Problem: Machines are decommissioned from remote monitoring & management but not Symantec Endpoint Protectioon Cloud. This means licenses are wasted.
To address this, we audit one portal against the other on a regular basis. I export all hostnames from our monitoring/management portal, and gather all hostnames from Endpoint cloud listed in the summary report, and if one is listed in Symantec but not monitoring then that should be retired.
What makes this difficult/obnoxious is a few issuesv related to hostnames:
Symantec isn't as good at updating the device hostname/device alias consistently as our remote monitoring tool. It will sometimes report the device hostname with a more accurate, up-to-date name, sometimes the alias will be more up to date (there's a separate device name, device alias column). Symantec also reports the domain name and TLD (hostname.domainname.TLD) as part of the name in some cases (e.g. computername.companyname.com). To compare one portal's name against the other, I have to extract the name to the left of the period with a formula in excel, it would be preferable if the domain name etc. were kept in their own column instead of arbitrarily being reported as part of the hostname in some cases.
In short, Symantec doesn't update provide an updated hostname consistently, the report isn't formatted consistently in terms of hostnames, and it's not clear why device hostname and why device alias, of the two options, neither is consistently more accurate than the other. If I could simply export the hostnames as part of the report, which I know Symantec keeps track of in some sort of database because I can see the serial number associated with a given install/hostname if I open the client specific Symantec Endpoint Cloud portal, that would make the whole process much simpler.
I've created some fairly complex formulas formulas in Excel which will get rid of the unnecessary crap (domain name) included in the Symantec hostnames, and check both device name and device alias against a list of hostnames from our monitoring tool and only report the device name if neither the device name or device alias have a positive result in the list of our hostnames on the second worksheet. It would be nice if there was a permanent, reliable indicator of which device is which; we have that, it's a serial number, Symantec even has machines with it installed report that data to its database to some extent, but it's not a part of any report I'm able to export.
I'm no SQL programmer but this seems like something that would be relatively easy to add and also useful.