Endpoint Protection

Hi, team

We are currently working on coding a script to get automated reports from SEPM, this reports are the ones extracted in Reports > Network and Exploit Mitigation, in a lapse of one hour. I'm currently digging into the tables and views in SEPM DB but I cannot found the correct table or view to extract that information, do you have any idea? 

Regards,

Hi Bryan,

Have you reviewed our Schema Guide?

http://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-protection/generated-pdfs/Database_Schema_Reference_SEP14.2.2_SEP14.3.zip

------------------------------
John Owens
Principal Product Support
Symantec
United StatesJohn Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message:
Sent: 07-22-2020 02:52 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Hi, team

We are currently working on coding a script to get automated reports from SEPM, this reports are the ones extracted in Reports > Network and Exploit Mitigation, in a lapse of one hour. I'm currently digging into the tables and views in SEPM DB but I cannot found the correct table or view to extract that information, do you have any idea?

Regards,

Well, now I have, but I seem to fail finding what I need. I don't know, maybe I don't need a single table but a few. This is an example of what we pull from SEPM->Network and Host Exploit Mitigation->Full Report->Past 24 hours.

Here's the attachment.
Original Message:
Sent: 07-22-2020 05:58 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Well, now I have, but I seem to fail finding what I need. I don't know, maybe I don't need a single table but a few. This is an example of what we pull from SEPM->Network and Host Exploit Mitigation->Full Report->Past 24 hours.

Looking at my SEP SQL database, it looks like most of those fields in your CSV attachment can be found directly in the table(s) "AGENT_SECURITY_LOG_*"
Original Message:
Sent: 07-22-2020 06:02 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Here's the attachment.
Original Message:
Sent: 07-22-2020 05:58 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Well, now I have, but I seem to fail finding what I need. I don't know, maybe I don't need a single table but a few. This is an example of what we pull from SEPM->Network and Host Exploit Mitigation->Full Report->Past 24 hours.

You could also run a SQL trace. Then run the report in the SEPM.  You could then find the exact SQL Queries being run to produce the results in the SEPM.

------------------------------
John Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message:
Sent: 07-22-2020 06:02 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Here's the attachment.
Original Message:
Sent: 07-22-2020 05:58 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Well, now I have, but I seem to fail finding what I need. I don't know, maybe I don't need a single table but a few. This is an example of what we pull from SEPM->Network and Host Exploit Mitigation->Full Report->Past 24 hours.

I have done that, now I have the exact query, however, I see a few rows that are displayed with an ID, in the SEPM report I see them converted, for example, one of the OS TYPE value is 805961730, but in the report is shown as "Windows 10 Professional". How can I do the same programatically or by modifying the query?
Original Message:
Sent: 07-23-2020 01:12 PM
From: John Owens
Subject: Querying SEPM Database

You could also run a SQL trace. Then run the report in the SEPM.  You could then find the exact SQL Queries being run to produce the results in the SEPM.

------------------------------
John Owens
Principal Product Support
Symantec
United States

Original Message:
Sent: 07-22-2020 06:02 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Here's the attachment.
Original Message:
Sent: 07-22-2020 05:58 PM
From: Bryan Arreola
Subject: Querying SEPM Database

Well, now I have, but I seem to fail finding what I need. I don't know, maybe I don't need a single table but a few. This is an example of what we pull from SEPM->Network and Host Exploit Mitigation->Full Report->Past 24 hours.