To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-Secure Policy Manager Console filtering

field_is_too_sh
field_is_too_sh W/ Alumni Posts: 8 Security Scout

F-Secure Policy Manager Console (FSPMC) lets you count the number of hosts running a particular product (within the Installation tab) but it is not possible to list them. If Root > Installation shows Product "X", Version Y, Count 10, you can't call up a list of machines and review them. They could be anywhere in the domain tree and you have to guess where they might be, or scour the tree domain by domain looking for them.

 

Although it is conceivable that the  Actions column could have a "Report" link to simply view the relevant hosts within a dialog box, it may make more sense to have a "Filter" link, which when clicked shows a prompt for:

 

  • Exclude this product/version
  • Include this product/version
  • Show only this product/version

 

The Domain tree heading could have a "Filter" button, with a dialog box that lets you add criteria. By default, this would be empty. An "Add" filter button would permit adding new filters, e.g.

 

  • Add → [include|exclude] → OS → [older than|newer than|specified or older|specified or newer] → [Windows desktop|…] → [XP|7|Vista|8|9|10]
  • Add → [include|exclude] → Product → [Client Security|Server Security|…] → [any|older than|newer than|specified or older|specified or newer] → [9|10|11|12]
  • Add → [include|exclude] → [offline|online]
  • Add → [include|exclude] → [up-to-date|out-of-date]
  • Add → [include|exclude] → [recent infections|no recent infections]

 

The use of older/newer than and include/exclude should remove the need to deal with difficult and/or conditions (since such a UI makes bracketed logic expressions rather hard!) Possibly a dropdown could offer:

 

  • Exclude all hosts except those included by the filters below
  • Include all hosts except those excluded by the filters below

 

Deciding the precise balance of simplicity and complexity required will be tricky!

 

In the policy tree, a decision is required as to what the domains and hosts should look like when filtering occurs.

 

For example:

 

  • If all hosts are filtered away, the icon for a policy domain should either show as disabled (greyed out/semi-transparent) or the policy domain should disappear entirely; possibly when the filter is active, a filtering toolbar should appear below the "Domain tree" heading with a button to toggle domains whole entire contents are filtered
  • Domains where some hosts are filtered away should presumably show a badge of some kind to illustrate that not all hosts are presently visible; maybe a button in that toolbar could toggle whether filtered-away hosts should appear but greyed out/semi-transparent (just in case you're confused and want to remind yourself what the rest of a particular domain contains)

 

With this filtering feature, you could, for example:

 

  • Locate all machines needing updated software
  • Locate all machines that are offline
  • Locate, or filter out, all PCs running FSCS 10/11 and Windows XP that are not eligible for upgrading to FSCS 12

 

The above could even be done using a "Common queries" button, or through other aspects of the UI. For example, in the Installation tab, the Filter action for a given program/version would create/update the filtering directly without needing to go through the filter configuration dialog.

 

With a complex policy domain tree, the hosts that interest you are often buried very deep down or spread far apart and this feature would let you round up all the hosts that meet a particular set of criteria.

 

The filter should also allow you to apply commands to filtered hosts: the Operations tab for example would only apply to the filtered hosts when a filter is active.

This discussion has been closed.