cancel
Showing results for 
Search instead for 
Did you mean: 
schmiewliski
Level 10

HIPS reporting help needed

Hi Everyone.

Trying to put together 2 reports for HIPS 8.

    

     1. Firewall Blocked Traffic - This report needs to show all traffic that has\is being blocked

     2. IPS blocked Apps - This reports needs to show the apps / ips related that has \ is being blocked

Can any one supply an idiots guide here.. I hate the reporting in ePO.

Cheers

Steve

0 Kudos
1 Reply
McAfee Employee

Re: HIPS reporting help needed

 1. Firewall Blocked Traffic - This report needs to show all traffic that has\is being blocked

This is not possible, as Firewall events are not sent to ePO.  This is by design.

2. IPS blocked Apps - This reports needs to show the apps / ips related that has \ is being blocked


IPS works via Signature numbers.  You'd have to write a query to pull whatever signature data you desired.  Some of the default HIPS queries perform this (by Severity and System Type: Workstation, Server).  Others can provide more info on how they create their own queries.

0 Kudos