Filter security data

Use the Summary Data Filter to filter policies, modules, operating systems, or messages from the Symantec ESM grid, charts, and printed reports. When you generate a report with a filter set, Symantec ESM includes information from only the policy, module, or operating system. For example, if you set the filter to include only Windows 2000 operating systems, any report that you generate will list security information for agents on Windows 200 operating systems only; security information for agents on other operating systems are filtered out of the report. Similarly, only the security level and rating for agents on Windows 2000 operating systems is figured into the overall rating of the domain or enterprise.

When you apply a filter to a policy, module operating system, or message, the ESM console grid and charts will still display security information for all unfiltered items. For example, if you set the filter to include only Phase 1 policy runs, the enterprise tree still displays Phase 2 and Phase 3 policy run data. But Symantec ESM does not use the security level and rating from those policies when it calculates the overall security level and rating for the domain or enterprise. Symantec ESM only uses security level and rating information from the most recent Phase 1 policy run.

Setting the message filter to include suppressed messages or message differences includes that information in the Symantec ESM reports and in the grid. The ESM console indicates when the filter is set to display suppressions or message differences in the small boxes at the bottom right of the ESM console.

More Information

Filtering the security data

[an error occurred while processing this directive]