1 of 1 people found this helpful
Could you clarify my doubt ?
How your going to notify the Admins/Users ?
If you wants ePO to deliver the mail to you then its simple create automatic response based on the screen shot.
Note : also add all the event ID's which are related to the reboot request a
Here i have shared my knowledge as per my understanding if its not related or not that much worth pls excuse and ignore
Here is the query I use for this very same thing your looking for. I plan on using the reboot tools in this community to take it a step further and automatically reboot workstations and notify on servers with a pop-up.
That's very helpful. Thank you for your reply. I'm not actually looking to have ePO deliver an email. I have another system that my administrators use that I am integrating with the ePO server. So as a programmer I am pulling data out of ePO and putting it into our custom reports in our third party system. The reasons for this are complex but the simplest reason is so that we can give admins and users access to data without giving them access to ePO.
That being said, your answer provided me with some additional areas to look at to give me more clues, and I very much appreciate that.
This is excellent, thank you very much. I am still wondering if the endpoint would ever get into a state where a client or dat update requires a reboot, but I can cross that bridge when I come to it. Your query gives me exactly what I need for now. Thank you.
For any other coders out there who can't really use the ePO interface and need to access all data through the web API, here is Stephen's exported query written as an ad-hoc query:
target=EPOEvents&select=(select EPOEvents.DetectedUTC EPOEvents.TargetHostName EPOEvents.ThreatEventID EPOEvents.ThreatName)&where=(where (and (in EPOEvents.ThreatEventID 1028 1055 1104 1312 1313 1314 1315 1316 1317 1318 1414 1415 1416) (newerThan EPOEvents.ReceivedUTC 3600000))))&order=(order (asc EPOEvents.DetectedUTC)(asc EPOEvents.TargetHostName) (asc EPOEvents.ThreatName))
Stephen, I have another question I've posted about dates, but maybe you can help me out here. What does that 3600000 value represent for your newerThan parameter? Maybe I can figure this out myself playing with the GUI but what did you select that resulted in that 3600000 value?
Event Receive time is within the last hour, so I assume 3600000 is milliseconds.
I feel silly for not realizing that. Thank you that helps very much.