Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
FEP 2010 - Where are the events stored?

Answered FEP 2010 - Where are the events stored?

  • Wednesday, August 15, 2012 9:11 PM
     
     
    Sign In to Vote
    0

    Hello all,

    I am trying to setup a SIEM product for FEP alerts but I can't find where the alerts are actually stored in the database.

    Can anyone help me with this?  What table should I being looking at?

    Note: I have no experience with FEP/SCCM/SCOM

    Thanks!

     

All Replies

  • Friday, August 17, 2012 2:31 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    Here is article about the FEP alert procedure:
    The Forefront Endpoint Monitoring service checks the FEP reporting database for events that trigger an alert.
    http://technet.microsoft.com/en-us/library/gg675286.aspx

    So, just check the FEPDW DB--views name like dbo.vwAN_Alert_XXX. There are three types of Alert views.(MalwareDetection/MultipleInfection/ReinfectedComputer) 

    If there are more inquiries on this issue, please feel free to let us know.

    Regards

    Rick Tan

    TechNet Community Support

     
  • Wednesday, September 05, 2012 1:28 PM
     
     
    Sign In to Vote
    0

    Hi Rick

    actually this is some kind of information that i'm searching the web in the few past months, but with no luck.

    I need to know, where can i find in the databases of FEP 2010/2012, the time(hour/minute) of every virus definitions that arrives at my FCS Central Server, and also the time (hour/minute) of each of those same virus definition was installed in every Server's and workstations in my network.

    My OBjective ? : Measure the time (hour/minute) between the arrive and instalation in my FCS Central Server, and then in each of my server's and workstations, obtaining the diference between.

    Can you please help ? Thanks !

    Best Regards

    Bruno F.

     
  • Friday, September 07, 2012 3:44 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi Bruno,

    I need to know, where can i find in the databases of FEP 2010/2012.
    FEPDW DB should be installed on the FEP/SCCM server. Or you could run FEP report via SCCM server console UI, it will load url http://serverA/ReportServerXXX. The serverA is your FEPDW DB server.

    Regards

    Rick Tan

    TechNet Community Support