Generating queries and reports McAfee ePO comes with its own querying and reporting capabilities. Included are the Query Builder and Report Builder, which create and run queries and reports that result in user-configured data in user-configured charts and tables. The data for these queries and reports can be obtained from McAfee ePO database. In addition to the querying and reporting systems, you can use these logs to gather information about activities on your McAfee ePO server and your network: Audit Log Server Task Log Threat Event Log Queries Queries enable you to poll McAfee ePO data. Information gathered by queries is returned in the form of charts and tables. A query is used to get an answer right now. Query results are exported to several formats, any of which can be downloaded or sent as an attachment to an email message. Most queries are also used as dashboard monitors, enabling near real-time system monitoring. Queries can be combined into reports, giving a more broad and systematic look at your McAfee ePO software system. The default dashboards and predefined queries shipped with McAfee ePO can't be changed or deleted. But you can duplicate them, then rename and change them as needed. Query results are actionable — Query results displayed in tables have actions available for selected items. Actions are available at the bottom of the results page. Queries as dashboard monitors — Most queries are used as a dashboard monitor (except those using a table to display the initial results). Dashboard monitors are refreshed automatically on a user-configured interval (five minutes by default). Exported results — Query results are exported to four formats. Exported results are historical data and are not refreshed like other monitors when used as dashboard monitors. Like query results and query-based monitors displayed in the console, you drill down into the HTML exports for more detailed information. Unlike query results in the console, you can't select an action when viewing exported data. You export to these file formats: .csv, .xml, .html, and .pdf. Combining queries in reports — Reports contain any number of queries, images, static text, and other items. They are run on demand or on a regular schedule, and produce PDF output for viewing outside McAfee ePO. Sharing queries between servers — Any query can be imported and exported, allowing you to share queries between servers. In a multi-server environment, you only have to create a query once. Retrieving data from different sources — Queries retrieve data from any registered server, including databases external to McAfee ePO. Reports Reports package query results into a PDF document, enabling offline analysis. Generate reports to share information about your network environment, such as threat events and malware activity, with security administrators and other stakeholders. Reports are configurable documents that display data from one or more queries, drawing data from one or more databases. The most recently run result for every report is stored in the system and is readily available for viewing. You can restrict access to reports by using groups and permission sets in the same manner you restrict access to queries. Reports and queries can use the same groups, and because reports primarily consist of queries, this allows for consistent access control. Query and report permissionsTo run a query or report, you need permissions to not only that query or report, but the feature sets associated with their result types. A query’s results pages only provide access to permitted actions given your permission sets. Introduction to queriesQueries allow you to poll McAfee ePO data. Information gathered by queries is returned in the form of charts and tables. Query BuilderMcAfee ePO provides an easy, four-step wizard that is used to create and edit custom queries. With the wizard, you can configure which data is retrieved and displayed, and how it is displayed. About reports Reports package query results into a PDF document, enabling offline analysis. Report anonymization permissions You can restrict or allow users to access anonymized data in the reports for Content Security Reporting by setting appropriate permissions. Structure of a reportReports contain a number of elements held within a basic format. Create a reportYou can create reports and store them in McAfee ePO. Edit an existing reportYou can modify an existing report's contents or the order of presentation. Run a report on a scheduleCreate a server task to run a report automatically. View report outputView the last run version of every report. Configure the template and location for exported reportsYou can define the appearance and storage location for tables and dashboards you export as documents. Group reports togetherEvery report must be assigned to a group.