Hi
By making a report we can point siem to filter queries by a Source User watchlist. Was wondering how to perfom a report for every user (not all of them) from the watchlist, list, file, etc. In other words, we have 30 users on a list and expect to create 30 same reports with every single one of them as a source user filter.
Any idea, API?
Regards.
Solved! Go to Solution.
Hi Bolek.
its a very nice question.
but i don't have a simple solution.. just a script work around.
write a script that inserts via API 1 user name to the McAfee Watchlist
on the McAfee Report UI insert in the global filter to filter on that 1 User Watchlist
the script will change in each session the next name in the list + run the report (via API) with the new user name in the whatchlist
and so on...
Best Regards👍👍👍
David.
Hi Bolek.
its a very nice question.
but i don't have a simple solution.. just a script work around.
write a script that inserts via API 1 user name to the McAfee Watchlist
on the McAfee Report UI insert in the global filter to filter on that 1 User Watchlist
the script will change in each session the next name in the list + run the report (via API) with the new user name in the whatchlist
and so on...
Best Regards👍👍👍
David.
Bolek,
Agreed with David. However also if you would like to see this included in a future release please submit the product idea as this is not currently possible in the UI at this time:
https://community.mcafee.com/t5/Enterprise-Customer-Product/idb-p/business-ideas
Thanks guys.
I have successfully achieved my goal using the API.
Good idea with the PER , will take care of it.
Regards,
...but don't rely on PER. They are either implemented never or not implemented at all 😒
I like how you say that yet if you go to the product idea page for SIEM and look under Idea Statuses you will see that over 300 have been delivered. I am sorry if your idea has not been delivered yet.
I personly posted some greate ideas
i know its great ideas becuase they exist in other SIEM's like Qradar etc.
But they were closed and forgaten becouse they didn't get a high vote..
Best Regards👍👍👍
David
Thanks David.
I just hope that in terms of all of the 10.x EOL versions comming this year they will have more engineers to create, test and implement our PERs.
I wonder if they have implemented any idea so far (including high rated ones) or maybe it is only a good looking marketing feature,
Regards, Tom
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA