cancel
Showing results for 
Search instead for 
Did you mean: 
wally3514
Level 7

HIPS Reports and target "file" / "Registry Value"

When we view a HIPS alert, at the very bottom there is a section called "Host IPS Event Information". This section contains the file/registry value that the source process tried to act on. I would like to use this file/registry value in a report, but I can not find the proper fied to use for this. I tried "Threat Target File Path", but that always returns empty. How can I access this field for a reporting?

0 Kudos
2 Replies
McAfee Employee

Re: HIPS Reports and target "file" / "Registry Value"

For Host IPS 7.0, the Advanced Parameter information is not available for ePO Query reporting purposes.

For Host IPS 8.0, an ePO query has a column section named Host IPS 8.0 Event Info which contains a few column fields, which can pull that information.

0 Kudos
wally3514
Level 7

Re: HIPS Reports and target "file" / "Registry Value"

Thanks! Looks like it is time to move to 8.0...

0 Kudos