cancel
Showing results for 
Search instead for 
Did you mean: 
schmiewliski
Level 10

HIPS Reporting Help !!!

Hi Everyone

Starting to get a little frustrated with the reporting capabilities of HIPS

I need to create a couple of reports which I would have thought were straight forward.

     1. Dynamically created Firewall rules by System name.

     2. Logged / Blocked IPS events by System name

I can see the information displayed within ePO under reporting / Host IPS 8.0, but when trying to build a report within the query builder I can't find a way of putting this together.

Can anyone offer some guidance on how to create the reports I need.

Thanks in advanced

Steve

0 Kudos
1 Reply
McAfee Employee

Re: HIPS Reporting Help !!!

Try editing (duplicate first) some of the default Host IPS queries.

     1. Dynamically created Firewall rules by System name.

Host IPS: Firewall Client Rules by Protocol/System Name - switch this query to a Single-group Summary Table with the Label set to System Name

     2. Logged / Blocked IPS events by System name

Host IPS: Top 10 Triggered Signatures - switch this query to a Multi-group Summary Table and set the Labels to System Name & Action Taken.

You'll have to tailor queries to you liking since they can be configured with any number of different parameters & criteria.

Message was edited by: ktankink on 4/25/12 6:49:27 PM CDT
0 Kudos