We are currently running the ePO 4.6 console at our office and one of our Risk Management folks aske if it was possible to report on Java exploits that were detected by McAfee. Does anyone know if there is a way to create a report on just Java issues or do the fall under some broader catagory when creating a detection report.
The ePO reporting/query filter is massively configurable so it is quite likely you woul be able to do this.
A possible starting point would be to filter based on 'Threat Name Contains xxxx' where xxxx is a unique string for the exploit you are looking for.
Basically so long as an event is being written to the ePO server for the detection you should be able to filter it out.
You could also duplicate the "All threats detected by Month" report and add the following criteria to the filter: Threat Target File Path contains java or contains jar_cache
I would also recommend adding contains .class and .jar. As well depending on your user-defined rules you may want to exclude access protection events as they may skew your results.