Showing results for 
Search instead for 
Did you mean: 
Level 13
Report Inappropriate Content
Message 1 of 2

EPO 4.0 - source URL in VSE query

In 3.6.1, I used to pass on the source URL of threats to our network guys to additionally block. So if for example we had a psyme hit I would pass on the URL that was shown in the drill down of Antivirus\detection\detections\threat detected report.

Under 4.0 although I can set my reports easily enough to pull out data for threats detected and drill down to see the standard event log info for each event the threat source URL always seems to be blank.

Any suggestions or ideas?

There is nothing in the SQL to account for this as this just sets what events and times etc, the data just doesnt seem to be in the event logs full stop.
Labels (1)
1 Reply
Level 7
Report Inappropriate Content
Message 2 of 2

Test Query

I just put together a query to run against my own EPO 4.0 server ( I can see a few source URLs for HIPS events but nothing for any of my VSE events.

However, I'm not 100% certain that any of my EPO clients have seen any of these threats. Any idea on how to further test?