Difference between revisions of "BCX Security Information"

From BCX Media Wiki
Jump to navigation Jump to search
(Created page with " The BCX Manager is able to alert you to events triggered on stations protected by SCEP, Defender or Sophos antivirus software. The Security Information Tab gives you global...")
 
 
(6 intermediate revisions by the same user not shown)
Line 12: Line 12:
  
 
If a threat has been reported by a station, on opening BCX Manager it will take you straight to the detected event in Security Information.
 
If a threat has been reported by a station, on opening BCX Manager it will take you straight to the detected event in Security Information.
If BCX Manager is already open, it will display a warning in the status bar, which if clicked also displays the detected event.
+
If BCX Manager is already open, it will display a warning in the status bar.
  
[[File:bcx security information warning.png|link=]] Image showing sec inf tab with warning
+
[[File:bcx security information warning.png|link=]]
  
  
Line 20: Line 20:
  
  
[[File:bcx security information threat overview.png|link=]] Image showing event overview tab
+
[[File:bcx security information threat overview.png|link=]]
  
  
Line 26: Line 26:
  
  
[[File:bcx security information threat events.png|link=]] Image showing events tab
+
[[File:bcx security information threat events.png|link=]]
  
  
Line 32: Line 32:
  
  
[[File:bcx security information threat event details.png|link=]] Image showing event details
+
[[File:bcx security information threat event details.png|link=]]
  
  
Line 38: Line 38:
  
  
[[File:bcx security information threat event action.png|link=]] Image showing event actions
+
[[File:bcx security information threat event action.png|link=]]
  
  
Line 44: Line 44:
  
  
[[File:bcx security information threat acknowledge.png|link=]] Image showing acknowledging event
+
[[File:bcx security information threat acknowledge.png|link=]]
  
  
The AV Information should then revert to healthy status.
+
The status should then revert to normal.
 
 
 
 
[[File:bcx security information no threats.png|link=]] Image showing Sec inf no threats
 
  
  
 +
[[File:bcx security information no threats.png|link=]]
  
 
==Filtering Information==
 
==Filtering Information==
Line 58: Line 56:
 
This section of the guide will take you through displaying the available data using various views/filters.
 
This section of the guide will take you through displaying the available data using various views/filters.
  
We will start by looking at the "Quick View Tools"
+
We will start by looking at the "Unacknowledged, and Detected Threat" reports
 
Both options available here allow you to view detections in greater detail, and acknowledge threats.
 
Both options available here allow you to view detections in greater detail, and acknowledge threats.
 
 
[[File:bcx security information quick view.png|link=]] Image showing Sec inf quick view highlighted
 
 
  
 
Selecting "View All Unacknowledged Detected Threats" will display a listing of outstanding threats to follow up on.
 
Selecting "View All Unacknowledged Detected Threats" will display a listing of outstanding threats to follow up on.
  
 +
The "View All Detected Threat History" will display all detected threats acknowledged or not.
  
[[File:bcx security information quick view unacknowledged.png|link=]] Image showing quick view unacknowledged
 
  
 
+
[[File:bcx security information quick view.png|link=]]
The "View All Detected Threat History" will display all detected threats acknowledged or not
 
 
 
 
 
[[File:bcx security information detected history.png|link=]] Image showing quick view detected history
 
  
  
Line 82: Line 72:
  
  
[[File:bcx security information filters.png|link=]] Image showing sec inf filters
+
[[File:bcx security information filters.png|link=]]
  
  
Line 88: Line 78:
  
  
[[File:bcx security information adv filters.png|link=]] Image showing sec inf adv filters
+
[[File:bcx security information adv filters.png|link=]]
  
  
Line 94: Line 84:
  
  
[[File:bcx security information station events filter.png|link=]] Image showing station events filters
+
[[File:bcx security information station events filter.png|link=]]
 
 
 
 
  
 
==AV Tasks==
 
==AV Tasks==
Line 105: Line 93:
  
  
[[File:bcx security information tasks.png|link=]] Image showing sec inf with tasks highlighted
+
[[File:bcx security information tasks.png|link=]]
  
  
 
The "Task Options" available are as follows:
 
The "Task Options" available are as follows:
  
'''Sync Events with Server''' - This collects and adds any new events from the selected client
+
'''Sync Events with Server''' - This collects and adds any new events from the selected client.
  
 
'''Acknowledge Detected''' - Becomes available when a detection event is selected, and allows you to acknowledge it.
 
'''Acknowledge Detected''' - Becomes available when a detection event is selected, and allows you to acknowledge it.
Line 119: Line 107:
  
 
'''Remove Computer''' - Removes the selected station from the AV Information interface.
 
'''Remove Computer''' - Removes the selected station from the AV Information interface.
 
 
  
 
==Client Installation For Servers==
 
==Client Installation For Servers==
Line 131: Line 117:
  
  
[[File:bcx settings av reporting services.png|link=]] Image showing settings av reporting services
+
[[File:bcx settings av reporting services.png|link=]]
  
  
In the resulting interface, either enter the desired station name, or browse for the required server.
+
In the resulting interface, either enter the desired station name, or browse for the required server, and click Push BCX AV Reporting
  
  
[[File:bcx settings av reporting services install.png|link=]] Image showing av install dialogue
+
[[File:bcx settings av reporting services install.png|link=]]
  
  
Click Push BCX AV Reporting
+
After confirming your choice, wait for the installation to complete and click close when prompted.
  
