denied access requests by each user for each particular device.
Screenshot 48 – Sample report showing device access statistics report A list of non-file system device access statistics per user for each device. A list of file system device access statistics per user for each device. 8.2.2 Device usage statistics per user This report shows: List of external devices connected by each user. Number of allowed and denied access requests by user for each particular device.
8.3 Top active users/machines reports 8.3.1 Top active users The Top 20 or Top 50 active users report shows: A list of users who have the highest amount of device activity. Screenshot 50 – Sample report showing Top 20 active users report Top list of users having the highest count of allowed access to devices. Top list of users having the highest count of denied access to devices. 8.3.
Screenshot 52 – Sample report showing connected devices grouped by category report The category to which a device belongs. A list of devices used with the number of times they were plugged in by each user 8.4.2 User based technical report The user based technical report shows: List of device access requests made by each user. Activities grouped by username and event type. Application that attempted access. For file system devices, the accessed path and filename.
Screenshot 54 – Sample machine based technical report Computer name List of dates/times when agent was started List of dates/times when device was connected List of dates/times when device was disconnected List of read-only access allowed events. 8.4.4 Device based technical report The device based technical report shows: List of events originating from devices monitored by GFI EndPointSecurity.
All the technical details available for every activity reported by GFI EndPointSecurity Agents. Screenshot 56 – Sample report detailed device activity listing report Event details. Logged on user name and machine name. Device details. Access details. 8.5 Security reports 8.5.1 Users who accessed devices on more than one machine This report shows a list of users accessing devices on different machines.
Screenshot 58 – Sample report, devices accessed by multiple users on a machine Computer name where the activity was detected. Users that accessed devices on a particular machine. 8.5.3 Connected devices outside working hours This report shows devices connected outside normal working hours. Screenshot 59 – Sample report, connected devices outside working hours Events occurred outside working hours. 8.5.4 Connected devices during weekends This report shows devices connected during the weekends.
9 Troubleshooting 9.1 Introduction The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: The manual – most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support 9.2 Knowledge Base GFI maintains a Knowledge Base, which includes answers to the most common problems.
9.5 Build notifications We strongly suggest that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.
R Index Report scheduling 4, 6 S schedule activity monitor 36 scheduled reports 5, 7, 35, 37 Statistical 54 C Statistical reports 4 configuration settings 45 System requirements 9 custom reports 5, 7, 19, 26, 29 T D Technical 56 data filters 7, 19 Technical reports 4, 13 database source 43, 45 Top 20 reports 4 default reports 5, 13, 14, 17 distribution of reports 6, 7 U user interface 5, 16, 35, 36, 43 E email settings 11 W executive reports 13 wizard 9, 11, 37, 38 export reports 7 F f