Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ankit
Participant

Sandblast forensic report generation through smart endpoint console .

Hello Team,

We are facing issue while generating forensic report through smart endpoint console. 

we are able to view  detail forensic report through sandblast agent while click to incident

id.below are forensic report we capture from agent . same we need to generate

though smart console.

0 Kudos
5 Replies
Lior_Arzi
Employee Alumnus
Employee Alumnus

Can you please explain better the issue? it was not clear.

Ankit
Participant

Hello  Lior_Arzi,

 
I have some questions regarding sandbalst EPM 
 
Questions:-
1), As you have seen in my previous post I had attached forensic report. That report, we have obtained from agent machine. So is it possible to view that detailed report from my EPM server, Because it's not possible to view the forensic report, going to the each and every agent machines.
 
2) Can we have any option in  EPM server  to check whether agent machine online or offline ?
 
3)How can we send auto email notification to user or admin that your system got  infected and sandblast prevented  them ?
 
Please help me .. 
mosesmac
Participant

Hi All,

Was this query ever answered?  I would love to know the same.

0 Kudos
Guy_Avnet
Employee
Employee

Hi,

 

1), As you have seen in my previous post I had attached forensic report. That report, we have obtained from agent machine. So is it possible to view that detailed report from my EPM server, Because it's not possible to view the forensic report, going to the each and every agent machines.
[Guy] forensics report can be accessed via a link available on the event' log


2) Can we have any option in EPM server to check whether agent machine online or offline ?

[Guy] overview page provides information about online machines. the machine will be removed after offline for a duration longer than 30 days.


3)How can we send auto email notification to user or admin that your system got infected and sandblast prevented them ?

[Guy] configuration is available via smartevent, by creating a new event, correlating logs to it. I agree configuration should be simpler and we are working on that, hopefully available early 2021.

 

 

0 Kudos
mosesmac
Participant

Thank you very much. I look forward to the same. Appreciated. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events