Table Of Contents
Using Reports
Outbreak Management Reports
About Outbreak Management Reports
Required Components
Generating Reports
Manually Generating a Report
To Automatically Generate a Report
Viewing and Deleting Reports
Accessing the Latest Report for a Specific Task
Accessing a Report from the Outbreak Reports Window
Deleting Reports
Using Reports
This chapter explains how to use reports that provide a summary of outbreak management tasks. It contains the following sections:
•
About Outbreak Management Reports
• Generating Reports
• Viewing and Deleting Reports
Outbreak Management Reports
This section describes outbreak management reports and contains the following topics:
• About Outbreak Management Reports
• Required Components
About Outbreak Management Reports
You can view reports to review overall outbreak management task settings and performance. A report contains the following information:
•Initiated date/time—The time the task became active.
•OPACL end date/time—The time the OPACL expired. OPACL expiration does not mean that the task is no longer active. For more information, see About Outbreak Management Tasks, page 6-1.
•OPACL mode—Blocking, logging, or stopped. To stop the network device from performing the action specified in the OPACL, click Stop.
•Threat name—The official name of the threat as it appears in the Trend Micro Virus Encyclopedia.
•Alert type—Yellow or red.
•Threat information—A description of the threat and how it attacks computers and networks.
•Risk Index Graph—The risk index, which changes from day to day for the length of the threat.
•Hosts on Watch List Status—The number of infected hosts for each day during the threat.
•OPSig Matching Status—The number of virus incidents for each day during the threat.
•OPACL Matching Status—The number of times a network device detected traffic that matched OPACL settings.
•Accumulated Logged Incidents—The number of times IPS devices detected the threat and the number of times network traffic matched the associated OPACL.
•OPACL Status—The number of active devices (received the OPACL), inactive devices (did not receive the OPACL), and the total number of devices for the associated task.
•Service Component Status—Components, the version deployed, and the version required to address the threat. It also includes the number of components deployed, undeployed, and total number.
Note The reports are in .pdf format. To open the reports, you must have Adobe Acrobat or Acrobat Reader. (See the Adobe Systems website for details on obtaining the appropriate software.)
Required Components
To generate reports, Cisco ICS requires the following:
•Microsoft .NET Framework 1.1
•Microsoft Data Access Component 2.8
If these are not installed on your computer, you can install them from the Cisco ICS CD.
Generating Reports
You must generate reports before you can access them. You can generate reports manually or enable Cisco ICS to generate them automatically, which it does by default every day for active outbreak management tasks.
This section describes how to manually and automatically generate reports. It contains the following topics:
• Manually Generating a Report
• To Automatically Generate a Report
Manually Generating a Report
To manually generate a report, follow these steps:
Step 1 Do one of the following:
•Start the Cisco ICS web console.
The Outbreak Management Summary window appears.
•Choose Outbreak Management > Outbreak Management Summary.
Step 2 In the Active Outbreak Management Tasks table, click the name of the task report to view.
A summary window for that task appears.
Step 3 Click Generate Report.
A confirmation window appears.
Step 4 Click Back to return to the task summary window.
To Automatically Generate a Report
You can automate the generation of outbreak management task reports so that you can keep up-to-date with outbreak management task performance.
To automatically generate a report, follow these steps:
Step 1 Choose Outbreak Management > Report Settings in the Cisco ICS web console.
Step 2 Check the Automatically generate reports for all outbreak management tasks check box.
Step 3 From the list, select the frequency in days to generate the report.
Step 4 Click Save.
Viewing and Deleting Reports
You can access reports in two ways:
•From the summary window for an individual task—View the latest generated report for the active task.
•From the Outbreak Reports window—View any report generated since Cisco ICS installation. These reports are for both active and inactive tasks.
This section describes how to view and delete reports and contains the following topics:
• Accessing the Latest Report for a Specific Task
• Accessing a Report from the Outbreak Reports Window
• Deleting Reports
Accessing the Latest Report for a Specific Task
To access the report for a specific task, follow these steps:
Step 1 Do one of the following:
•Start the Cisco ICS web console.
The Outbreak Management Summary window appears.
•Choose Outbreak Management > Outbreak Management Summary.
Step 2 In the Active Outbreak Management Tasks table, click the name of the report to view.
A summary window for that task appears.
Step 3 Click View Latest Report.
The report opens in another window.
Accessing a Report from the Outbreak Reports Window
To access a report from the Outbreak Reports window, follow these steps:
Step 1 Choose Outbreak Management > Outbreak Reports.
The Outbreak Reports window contains the following information:
•Task Name—The name of the outbreak management task.
•Status—Active or inactive.
•Task Duration—The period of time during which the task was active.
Step 2 Click the name of the task.
The report opens in another window.
Deleting Reports
To delete reports, follow these steps:
Step 1 Choose Outbreak Management > Outbreak Reports.
The Outbreak Reports window appears, showing all the reports that Cisco ICS generated.
Step 2 Check the check boxes next to the reports to delete.
Note You can delete a report only when the corresponding task is inactive.
Step 3 Click Remove.
A confirmation window appears.
Step 4 Click OK.
