ICL02: Security Analytics: Discover More in your Endpoint Protection Dashboard Hands-On Lab Description In this lab you will learn how to install and create custom reports and dashboards using IT Analytics At the end of this lab, you should be able to Describe what IT Analytics is and how it easy it is to explore and navigate data in the console Create Custom Reports Notes LAB Environment: IT Analytics: Win-i78ifho09t1 SQL Server: Win-i78ifho09t1 ITMS Server: Win-i78ifho09t1 Product SQL Server DB Name Username Password CSP Wini78ifho09t1 SCSPDB sa Symc4now! Lab Exercise 1: Installation Topic 1: Install IT Analytics In this exercise, you will practice installing IT Analytics using a simulation tool 5 Minutes 1. On the desktop, launch the ITA Installation Simulation tool and follow the instructions Lab Exercise 2: Exploring Data
Topic 1: Using the Cube Browser Using the ad-hoc data mining capabilities of IT Analytics, you will build ad-hoc reports to access data to answer the following question: How many clients are Online/Offline by Group? 10 Minutes 1. Open Internet Explorer 2. On the Management Console Tool Bar, Click the Reports menu item, All Reports 3. Under Reports, Navigate through the tree to expand, IT Analytics. 4. Expand the Cubes folder. 5. Expand KPI Labs Folder 6. Select the Symantec Endpoint Protection Clients Cube. 7. Click anywhere in the PivotTable window to display the Field List. Clicking on this icon in the toolbar will also cause the field list to be displayed. 8. Drag and drop the Client Count measure into the Totals pane 9. Drag and drop the Group System attribute into the Rows pane 10. Drag and drop the Client - Online Status attribute into the Columns pane: 11. Click the dropdown icon next to Client - Online Status to view all of the available statuses. Uncheck All and check Offline and click the OK button. 12. Drag and drop the Last CheckIn Date - Date attribute immediately to the right of the Group attribute. Clicking the plus sign next to a Group will expand to display 2 of 14
the Last Checked In date breakdown for that Group. 13. Right click on the Last Client Checkin Date - Date field to enable sorting and other features: 14. On the Right Click Menu, click Subtotals to remove the check: 15. Finally you can save this report by clicking this icon in the toolbar. a. Select the Save as new view radio button and name it appropriately. b. You may also check the Available to all users checkbox in the event that you would like this report to be available to all users. Leaving this unchecked will make this a private view only available to you. 3 of 14
16. Refresh the Console by clicking the refresh button in the Browser. This will bring you back to the initial Asset Cube screen. 17. To open the view you just saved, click this icon in the toolbar and select the report you just created in the dropdown list. Note that the report is loaded exactly as you left it. Topic 2: Configure a Pivot Chart report Using the Same Cube from exercise 1, we will create a Chart that will help us to compare the number of Clients by OS that have been over the last few quarters 5 Minutes 1. Select the Symantec Endpoint Protection Clients Cube. 2. Click this icon in the toolbar. 3. Click inside the Pivot Chart to display the Field List. Drag and drop the Client Count measure into the middle of the Pivot Chart 4. Now drag the drop the Computer - Operating System attribute into the Category Fields pane. 4 of 14
5. Drag and drop the Computer Service Pack attribute to the Series Fields 6. Click this icon in the toolbar to launch the Commands and Options window. 7. In the Commands and Options window select the Chart Workspace value from the dropdown list. 8. Click this icon to add a Chart Title. 9. Now select Title in the dropdown list 10. Select the Format tab and update the following: a. Change the font size from 12 to 14. b. Update the Caption text box at the bottom to read SEP Client OS added by Quarter or another appropriate title. 11. Click the icon to alter the group by Column/Row 5 of 14
Lab Exercise 3: IT Analytics Configuration (Optional) Topic 1: CSP Cube Install In this exercise, you will configure IT Analytics to collect data from CSP 10 Minutes 1. On the Management Console Toolbar, Select Settings, Notification Server, IT Analytics Settings 2. Under the IT Analytics Settings Tree, Expand Connections and Select 3. In the Symantec Critical System Protection Tab, supply the following information Password: Symc4now! 6 of 14
4. Click on apply 5. Under the IT Analytics Settings Tree, select cubes 6. In the Cubes Tab, Select available 7. Check each CSP Cube to be installed 8. Click Save Changes and confirm 9. Once the cubes install has completed, click close 10. Under the IT Analytics Settings Tree, select Reports 7 of 14
11. In the Reports Tab, Select available 12. Check each CSP Report to be installed 13. Click Save Changes and confirm 14. Once the Reports install has completed, click close 15. Under the IT Analytics Settings Tree, select Processing 16. In the Processing Tab, Deselect all cubes except for the CSP Cubes 17. Click Save Changes 18. Click Run Now 8 of 14
19. Once the Processing has completed, click close Topic 2: Verify the CSP Cubes In this exercise, you will configure verify that you are able to see CSP data 5 Minutes 1. On the Management Console Tool Bar, Click the Reports menu item, All Reports 2. Under Reports, Navigate through the tree to expand, IT Analytics. 3. Expand the Cubes folder 4. The CSP Cubes should be listed 5. Based on the CSP Assets Cube, Answer the Following Questions: a. How Many Hosts are there? b. How Many Operating Systems exist? c. How Many Agents exist? d. How Many CSP Managers exist? 6. Based on the CSP Events Cube, Answer the Following Questions: a. How Many Events are there? b. How Events were Warnings? Answers: 9 of 14
10 of 14
Lab Exercise 4: Key Performance Indicators (Optional) Configure a Key Performance Indicator for SEP In this exercise, you will create a Key Performance Indicator for SEP 10 Minutes 1. Select the SEP Clients Cube. 2. Click anywhere inside the cube to display the Field List. 3. Drag Client Count totals into the data pane. 4. Drag and drop the Client Firewall Status attribute into the rows pane. 11 of 14
5. Right click on the cell in the cube that represents the number of clients with their firewall enabled and select Use as KPI Value. 6. Right click on the cell in the cube that represents Grand Total and select Use as KPI Goal. 7. In the New Key Performance Indicator section, verify that KPI Value and KPI Goal are defined and that the type of goal is set to Dynamic. 12 of 14
8. Click the Create KPI button. 9. In the Key Performance Indicator Window type "Percent of SEP Clients with Firewall Enabled" in the KPI Name textbox. 10. Verify that the following boxes are correctly filled out: a. Database Name - This box should be the name of the Analysis Services database that IT Analytics Solution is configured to use. b. Cube Name - This box should already be set to the SEP Clients cube. c. Associated Measure Group - This box should already be set to Client. 13 of 14
d. Value Expression - This box should already be populated with the MDX code that represents the measure that was selected for the KPI Value. e. Goal Expression - This box should already be populated with the MDX code that represents the measure that was selected for the KPI Goal. 11. Under Status Expression select Percentage of Goal. 12. Under Status Graphic select Gauge Ascending. 13. Click the Save KPI button. 14. Verify the window returns and displays a message that the KPI has been saved successfully: 15. Click the Close button. 16. Click OK on the Windows Message box to reload the page. 17. Click the Key Performance Indicator item from the left tree navigation. 18. The new KPI should now display in the list with the current value and goal already defined. 14 of 14