Showing results for 
Search instead for 
Did you mean: 
Level 7

DLP/DCM event query

I currently have DLP extension in my ePO server utilizing a DCM license only. A previous employee had turned on DLP to log a lot of information and now I need to try and extrapolate that information into something useful. I have been playing around with the DLP incident manager and DLP event queries and am having difficulties effectively querying the information provided in the DLP incidents that are being reported to the server. I am trying to query based off of the device details (such as the vendor id, usb id, and serial number) and have had no luck in finding a way in order to do that. I have attached a screenshot with the information I would like to query but so far the only way I have found to even view that information is to open each event individually. I know it is possible to export the data of multiple incidents but there is a limit to the number of events I can export at a time and I would like to get a significant number of events at once. I would also like to try and aggregate the data so that I would only get unique device plugins. The goal being to get a list of every device that has been plugged into any system that is managed by ePO. I have also looked into the SQL database in hopes that I would be able to find something there but the information that is stored in the database is XML data and I have very little experience with SQL as it is and adding XML to the mix makes it even more impractical for me to perform queries from there.

0 Kudos