When you’re managing a large environment with thousands of endpoints, assuring consistency can be a huge challenge. Imagine that you want every endpoint to be upgraded to a specific software version, for example. In many cases, you’re forced to rely on manual tracking, where errors and omissions are commonplace. And, if you want to demonstrate how you’re progressing towards that goal over time, you’re looking at a large manual effort to track which systems have been updated and when.
In my previous blogs, I talked about sometimes-overlooked features in McAfee ePolicy Orchestrator (ePO) that can make managing your endpoint environment a whole lot simpler. Now, I’m going to cover one more: using ePO to show compliance history over time.
Out of the box, you can use ePO to see the percentage of your systems that comply with a given criteria, such as McAfee Endpoint Security (ENS) software version. You may already be using that feature. But what you might not realize is that, in addition to showing a snapshot of systems that do and don’t meet that criteria right now, you can also track compliance over time. Effectively, you can use ePO to set a starting point for your migration project, and then generate reports showing your day-to-day progress towards the project goal.
For example, say you want to migrate all endpoints to McAfee ENS 10.5 by the end of this quarter. And imagine that, right now, 50 percent of your endpoints are running that software version. By next week, 60 percent of endpoints may be in compliance. The following week, you may be up to 75 percent. With ePO compliance history reporting, you can generate hard numbers to track your progress towards 100 percent compliance for that migration.
Software migrations are just one example of when compliance reporting comes in handy. You could use the same reporting to track endpoint systems that have a specific set of McAfee endpoint tools or components installed. Or, you could use it to help enforce a rule that no system should be using antivirus definitions older than 10 days. If you have any compliance goal for the McAfee products and tools on your endpoints, and you can express it as a Boolean query, you can generate a graph showing your progress towards that goal and export it to an Excel spreadsheet.
Creating the Report
Generating a compliance history report in ePO involves three basic steps: creating a Boolean managed system query, creating a server task, and creating a compliance history query.
The first step, a Boolean managed system query, creates a pie chart to show which systems are compliant with your criteria and which are not. ePO features a wizard to take you through the process. To get started, click “Create new managed system query” in the Queries & Reports section of the main ePO dashboard. Select Boolean Pie Chart as the chart type, and click the “Configure Criteria” button. The properties listed here configure which attributes the query will check for compliance. So in our software migration example, if you want to see which systems are running ENS 10.5, you would add that as a compliance attribute. ePO will then show all systems that are not running software version 10.5 as non-compliant for the purposes of this query.
Using the same tool, you can also label the Boolean pie chart with your compliance criteria. And you can configure the Filters tool to exclude any systems that you don’t need to be in compliance for the purposes of your query. (So in the software migration example, you could decide that servers are out of scope for this update and exclude them from your query.)
Finally, save the Boolean Managed System Query. I’d recommend naming the report with “Compliance” in the query name for easier referencing later.
Configuring Server Tasks and Compliance Queries
The next step is to create a new server task. Go to Server Tasks in ePO and click “Create Server Task.” For simplicity’s sake, you may want to include “Compliance” in the server task’s name. For the Action field, select “Run Query.” In the Query field, select the Boolean Managed System Query you created in the previous step. In the Sub-Actions field, select, “Generate Compliance Event.” Then, set a schedule to run the server task once per day, or as often as you’d like to track. Remember: the goal here is not simply to see a snapshot of how many systems are in compliance, but to be able to track your progress towards full compliance over time. So you will want this server task to run on an ongoing basis.
For the final step, you create a new compliance history query. Go back to Queries & Reports in ePO and click “Create Compliance History Query.” For the chart type, select “Single-Line Chart.” Select “Day” for the Time Unit (unless you’ve chosen a different time interval for your server task to run). For the Line Values field, select “Average of,” and in the second field, select “Percent Compliant.” Save the chart. Then, in the filter section, add a filter for “Server Task Used to Generate Compliance Event” and assign it the Server Task that you just created.
View Progress Over Time
Illustrating compliance history over time can be extremely useful for anyone undertaking a large-scale software migration, or seeking to ensure that all systems’ McAfee components are configured consistently. But it can also be helpful for illustrating the progress of a given project to others.
If an executive wants to know how a software migration is progressing, for example, and you show them a point-in-time snapshot showing 70 percent compliance, they may want to know why 30 percent of systems are still running older software. With ePO compliance history reporting, you could demonstrate that just two weeks ago, 60 percent of systems were non-compliant, and you’ve cut that figure in half. It’s just one more way that ePO can make large-scale endpoint management easier.
Author: Ted Pan