5 Replies Latest reply on Jul 6, 2017 2:43 AM by wouterr

    Can you sort HIPS events by API name?

    stan4d

      I'm working on tuning events from HIPS signature 3819 - Vulnerability in HTML Help ActiveX Control.  In attempting to isolate false positives I would like to sort events by "API Name" which is part of each HIPS event info.  However, in the query builder chart and filter pages there are no "API Name" options.  I can put the data into the table and add a column for "API Name" but it's under Endpoint Security Threat Events, not Host IPS Event Info.  In any case the field is blank since the data did not come from ENS.

       

      Does anyone have experience here or thoughts on this?  Any other tips on working with this signature?  Thanks!