cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 12
‎12-15-2020 10:58 AM

ePO Web API Query: Get ePO threat events for one machine

Hi, 

We want to query the ePO database to get the threat events for one machine, which event table shall we use? We tried to find "EPOEvents" table as described in 

https://kc.mcafee.com/corporate/index?page=content&id=KB68961

But this table does not exist in our ePO database. Is there any other table we can use?

Thanks!

0 Kudos
Reply
11 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12
‎12-15-2020 11:42 AM

Re: ePO Web API Query: Get ePO threat events for one machine

If you are running epo 5.10, there are 2 databases - one main db and the events db where they are stored.  However, you still use the same queries, as the db's are linked - you don't query the events database itself.  

If you run the same desired query in epo, save the query, then view query syntax.  That will give you tables, columns, etc. to use.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 12
‎12-15-2020 11:53 AM

Re: ePO Web API Query: Get ePO threat events for one machine

Thanks! Then do you know which event table shall we use to get the threat events?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 12
‎12-15-2020 12:21 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Epoevents table has the threat events.  As I stated, create a simple for a threat event, save it, then click on that query, go to actions and view sql.  That tells you what tables it is looking at.  Forget the fact that the main epo db doesn't have an epoevents table.  It will find it in the events database.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 12
‎12-15-2020 01:29 PM

Re: ePO Web API Query: Get ePO threat events for one machine

We tried querying the EPOEvents table directly through web API:

 

select EPOEvents.ReceivedUTC from EPOEvents

 

But the API was unable to find target table 'EPOEvents', maybe this Events table was not created?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 12
‎12-15-2020 02:42 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Are you running epo 5.10?  If so, make sure you have an epo events table named the same as your main one, only with events in the name.  If you are running epo 5.9.x, try using epoeventsmt as table name.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 12
‎12-15-2020 02:45 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Yes, we are running epo 5.10. Interestingly, we checked all available tables by querying:

/remote/core.listTables

But EPOEvents table is not in the table list. Does this mean that the epo events table does not exist in the database?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 12
‎12-15-2020 02:47 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Not necessarily.  Do what I had suggested in the beginning.  Create a query under queries and reporting for data you are looking for.  You can go to new query, events, then threat events and just create a simple query.  Save it, then highlight it, go to actions view sql.  Paste that sql syntax here.  Then run it and see if it returns data.  Let me know if you get errors.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 12
‎12-15-2020 03:06 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Currently, we don't have direct access to ePO UI or dashboard. We can only get the data through web API :(, is there any way to quickly check if the EPO event table is available?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 12
‎12-15-2020 03:10 PM

Re: ePO Web API Query: Get ePO threat events for one machine

Do you have access to the sql server?  Otherwise run this:

core.listDatabases core.listDatabases Returns all databases the user is permitted
to see as a list of objects.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC