The Execute Report provides your executive team with regular updates regarding your organization's threat activities. You can use the Executive Report to provide monthly visibility into recently infected endpoints, the domains that targeted them, and open high and medium incidents. The report can show the trends that occurred during this period based on your efforts to remediate threats, and then communicate any mitigation plans.
The Executive Report is available in PDF format. You can run the Executive Report on-demand, or you can create a schedule to run it at regular intervals. When you run or schedule the report, you can specify recipients to whom you want it emailed. Recipients can also download it from the Symantec EDR console.
Note: |
The Executive Report is designed to provide you with a trend analysis of your threat activity for the 30 days before its run date. Do not use it as a tool for identifying and responding to threats in real time. |
Table: Sections of the Executive Report
Section |
Description |
Recently Infected Endpoints |
Charts and summarizes the number of endpoints that were infected based on whether the infections were:
Detected on endpoints without SEP SEP does not protect these endpoints. The infected files on these endpoints are detected only by network-based threat detection technologies.
Detected on endpoints with SEP SEP protects these endpoints. Network and endpoint-based threat detection technologies detect infected files on these endpoints.
|
Domains Showing Threat Behavior |
Charts and summarizes the number of malicious domains that targeted your endpoints based on the following types:
Malware A virus that you download onto your computer that runs without your knowledge. It is designed to steal your personal information, or to use your computer to attack other computers. Vantage or IPS may trigger the following classes of malicious signature-based domains:
Botnet A type of malware on your computer that an attacker controls. The attacker can send instructions to the bot to perform various tasks, such as collect data, or monitor your actions.
Fraud A fraudulent website that an attacker hosts that resembles a trustworthy website, such as Facebook. Vantage or IPS may trigger the following class of a malicious signature-based domain:
Phishing An email that appears to come from a reliable source that includes a malicious link to a forged website. This site is designed to get you to reveal confidential information, such as your bank account number and password or credit card number.
Attack An attack that occurs when you visit a malicious website that deceives you into performing some action (such as updating your browser). Vantage or IPS may trigger the following class of a malicious signature-based domain:
Note: |
If a domain infected more than one asset on a given day, that domain is counted only once for that day. |
|
High and Medium Open Incidents |
Charts the number of high and medium incidents that are still open for the days on which they were opened. Also lists the 10 most recent incidents opened. High and medium incidents are defined as:
High The incident can result in a business outage, loss of data, or have a severe impact on your business.
Medium The incident may have an impact on the business. And the use of the system in question might need to be limited while you address the incident.
Note: |
The incidents are listed based on their priority (High followed by Medium), and then by date on which they were created. |
|
See How you can use the Executive Report
See About Reports
See Generating reports
See Viewing generated reports
See Creating scheduled reports
Thanks for your feedback. Let us know if you have additional comments below. (requires login)