  
[[File:bcx settings av reporting services install push.png|link=]] Image showing av install dialogue highlight push
+
[[File:bcx settings av reporting services install complete.png|link=]]
 
 
 
 
After confirming your choice, wait for the installation to complete and press Enter when prompted.
 
 
 
 
 
[[File:bcx settings av reporting services install complete.png|link=]] Image showing push complete window
 
  
  
Line 155: Line 135:
  
  
[[File:bcx settings av reporting services installed.png|link=]] Image showing av rep services populated
+
[[File:bcx settings av reporting services installed.png|link=]]
 
 
 
 
  
 
==AV Settings==
 
==AV Settings==
  
  
To set up the AV feature in BCX go to File – Settings – AV Information Tab.
+
To set up the AV feature in BCX go to File – Settings – Security Information Tab.
 
From here select and adjust the settings as required.
 
From here select and adjust the settings as required.
  
  
[[File:bcx settings av settings.png|link=]] Image showing av settings
+
[[File:bcx settings av settings.png|link=]]
  
  

Latest revision as of 14:07, 19 May 2021


The BCX Manager is able to alert you to events triggered on stations protected by SCEP, Defender or Sophos antivirus software.

The Security Information Tab gives you global visibility of your antivirus estate on both stations and servers, and from here, you can view events, acknowledge detections, initiate scans and update definitions.


Acknowledge Detected Threats

This section of the guide will take you through Threat Management.

If a threat has been reported by a station, on opening BCX Manager it will take you straight to the detected event in Security Information. If BCX Manager is already open, it will display a warning in the status bar.

bcx security information warning.png


Clicking on the event displays an overview of the threat.


bcx security information threat overview.png


The Events tab allows you to investigate both the threat, and the action taken by the stations virus protection.


bcx security information threat events.png


Click on each to review the information provided. First the threat.


bcx security information threat event details.png


Then the action taken.


bcx security information threat event action.png


Once happy that the threat has been resolved, you would select both the threat and action taken events, and acknowledge them.


bcx security information threat acknowledge.png


The status should then revert to normal.


bcx security information no threats.png

Filtering Information

This section of the guide will take you through displaying the available data using various views/filters.

We will start by looking at the "Unacknowledged, and Detected Threat" reports Both options available here allow you to view detections in greater detail, and acknowledge threats.

Selecting "View All Unacknowledged Detected Threats" will display a listing of outstanding threats to follow up on.

The "View All Detected Threat History" will display all detected threats acknowledged or not.


bcx security information quick view.png


We will now look at the available "Filters".

The "Choose Filter" drop down provides access to a set of pre-defined set of filters you can apply to the collected data.


bcx security information filters.png


You can also select "Advanced Filters" to display the "Filter Editor" for defining your own filters.


bcx security information adv filters.png


From within a stations Events tab, You can select from the Filter Events dropdown to specify the displayed data.


bcx security information station events filter.png

AV Tasks

From Security Information, choose a station and either right click to display available options, or choose one from the menus shown in the interface. Basically, the task you choose is run remotely on the selected station.


bcx security information tasks.png


The "Task Options" available are as follows:

Sync Events with Server - This collects and adds any new events from the selected client.

Acknowledge Detected - Becomes available when a detection event is selected, and allows you to acknowledge it.

Quick/Full/Custom Scan - Provides the facility to initiate the chosen scan type on the selected station.

Definition Update - Requests the station to perform an AV definition update.

Remove Computer - Removes the selected station from the AV Information interface.

Client Installation For Servers

Stations with BCX Client will automatically have AV Information collected.

For Servers etc. that don’t have the BCX Client, use the AV Reporting Services Tab to install the AV reporting client.

Click Push MSI to begin a client install. (The Target device will need .NET4.0 pre-installed).


bcx settings av reporting services.png


In the resulting interface, either enter the desired station name, or browse for the required server, and click Push BCX AV Reporting


bcx settings av reporting services install.png


After confirming your choice, wait for the installation to complete and click close when prompted.


bcx settings av reporting services install complete.png


The new deployment will appear in the AV Reporting Services tab, and will also be added to the Security Information Tab in BCX Manager.


bcx settings av reporting services installed.png

AV Settings

To set up the AV feature in BCX go to File – Settings – Security Information Tab. From here select and adjust the settings as required.


bcx settings av settings.png


Enable AV information features – Tick to enable AV Information tab in BCX Manager (Default), adjust refresh interval and retention period as required. Untick to disable.

Automatically create AV computer record for all stations - Tick to enable (Default), causes a record to be created for all stations existing in the Station Information tab, with or without an AV installation. Untick to disable.

On detected threat, go to AV Information on manager startup – Tick to enable (Default), forces the BCX Manager on startup, to open at the AV Information tab if a threat has been detected (or threats have not been acknowledged). Untick to disable.

Disable warning not scanned for over 2 weeks – Tick to enable, will not flag stations that have not been scanned for 2 weeks or more. Untick to disable (Default) and have stations not scanned present warnings.


Return to Contents page