cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 33

HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

Can someone help with creating a query that filters and show the "file" info that is available when looking in a HIPS event below the Host IPS 8.0 Event Information.

I can filter on "target file path" but that does not contain the same info as in "file".

32 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

You can display the IPS Parameter Name = Files and then fileter  for the specific IPS Parameter Value you want.

You can do that through the Reporting -> Threat Event Log

You should be able to set up a query for it as well.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

Hello,

Thanks for the feedback but I can't find what you describe.

Can you give some more details please.

I can't find "IPS parameter name". Not in queries and not in the HIPS event window .

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

In the Reporting for HIPS 8, you have to go under Actions and choose Choose Columns.

Are you running HIPS 8 and what version of epo are you running?

make sure the HIPS 8 extension is checked in as well.

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

I have 3 extensions for HIPS checked in :

* Host intrusion prevention 8.0.0

* Host IPS advanced

* Host IPS license

I don't find "IPS parameter name".

Do I miss an extension ?

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

there should be a listing for Host IPS 8.0 Expert Signature Info which contains these 2 fields under Filter and under Choose Columns.

greatscott
Level 12
Report Inappropriate Content
Message 7 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

If jj4sec is non DoD, he probably doesn't have the enhanced reporting package which is required to see these fields. that being said, i dont know how anyone tunes HIPS without this capability. it makes the task nearly impossible.

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

What is the advanced reporting package ?

Is that part of HIPS extension ?

greatscott
Level 12
Report Inappropriate Content
Message 9 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

Its an ePO enhancement extension. It is not part of HIPS per se, but does make tuning easier.

Former Member
Not applicable
Report Inappropriate Content
Message 10 of 33

Re: HIPS : how to create a query to filter on the "file" of the Host IPS 8.0 Event Information

where can I find this ?

I have the extension "advanced reporting" version 5.1.1 below "shared componentes" i the extensions

is it this or do I miss something ?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community