cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2

Retrieving Host IPS 8.0 Event Information from the database - how??

I have a team of folks that is interested in seeing the HIPS event information that comes along with the threat data related to the following fields:

Target File Name

Target Fingerprint

Target Path

Does anyone know what the table references are for these fields and how we can add them to the query below?

select [EPOEvents].[DetectedUTC], [EPOEvents].[TargetHostName], [EPOEvents].[ThreatName], [EPOEvents].[AnalyzerIPV4], [EPOEvents].[SourceIPV4], [EPOEvents].[SourceURL], [HIP8_EventInfo].[Direction], [HIP8_EventInfo].[AppSigner], [HIP8_EventInfo].[AppDesc], [HIP8_EventInfo].[AppHash], [HIP8_EventInfo].[Hidden], [HIP8_EventInfo].[LocalIPAddress], [HIP8_EventInfo].[LocalPort], [HIP8_EventInfo].[Protocol], [HIP8_EventInfo].[Read], [HIP8_EventInfo].[RemotePort], [EPOEvents].[AutoID] from [EPOEvents] left join [HIP8_EventInfo] on [EPOEvents].[AutoID] = [HIP8_EventInfo].[EventID]

1 Reply
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2

Re: Retrieving Host IPS 8.0 Event Information from the database - how??

Given your title, I assume the Host IPS 8.0 Event Information data you're seeking are the details at the bottom of a threat log details you can view in ePO? That's the sort I was looking for, myself. Here's what I've found that might be related to what you're looking for:

Table: HIP8_IPSEventParameter

Fingerprint is [ParameterName] = 'Executable Fingerprint' with the [ParameterValue] giving the desired value.

File Name being the File Description? If so it'd be [ParameterName] = 'Executable Description' with the [ParameterValue] giving the desired value.

Path being the File Path? If so then [ParameterName] = 'local file' with the [ParameterValue] giving the desired value.

I'm a novice at SQL so I can't give you much advice on incorporating it, but from a quick google search it seems you can join three tables together though (for example: mysql - SQL join multiple tables - Stack Overflow)

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community