Thanks! Then do you know which event table shall we use to get the threat events?

Epoevents table has the threat events.  As I stated, create a simple for a threat event, save it, then click on that query, go to actions and view sql.  That tells you what tables it is looking at.  Forget the fact that the main epo db doesn't have an epoevents table.  It will find it in the events database.

We tried querying the EPOEvents table directly through web API:

select EPOEvents.ReceivedUTC from EPOEvents

But the API was unable to find target table 'EPOEvents', maybe this Events table was not created?

Are you running epo 5.10?  If so, make sure you have an epo events table named the same as your main one, only with events in the name.  If you are running epo 5.9.x, try using epoeventsmt as table name.

Yes, we are running epo 5.10. Interestingly, we checked all available tables by querying:

/remote/core.listTables

But EPOEvents table is not in the table list. Does this mean that the epo events table does not exist in the database?

Not necessarily.  Do what I had suggested in the beginning.  Create a query under queries and reporting for data you are looking for.  You can go to new query, events, then threat events and just create a simple query.  Save it, then highlight it, go to actions view sql.  Paste that sql syntax here.  Then run it and see if it returns data.  Let me know if you get errors.

Currently, we don't have direct access to ePO UI or dashboard. We can only get the data through web API :(, is there any way to quickly check if the EPO event table is available?

Do you have access to the sql server?  Otherwise run this:

core.listDatabases core.listDatabases Returns all databases the user is permitted
to see as a list of objects.