New

Simplest "Universal Report" would help: Data Dumps of Endpoints, Threats

  • 23 July 2020
  • 1 reply
  • 284 views

Userlevel 1
Badge +8

The fancy reporting templates look really wonderful.

However, a much simpler “report” would support using data management tools to gain additional valuable insight.

As an experienced SW architect and data guy, I am guessing the overhead for this “report” is so low, we could obtain much more than just 30 days of data using it (as long as not used too often.)

What I seek: a VERY simple pair of Data Dump files. CSV is  BETTER than XLSX for this purpose. (Text files can be easily concatenated 🙂 )

Drawing on the “Standard” template...

  1. Endpoint details. This contains all of the fields in the Endpoints tab, including prior endpoints seen. Essentially, I want a dump file showing the current and historical endpoint record. (the ConsoleEndpoints tab in some reports?)
    1. Ideally for ALL sites on an account! (just have a Site column)
    2. Ideally over a full year or more.
  2. Threat details. The contents of all the fields in the Threats tab
    1. Again, all sites, over a long period of time

THAT IS ALL.

Having a file per site, and/or multiple files over time in the same folder, just makes life complicated.

WHY DO THIS

Using various software such as the R Language, it is easy to slurp up a large pile of data, and examine it in various ways.

Some things that could easily be discerned:

  • Which Sites, OS platforms, etc get a lot of reinstalls?
  • Same for threats?
  • What proportion of infections are seen at install time vs later?
  • Which Sites and/or OS cost us more at install time, for mitigating threats?
  • Which Sites, OS, etc have slow scan times?
  • etc etc etc

In case it isn’t obvious to the casual observer: it is more or less impossible to get this basic “raw” information today. Even with Universal Reporter.


1 reply

Userlevel 3
Badge +6

Hi Pete, Thank you for the detailed request.  It is really very helpful to have context behind the request.  As you have discovered, the current design of the Universal Reporter is focused on creating totally customizable & desirable end-user reports.  You can, of course, jump into the raw spreadsheets to pull whatever data you need.  However, the data pulled is monthly and per site. 

It is possible to modify the PowerShell Scrips that drive each report to pull different data sets, but this will require some PowerShell skills.  To make life easier, we are currently pulling together requirements for building more Unity API tools, and a tool that pulls in different GSM wide data sets into CSV files will be added to the backlog.   

Thank you for your request!

Nick

Reply