When on-access scan status is enabled/disabled for VSE/ENS we can see that in McAfee EPO under system properties and also by running queries for that system but I wanted to know in which logs its stored under EPO.Like we have Threat event logs is there is any other log in EPO where we can see the status.
We want to pull the logs from EPO on SIEM for on access scan status.Can anyone help me ?
That is not stored in any local logs on the epo server, but stored in the database. You would have to pull that info from the queries in epo, which you can use same query to pull from the database for siem. To view the query syntax epo is using, you can highlight the query, then go to actions, view sql.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?