The Reporting Service provides Adherence and Status reports for the enterprise. The available data is provided for directories and user groups within a directory. Novell reports provide feedback on the effects individual policy components can have on enterprise endpoints. Requests for these reports are set in the Security Policy (see Section 6.2.4, Compliance Reporting) and provide useful data to determine policy updates.
The following sections contain more information:
You can select
from either the Endpoint Auditing taskbar or from the menu. The list of available reports displays (click on the "plus" sign icons next to each report type to expand the list).Figure 5-8 Reports Menu
Reports are configured by identifying the date range and other parameters (for example, user or location). To set the dates, select the report, click
, click the date selector to expand to the calendar view, then select the month and day (be sure to click on the day to change the date parameter).Figure 5-9 Use calendar tool to set the date-range
Click
to generate the report.After a report is generated, it can be viewed through the Management Console, printed, e-mailed, or or exported as a .pdf file by using the Report toolbar.
Figure 5-10 Report Toolbar
When reviewing reports, the arrow buttons help you navigate through each page of the report. Reports typically have charts and graphs on the first page, with the gathered data on the remaining pages, ordered by date and type.
Use the
button to print the full report using the default printer for this computer.Use the
button to save the report as a PDF file, Excel spreadsheet, Word document, or RTF file for distribution.Use the
button to toggle a list of parameters to the side of the report. Select any of these parameters to drill down farther into the report. Click the button to close the sidebar.Use the
button to display a drop-down menu to adjust the current view size.Use the
button to open a search window.When you mouse over a certain parameter, such as a user name or device name, the mouse pointer changes to a magnifying glass. You can double-click that particular item and display a new report for just that object. Click the
button to close the current view and return to the original report.To return to the report list, click the
icon above the report window.Figure 5-11 Report list icon
Reports are not available until data has been uploaded from the Endpoint Security Clients. By default, the ZENworks Endpoint Security Management Reporting service syncs every 12 hours. This means that reporting and alerts data will not be ready until 12 hours have passed from installation. To adjust this time frame, open the Configuration tool (see Scheduling), and adjust the Client Reporting time to the number of minutes appropriate for your needs and your environment.
Reports that do not have data available will have the
or button grayed out, with the words No data underneath.Figure 5-12 No data
Adherence Reports provide compliance information about the distribution of security policies to managed users. A score of 100 percent adherence indicates that all managed users have checked in and received the current policy.
Click the plus sign next to
to expand the list to display the following reports:Provides a summary of the days since check-in by enterprise endpoints, and the age of their respective current policy. These numbers are averaged to summarize the report. This report requires no variables be entered. The report displays the users by name, which policies have been assigned to them, the days since their last check-in, and the age of the policy.
Lists the user accounts that have registered with the Management Service but have never checked with the Distribution Service for a policy update. Select one or more groups to generate the report.
NOTE:These may be Management Console users who don't have a Security Client installed in their names.
Lists the most recently reported version of the client on each endpoint. Set the date parameters to generate this report.
Lists groups in which some users do not have the correct policy. Selections can be made for one or more groups to generate the report.
Lists the most recent status (in a given date-range) of ZENworks Endpoint Security Management-protected endpoints, grouped by machine name. It displays the logged-on user name, current policy, ZENworks Endpoint Security Management client version, and network location. This report requires a range of dates to be entered. The administrator can drill down by double-clicking any entry to see a complete list of status reports for a particular machine.
Lists the users or groups (accounts) that have received the specified policy. Select the desired policy from the list and click
to run the report.Lists the most recent status (in a given date-range) of ZENworks Endpoint Security Management-protected endpoints, grouped by user name. It displays the machine name, current policy, Endpoint Security Management client version, and network location. This report requires a range of dates to be entered. The administrator can drill down by double-clicking any entry to see a complete list of status reports for a particular user.
Additional alert information is available in these drill-down reports. These reports only display data when an alert has been triggered. Clearing an alert also clears the alert report; however, the data is still available in a standard report.
Click the plus sign next to
to expand the list to display the following reports:Lists instances where a user has made an unauthorized attempt to modify or disable the Endpoint Security Client.
Lists accounts that have copied data to removable storage.
Displays the history of the status of the ZENworks Security Client Update process.
Lists users who do not have the correct policy.
Lists instances where client self-defense mechanisms have been administratively overridden, granting privileged control over the Endpoint Security Client.
Displays the history of success/failure client integrity checks.
Lists the number of blocked packets on the number of different ports (a large number of ports may indicate a port scan occurred).
Lists users who have attempted to uninstall the Endpoint Security Client.
