cancel
Showing results for 
Search instead for 
Did you mean: 

DLP - Need idea to create custom query/report for usb activity

We are trying to create a query in EPO 5.10 for usb file copy activity in a specific region with DLP 11.3 and need to have time. source destination user etc. we cannot seem to be able to create this.

4 Replies
McAfee Employee talam1
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: DLP - Need idea to create custom query/report for usb activity

Thank you for Posting this Query.

I was able to create a report matching your requirements in my test ePO.

I have attached the .XML file ( Query file ) 

Navigate to Queries and report > Import queries > Point to .XML file I have provided > Save.

 

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Touseef 

Re: DLP - Need idea to create custom query/report for usb activity

Hello,

That only shows a bar chart and numbers

 


We actually need a list of all users file names location source destination etc. time stamp

McAfee Employee talam1
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: DLP - Need idea to create custom query/report for usb activity

Please click on the outgoing or incoming as highlighted in the pic below to get the details 

Query copy direction.PNG

McAfee Employee JaganA
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: DLP - Need idea to create custom query/report for usb activity

@Philip1978 Thanks for choosing Support Community.

I would try my best to answer your query.

Login to ePO -> Queries & Reports -> quick find: type "device" and hit Apply.

you can see 5 default queries and reports.

Choose Removable Media: Recent Usage -> Click Duplicate -> Give it a name and Save.

Now, Edit the new query -> select Table -> in the next page you can choose the columns you are looking for.

In case, no columns available then you can't expect it in the report.

Example: Rule, Ruleset and evidence are not listed in the column.

You can try with other query as well: Removable Media: Protection status.

 

As an alternate, you can see them in the DLP incident manager and export them.

However, could you let us know what exactly are you trying to achieve with this report? We can how best it can be achieved.

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community