Community Support, As I understand the result of "threat_handled="1" is to mean that the threat was not correctly handled. Or meaning that the file was not successfully deleted. So, in the case of "threat_handled="0", is this to mean (always) that the threat was correctly handled in all event code cases? I'm reading the ePO database using dbconnect with Splunk and want to be sure that I can authoritatively state that I can ignore results if the threat handled is zero.
Thanks in advance,