SOLVED malware detected reports (increase historic data)

[Nano_Magnus]

Hello,

I need to had evidence of malware detected on clients, for 1 year at least.

I'm not sure if it is possible to configure the SQL Report for Malware Detected to show from 1 year before.

I also had SPLUNK, but there is no supported app for SCEM, only for SCOM, and not sure if someone knows an alternative to work with SPLUNK and SCEM.

If none of those options works, I know that MPDetection-XX.log on client machines, records details about each case of malware detected on the system, is there a way to securely centralize those LOGs on a collector server or on a network share.

Any advice or suggestions are appreciated.

Best regards

Fernando

 

[Garth]

You can store the data within the CM Data warehouse if you like.

 

[Nano_Magnus]

You mean this?

Data warehouse - Configuration Manager

Data warehouse service point and database for Configuration Manager

docs.microsoft.com

and this?

Install Data Warehouse Service Point in SCCM ConfigMgr

The purpose of data warehouse service point is to store and report on long-term historical data for your Configuration Manager deployment. When you install data warehouse service point, it synchronizes data from SCCM site database to the data warehouse database.

www.prajwaldesai.com

is the first time I see that, and it looks that it will solve my problem, it says that it could save data for as long as 3 years :O

Thanks a lot, now I need to play with it, before I try on mi SC site