cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 4.6 How to Report on Java Exploits

We are currently running the ePO 4.6 console at our office and one of our Risk Management folks aske if it was possible to report on Java exploits that were detected by McAfee.  Does anyone know if there is a way to create a report on just Java issues or do the fall under some broader catagory when creating a detection report. 

Thanks

3 Replies

Re: ePO 4.6 How to Report on Java Exploits

The ePO reporting/query filter is massively configurable so it is quite likely you woul be able to do this.

A possible starting point would be to filter based on 'Threat Name Contains xxxx' where xxxx is a unique string for the exploit you are looking for.

Basically so long as an event is being written to the ePO server for the detection you should be able to filter it out.

Re: ePO 4.6 How to Report on Java Exploits

You could also duplicate the "All threats detected by Month" report and add the following criteria to the filter:  Threat Target File Path contains  java or contains jar_cache

HTH

Jane

jperry
Level 9
Report Inappropriate Content
Message 4 of 4

Re: ePO 4.6 How to Report on Java Exploits

I would also recommend adding contains .class and .jar. As well depending on your user-defined rules you may want to exclude access protection events as they may skew your results.