Lists unsecured access points detected by the Endpoint Security Client.
Lists unsecured access points connected to by the Endpoint Security Client.
Lists all unauthorized attempts by blocked applications to access the network or run when not permitted by the policy.
Click the plus sign next to
to expand the list to display the following report:Lists the date, location, the action taken by the Endpoint Security Client, the application that attempted run, and the number of times this was attempted. Dates display in UTC.
Enter the date parameters, select the application names from the list, select the user accounts, and click
to run the report.Endpoint Activity reports provide feedback for individual policy components and the effect they have on the operation of the endpoint.
Click the plus sign next to
to expand the list to display the following reports:Lists blocked packets filtered by the destination IP address. Dates display in UTC.
Select the destination IP from the list and set the date parameters. The report displays the dates, locations, affected ports, and the name of the blocked packets.
Lists blocked packets filtered by users. Dates display in UTC. The data provided is essentially the same as
, but arranged by user.Lists packets sent, received, or blocked; and network errors, filtered by users. This report requires a range of dates to be entered. Dates display in UTC.
Lists packets sent, received, or blocked; and network errors, filtered by adapter type. This report requires a range of dates to be entered and the Location. Dates display in UTC.
When endpoint encryption is activated, reports on the transference of files to and from the encrypted folders is monitored and recorded.
Click the plus sign next to
to expand the list to display the following reports:Lists files that have had encryption applied.
Lists errors from the encryption subsystem (for example, a protected file could not be decrypted because the user did not have the right keys).
Client Self Defense reports provide feedback about users trying to prevent the Endpoint Security Client from doing its job.
Click the plus sign next to
to expand the list to display the following report:Lists instances where a user has made an unauthorized attempt to modify or disable the Endpoint Security Client. Dates display in UTC.
Specify the date parameters, then click
to run the report.Provides reporting for anti-virus/anti-spyware integrity results.
Click the plus sign next to
to expand the list to display the following reports:Lists the success and failure of client integrity checks. Dates display in UTC.
Select the date range for the report, integrity rule(s), and user name(s).
Reports on integrity rules and tests that have failed and not yet been remediated.
Select the integrity rules, then click
to run the report.Reports on users that have failed integrity tests and not yet been remediated.
Select the user names, then click
to run the report.Provides data for common location usage (which locations are most commonly used by users).
Click the plus sign next to
to expand the list to display the following report:Displays information gathered from individual clients about what locations are used and when. Dates display in UTC. The locations displayed are the locations used by the user. Unused locations are not displayed. Select the date range to generate the report.
Provides information regarding the use of removable drives and identifies which files have been uploaded to such drives.
Click the plus sign next to
to expand the list to display the following reports:Lists accounts that have copied data to removable storage. No parameters are required to generate this report.
Shows removable storage devices to which files have been copied. Select the date range, user names, and locations to generate this report.
Shows accounts that have copied data from removable storage to fixed drives.
Lists removable storage devices that have been detected on the endpoint. Select the date range, user names, and locations to generate this report.
Displays a chart listing accounts that have recently copied data to removable storage. Enter the date range to generate this report.
Reports instances where client self-defence mechanisms have been administratively overridden, granting privileged control over the Endpoint Security Client.
Click the plus sign next to
to expand the list to display the following report:Displays successful override attempts by user and date. Dates display in UTC.
Select the user and date range, then click
to run the report.Shows the status of the ZENworks Security Client Update process (see ZSC Update). Dates display in UTC.
Click the plus sign next to
to expand the list to display the following reports:Lists the percentage of ZENworks Security Client Update that have failed (and not been remediated). No parameters are required to generate this report.
Shows the history of the status of the ZENworks Security Client Update process. Select the date range and click
to run the report. The report displays the users that have checked in and received the update.Shows ZENworks Security Client Updates that have failed (and not been remediated). Select the date range and click
to run the report. The report displays the users that have checked in, but had a failed update installation.Shows security client USB device inventory that is listed by user or machine. This report shows whatever a user has plugged into a USB port and is recorded for either the user or the machine.
Provides reports regarding Wi-Fi environments the endpoint is exposed to.
Click the plus sign next to
to expand the list to display the following reports:Displays the access points available for connection by policy and location. Includes the channel, SSID, MAC address, and whether or not the access point was encrypted.
Displays the access points connection attempts, by location and by ZENworks Endpoint Security Management account.
Provides a survey of all detected access points, regardless of ownership. Includes the frequency, signal strength, and whether or not the access point was encrypted. Dates display in UTC. Select the desired locations and the date range to generate this report.