We are running epo 5.3.2. I notice in the Various policies that ENS threat prevention and Adaptive Threat protection can either block or report on certain activity. Before we block anything, we want to see a report. How do I generate this query and/or report?
I am looking at the queries related to Adative Threat Prevention. Whenever I select "run" on any of these queries, it returns "No Data Found". Currently, our environment is set for ATP to report on events only (as opposed to blocking). However, I cannot get any event to report in these queries.
Do I need to adjust a policy? Do I need to deploy ATP differently? Are these queries what I am looking for?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.