cancel
Showing results for 
Search instead for 
Did you mean: 

Total Event Count for ESM in a report?

Is there a certain query or a way for me to include the total event count for a specified time frame seen in ESM within a report? I am not looking for details of the events - just a number of all events  for the time period. I've tried to use the "count" query in ESM, but that gives a line item for each device / data source. I've also tried selecting ESM as the device in the filter and setting the query limit, but no go.

Any ideas?

3 Replies
rcavey
Level 9
Report Inappropriate Content
Message 2 of 4

Re: Total Event Count for ESM in a report?

Basically the screen view of a Summary query includes the total event count in the upper right corner based on your time and device selection but that total count does not show up in a report that I can see.  If you can get away it, looks like you only have the choice of either a screenshot/printing a PDF of the ESM "Default Summary" -> "Event Summary" window section which does report the total count.

dcobes
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Total Event Count for ESM in a report?

Create new view > Select first icon (dial control) > select event query "Total Events" or "Total Event Collection Rate"

Then choose the rate you wish to view: per second, per minute, per hour, per day, per week, per month

example_SIEM_Dial.png

McAfee Employee mscott
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Total Event Count for ESM in a report?

If you have a dashboard set up with the information you would like to include with the report you may choose to create a report as a dashboard report. It's a way to turn any dashboard into a pdf report that can be retrieved. Alternatively when creating the report you can use a similar query as any of the event count bars in the dashboard. IE SUM* should show total event counts.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator