The Security Summary Report offers a comprehensive look at the security status and activities within your organization for a specific period. It covers information about endpoint statuses, threat activities, and licensing. This report is essential for stakeholders to make informed decisions and plan for security enhancement measures. Use this article as a guide to understand the report and take appropriate action.
Attention required
-
By category: The number of items found in OneView based on their category.
- Active detections: Detections found that require remediation.
- Suspicious activity: Open suspicious activity incidents that need to be reviewed and closed. Requires a subscription for Endpoint Detection and Response.
- Critical software vulnerabilities: Critical software vulnerabilities that need to be resolved. Requires the Vulnerability Assessment module.
-
By endpoints: Number of endpoints based on their status.
- Endpoints needing scans: Endpoints that haven't had a scan run in 7+ days.
- Endpoints requiring restart: Endpoints that need a reboot to complete remediation or a software update.
- Isolated endpoints: Endpoints that are currently isolated. Requires a subscription for Endpoint Detection and Response.
Endpoints
-
Last sync: Shows the number of endpoints grouped by the last time they synced with OneView. For endpoints that haven't synced in the last 7 days, confirm if these endpoints are offline. If the endpoints are online but not reporting to OneView, there may be a communication issue on the endpoint. See Endpoint offline in OneView.
- Less than 7 days ago: Endpoints that synced with OneView in the last 7 days.
- More than 7 days ago 7-30 days: Endpoints that last synced with OneView between 7 to 30 days ago.
- More than 30 days: Endpoints that last synced with OneView more than 30 days ago.
-
Protection status: Shows the status of the Endpoint Protection (EP) plugin on the device. For more information, see Endpoint protection statuses in OneView.
- Protected: The number of endpoints where the Endpoint Protection plugin is healthy and actively monitoring for threats.
- Unprotected: The number of endpoints where the Endpoint Protection plugin is missing from the endpoint. Uninstall and reinstall the endpoint agent.
- Scan only: The number of endpoints that may be in a policy without Malware Protection or Full Disk Access enabled. Enable Malware Protection or grant Full Disk Access to change these endpoints to the Protected status.
- Unknown: The number of endpoints where the Endpoint Protection plugin may have problems communicating with the Endpoint Agent. An uninstall and reinstall of the endpoint agent may be necessary. Mobile devices always show an Unknown protection status.
Detections
-
Detections by category: Displays the number of detections per category at the time the report is run.
- Endpoints without active detections: The number of endpoints without detections that haven't been remediated.
- Endpoints with active detections: The number of endpoints with current detections that haven't been remediated.
- More/less than the last 7 days: The change in the number of endpoints with currently active threats in the last 7 days.
- Malware: Malicious software, such as viruses, worms, trojans, and spyware.
- PUP: Potentially Unwanted Programs, such as a toolbar or other program installed alongside another software application.
- PUM: Potentially Unwanted Modifications, such as a change made to the registry that isn't inherently malicious, but may have been done without the user's consent.
- Ransomware: A type of malicious software that encrypts files.
- Exploit: Attempts to exploit commonly used applications such as PowerShell and Microsoft Word.
- Website: Blocked URLs and IP addresses.
-
Detection activity: Shows the number of detections by the action taken for the last 7 days
- Found: Threats that were found but not blocked or quarantined. This could be due to a Scan + Report being run, a scheduled scan without Automatic Quarantine enabled, or because Brute Force Protection is set to Monitor & Detect instead of Block.
- Blocked: Threats that were blocked, typically websites or exploits.
- Quarantined: Threats that were detected and removed from the device.
Software Vulnerabilities
Requires the Vulnerability Assessment module.
-
By severity: Vulnerabilities are grouped by severity using the Common Vulnerability Scoring System (CVSS) standard. For more information, see CVSS Specifications.
- Endpoints without vulnerabilities: The number of endpoints without software vulnerabilities.
- Endpoints with vulnerabilities: The number of endpoints with software vulnerabilities.
- More/less than the last 7 days: The change in the number of endpoints with software vulnerabilities in the last 7 days.
- Critical: Vulnerabilities scored as critical severity in the CVSS system. It is crucial to resolve these as soon as possible.
- High: Vulnerabilities scored as high severity in the CVSS system. It is important to resolve these vulnerabilities as soon as possible.
- Medium: Vulnerabilities scored as medium severity in the CVSS system.
- Low: Vulnerabilities scored as low severity in the CVSS system.
- Unknown: Vulnerabilities not found in the Cybersecurity and Infrastructure Security Agency (CISA) catalog or NIST database.
Patch Management
Requires the Patch Management module.
-
OS Patches by severity: Operating System (OS) patches are grouped by severity from the software vendor.
- Endpoints with OS patches: The number of endpoints with OS patches available.
- Endpoints without OS patches: The number of endpoints without OS patches available.
- More/less than the last 7 days: The change in the number of endpoints with OS patches available in the last 7 days.
- Critical: OS patches that are crucial and should be installed as soon as possible.
- Important: OS patches that are important and should be installed as soon as possible.
- Moderate: OS patches with moderate severity.
- Low: OS patches with low severity.
- Unknown: OS patches that are not associated with a severity level by the vendor.
-
Software update: 3rd-party software applications that have available updates.
- Endpoints with software updates: Number of endpoints with a 3rd-party software update available.
- More/less than the last 7 days: The change in the number of endpoints with 3rd-party software updates in the last 7 days.
DNS Filtering
Requires the DNS Filtering module.
-
DNS activity: Shows DNS activity for the last 7 days.
- Allowed: Number of DNS requests allowed.
- Blocked: Number of DNS requests blocked.
Application Block
Requires the Application Block module
-
Application Block activity: Shows Application Block activity for the last 7 days.
- Times blocked: Number of times an application was blocked.
Licensing
-
Product names: Product usage by endpoints.
- Previous Endpoints: Number of endpoints per product 7 days ago.
- Current Endpoints: Current number of endpoints per product.