The ZENworks Endpoint Security Management reporting database is designed to closely model the star schema format. The star schema is a single “fact” table containing a compound primary key, with one segment for each dimension and additional columns of additive, numeric facts.
The Reporting Service includes the following two dimension tables:
ORGANIZATION_DIM: The organization table defines the instances of users, groups, organizational units, containers, and services in a hierarchal relationship. Each row represents one of these units.
UNIT_MEMBER_DIM: Association of organization units to other organization units. For example, although a user can be stored within a specific container within Active Directory, the user might also be a member of an organization unit or security groups. Each row represents a relationship of organization units.
The data source must be defined to the reporting tool. For most third-party applications, the following steps are necessary:
Define an OLEDB ADO connection to the server hosting the Management Service.
Select the Microsoft OLE DB Provider for SQL Server.
Specify the Management Service server as the server.
Specify the SQL account name and password.
Specify the Reporting Service database name (default name is STRSDB) as the database.
The following views are available for report generation:
EVENT_ACCESSPOINT_FACT_VW: Describes the access points observed by user, day, policy, location, and access point instance.
EVENT_BLOCKEDPACKETS_FACT_VW: Describes the summarized instances of port activity that was blocked due to policy configuration by the endpoint. The information included is logged user, day, policy, location, and source/destination IP/port.
EVENT_CLIENTACTIVITY_FACT_VW: Describes the summarized instances of port activity at the endpoint. The information included is logged user, day, policy, location and device.
EVENT_CLIENTAPPLICATIONS_FACT_VW: Describes the summarized instances of application use (duration) by user, day, policy, location and application.
EVENT_CLIENTDEFENSE_HACK_FACT_VW: Describes the instances of hack attempts against the endpoint client. Active users, applications, and services are included within the report. The data is grouped by user, day, policy, location, and attack result.
EVENT_CLIENTDEFENSE_OVERRIDES_FACT_VW: Describes the instances of policy override and the affected devices. The data is grouped by user, day, policy, location, and override type.
EVENT_CLIENTDEFENSE_UNINSTALL_FACT_VW: Describes the instances of attempts to remove the endpoint client. The data is grouped by user, day, policy, location, and attack result.
EVENT_CLIENTDEVICE_FACT_VW: Describes the types of devices in use by an endpoint. The data is grouped by user, day, policy, location, and device type.
EVENT_CLIENTENVIRONMENTS_FACT_VW: Describes the custom (stamped) network environments used for location detection. The data is grouped by user, day, policy, location, device type, and environment data.
EVENT_CLIENTINTEGRITY_FACT_VW: Describes the results of integrity rules applied at the endpoint. The data is grouped by user, day, policy, location, and rule.
EVENT_CLIENTLOCATION_FACT_VW: Describes the time at location as well as the adapter (configuration and type) used at the location. The data is grouped by user, day, policy, and location.
EVENT_CLIENTRULE_FACT_VW: Describes the generic reporting mechanism for integrity and scripting rules. The data is grouped by user, day, policy, location, and rule.
EVENT_COMPONENTACTION_FACT_VW: Describes the Management Console activity performed on specific components. For example, you could see when the policy update interval was changed for a specific location in a policy. The data is grouped by user, day, policy, and component and defines the new and old value.
EVENT_MANGERIO_FACT_VW: Describes when a component has been created or edited. The data is grouped by user, day, component, and action.
EVENT_ORGANIZATIONACTION_FACT_VW: Describes the user activity as it relates to ZENworks Endpoint Security Management integration with an enterprise information repository. All user management activities are reflected within this table.
EVENT_POLICYCOMPONENT_FACT_VW: Describes the interaction of components and policies. For example, when a location is added to a policy, an audit row reflects that change. The data is grouped by user, day, policy, component, and action.
EVENT_PUBLISHACTION_FACT_VW: Describes the policy and component assignment to an organization.
EVENT_SERVERACTION_FACT_VW: Describes the user activity with the Distribution Service (for example, Check In).
EVENT_USERACTION_FACT_VW: Describes the user policy activity with the Distribution Service (Policy, Key, EFS Key, Schema downloads).