When we view a HIPS alert, at the very bottom there is a section called "Host IPS Event Information". This section contains the file/registry value that the source process tried to act on. I would like to use this file/registry value in a report, but I can not find the proper fied to use for this. I tried "Threat Target File Path", but that always returns empty. How can I access this field for a reporting?
For Host IPS 7.0, the Advanced Parameter information is not available for ePO Query reporting purposes.
For Host IPS 8.0, an ePO query has a column section named Host IPS 8.0 Event Info which contains a few column fields, which can pull that information.