Incident Detection Report

  • Article

 

The Incident Detection report collects and presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers.

To view the Incident Detection report

  1. Click Incident Detection, located in the Navigation Area under Reports, to open the Incident Detection work pane.

  2. Under Select Products you can choose to run the report for your Exchange servers, your SharePoint servers, or both. By default, both are selected.

  3. Select the date range that you would like the report to cover. By default, the date range is one week, ending at the current time.

  4. Select the servers that you would like to include in the report. By default, no servers are selected.

    Note

    If you select only one of the two available products, only those managed servers will appear in the Select Servers list. For example, if you select to only include SharePoint products in the report, only your managed SharePoint servers will appear in the Select Servers list.

  5. Click Generate Report. The Incident Detection Report appears.

Note

Before viewing the report, you should first open the Global Configuration work pane and click the Poll Now button to ensure that the FPSMC has the most recent data from the managed servers.

Viewing the Incident Detection Report

The Incident Detection Report contains three sections that provide important information about your managed servers. The contents of the Incident Detection Report are the same if you select to report on your Exchange servers, SharePoint servers, or both.

The Distribution of Detections section contains a pie chart that displays how many malware incidents were detected by the Forefront Protection Server products and how many matches to the File, Keyword, Subject Line, and Sender Filters were found.

The Detection Trends section contains a line graph displaying how many malware incidents were detected by the Forefront Protection Server products and how many matches to the file, keyword, subject line, and sender filters were found. It also displays a chart of how many incidents were detected in a specific interval.

The Most Common Incidents section contains tables that display information about malware detection and matched filters. The malware table shows the five most common malware types detected in your organization, including the number of incidents and the most recent detection time. The second table shows incidents where a filter is matched, and, like the malware incident table, includes the number of incidents and the most recent detection time for each type.