Queries, reports, and Adaptive Threat Protection Use queries to retrieve detailed information about the status of your managed systems and any threats in your environment. You can export, download, or combine queries into reports, and use queries as dashboard monitors. Queries are questions that you ask McAfee ePO, which returns answers as charts and tables. Reports enable you to package one or more queries into a single PDF document, for access outside of McAfee ePO. Similar information is available by accessing activity logs from the Endpoint Security Client on individual systems. You can view query data only for resources where you have permissions. For example, if your permissions grant access to a specific System Tree location, your queries return data only for that location. Default queries The module adds default queries to McAfee Groups. Depending on your permissions, you can use them as is, modify them, or create custom queries from events and properties in the McAfee ePO database. Endpoint Security Adaptive Threat Protection: Allow Events by Event Type Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Block Events by Event Type Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Clean Events by Event Type Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Events by File (Top 10) Endpoint Security Adaptive Threat Protection: Events by System (Top 10) Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10) Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10) Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours Custom queries The module adds default properties to the Endpoint Security feature group. You can use these properties to create custom queries. Feature Group Result Type Property (Column) Property (Column) Endpoint Security ATP Hotfix Real Protect content date ATP Patch Version Real Protect content version Connection status Real Protect engine date Contained Applications Real Protect engine version Is Supported OS Signatures in Extra.DAT License Status Endpoint Security Threat Intelligence Properties DAT Version Product Version Hotfix/Patch Version Events Adaptive Threat Protection Events Balance Security For File MD5 Hash Certificate Company Creator File Reputation Certificate Hash File SHA1 Hash Certificate Name Object Type Certificate Public Key Hash Real Protect Scanning Sensitivity Level Content Version Rule ID Detection Type User Prompt Comments File Company Creator Adaptive Threat Protection Rules Description Rule Name Long Description Endpoint Security Platform Systems Adaptive Threat Protection Debug Logging Enabled Adaptive Threat Protection Events Filter Level For information about queries and reports, see the McAfee ePO documentation. Related conceptsBuilding file prevalence using Observe modeUsing permission sets
Queries, reports, and Adaptive Threat Protection Use queries to retrieve detailed information about the status of your managed systems and any threats in your environment. You can export, download, or combine queries into reports, and use queries as dashboard monitors. Queries are questions that you ask McAfee ePO, which returns answers as charts and tables. Reports enable you to package one or more queries into a single PDF document, for access outside of McAfee ePO. Similar information is available by accessing activity logs from the Endpoint Security Client on individual systems. You can view query data only for resources where you have permissions. For example, if your permissions grant access to a specific System Tree location, your queries return data only for that location. Default queries The module adds default queries to McAfee Groups. Depending on your permissions, you can use them as is, modify them, or create custom queries from events and properties in the McAfee ePO database. Endpoint Security Adaptive Threat Protection: Allow Events by Event Type Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Block Events by Event Type Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Clean Events by Event Type Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Events by File (Top 10) Endpoint Security Adaptive Threat Protection: Events by System (Top 10) Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10) Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10) Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10) Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours Custom queries The module adds default properties to the Endpoint Security feature group. You can use these properties to create custom queries. Feature Group Result Type Property (Column) Property (Column) Endpoint Security ATP Hotfix Real Protect content date ATP Patch Version Real Protect content version Connection status Real Protect engine date Contained Applications Real Protect engine version Is Supported OS Signatures in Extra.DAT License Status Endpoint Security Threat Intelligence Properties DAT Version Product Version Hotfix/Patch Version Events Adaptive Threat Protection Events Balance Security For File MD5 Hash Certificate Company Creator File Reputation Certificate Hash File SHA1 Hash Certificate Name Object Type Certificate Public Key Hash Real Protect Scanning Sensitivity Level Content Version Rule ID Detection Type User Prompt Comments File Company Creator Adaptive Threat Protection Rules Description Rule Name Long Description Endpoint Security Platform Systems Adaptive Threat Protection Debug Logging Enabled Adaptive Threat Protection Events Filter Level For information about queries and reports, see the McAfee ePO documentation. Related conceptsBuilding file prevalence using Observe modeUsing permission sets