Table of Contents
Advertisement
Managing Your Protection
Information management
For more information about creating and using dashboards, see the ePolicy Orchestrator
documentation.
Host IPS queries
Host Intrusion Prevention includes query functionality through ePolicy Orchestrator. You can
create useful queries from events and properties stored in the ePO database or use predefined
queries.
You can produce queries for a group of selected client systems, or limit report results by product
or system criteria. You can export reports into a variety of file formats, including HTML and
Microsoft Excel.
Query options:
• Setting a filter to gather only selected information. Choose which group or tags to include
in the report.
• Setting a data filter using logical operators, to define precise filters on the data returned by
the report.
• Generating graphical reports from the information in the database, filtering the reports as
needed, printing the reports, and exporting them to other software.
• Running queries of computers, events, and installations.
Predefined and custom queries to analyze your protection
The reporting feature contains predefined queries from Host Intrusion Prevention and allows
you to create custom queries.
Organize and maintain custom queries to suit your needs. For example, if you customize settings
for a report, export these settings as a template. After creating custom templates, organize
them in logical groupings so that you can run them as needed on a daily, weekly, or monthly
basis.
After a report is generated, you view summary information, as determined by the filter, if any,
that you have set. From the summary information you drill down to one or two levels for detailed
information, all in the same report.
You control how much report information is visible to different users; for example, global
administrators versus other users. Some users view reports only on systems in sites where they
have permissions. Report information is also controlled by applying filters.
Custom queries
You can create four specific Host IPS queries with the Query Builder under Others: Host IPS
8.0 Firewall Client Rules, Host IPS 8.0 Firewall Client Rule Executables, Host IPS 8.0 IPS Client
Rules, and Host IPS 8.0 IPS Exceptions.
Parameters for these queries include:
Table 2: Host IPS queries and parameters
Query
Host IPS 8.0 Catalog Firewall Rules and Firewall
Client Rules
NOTE:
This query returns IPS Catalog firewall
rules, IPS Catalog firewall groups, and firewall
client rules. Possible action values are allow , block ,
and jump , with jump the action for groups, which •
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Parameters
•
Action
•
Direction
•
Enabled
•
Last Modified
Last Modifying User
13
Advertisement
Table of Contents
Troubleshooting
