i have a similar issue- many machines uncompliant ( DAT out of date)- getting a report from epo every day. How did you manage to assign tags to machines with more than 7 days - which tag ? When I go to the tag catalog I can only see criteria based on hardware (ie. ip, cpu,disk space).
In automation I can assign tag based on my report but again which tag would that be. Also, in automation I can run a query against my report but as "sub action" what is missing is "run a task" based on that outcome. Any help is welcome.
It takes more than one step.
- 1) Create a tag - I named it "Non-compliant systems"
- 2) Create several queries (use Table) The reason you have to create several queries (McAfee, are you listening?) is because you can't do logical ORs in queries between different Available Properties - only within each property
- Systems with dats more than X number of versions old (I use 7)
- Systems with agents older than your current agent (IOW, Not Equal to your current version)
- Systems with old VSE versions installed (IOW, Not Equal to your current version)
- Systems with old scan engine versions (IOW, Not Equal to your current version)
- Create a server task that tags out of compliance versions (Run each query and tag the results)
- Create a client task that runs ePO-MVT on systems tagged non-compliant on a scheduled basis - be sure to force a reboot if required
Without doing anything else I am now down to 503 non-compliant systems. So over 700 systems have been automagically remediated by ePO-MVT and are now up to date.