Queries, reports, and Adaptive Threat Protection

Use queries to retrieve detailed information about the status of your managed systems and any threats in your environment. You can export, download, or combine queries into reports, and use queries as dashboard monitors.

Queries are questions that you ask McAfee ePO, which returns answers as charts and tables. Reports enable you to package one or more queries into a single PDF document, for access outside of McAfee ePO.

Similar information is available by accessing activity logs from the Endpoint Security Client on individual systems.

You can view query data only for resources where you have permissions. For example, if your permissions grant access to a specific System Tree location, your queries return data only for that location.

Default queries

The module adds default queries to McAfee Groups. Depending on your permissions, you can use them as is, modify them, or create custom queries from events and properties in the McAfee ePO database.

  • Endpoint Security Adaptive Threat Protection: Allow Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Block Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Clean Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Events by File (Top 10)
  • Endpoint Security Adaptive Threat Protection: Events by System (Top 10)
  • Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type
  • Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10)
  • Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10)
  • Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10)
  • Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days
  • Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days
  • Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter
  • Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours

Custom queries

The module adds default properties to the Endpoint Security feature group. You can use these properties to create custom queries.

Feature Group Result Type Property (Column) Property (Column)
Endpoint Security ATP Hotfix Real Protect content date
ATP Patch Version Real Protect content version
Connection status Real Protect engine date
Contained Applications Real Protect engine version
Is Supported OS Signatures in Extra.DAT
License Status
Endpoint Security Threat Intelligence Properties DAT Version Product Version
Hotfix/Patch Version
Events Adaptive Threat Protection Events Balance Security For File MD5 Hash
Certificate Company Creator File Reputation
Certificate Hash File SHA1 Hash
Certificate Name Object Type
Certificate Public Key Hash Real Protect Scanning Sensitivity Level
Content Version Rule ID
Detection Type User Prompt Comments
File Company Creator
Adaptive Threat Protection Rules Description Rule Name
Long Description
Endpoint Security Platform Systems Adaptive Threat Protection Debug Logging Enabled Adaptive Threat Protection Events Filter Level

For information about queries and reports, see the McAfee ePO documentation.