1 Reply Latest reply on Apr 25, 2012 6:49 PM by Kary Tankink

    HIPS Reporting Help !!!

    Steve Chmiewliski

      Hi Everyone

       

      Starting to get a little frustrated with the reporting capabilities of HIPS

       

      I need to create a couple of reports which I would have thought were straight forward.

           1. Dynamically created Firewall rules by System name.

           2. Logged / Blocked IPS events by System name

       

      I can see the information displayed within ePO under reporting / Host IPS 8.0, but when trying to build a report within the query builder I can't find a way of putting this together.

      Can anyone offer some guidance on how to create the reports I need.

       

      Thanks in advanced

      Steve

        • 1. Re: HIPS Reporting Help !!!
          Kary Tankink

          Try editing (duplicate first) some of the default Host IPS queries.

           

               1. Dynamically created Firewall rules by System name.

           

          Host IPS: Firewall Client Rules by Protocol/System Name - switch this query to a Single-group Summary Table with the Label set to System Name

           

           

               2. Logged / Blocked IPS events by System name

           

          Host IPS: Top 10 Triggered Signatures - switch this query to a Multi-group Summary Table and set the Labels to System Name & Action Taken.

           

           

          You'll have to tailor queries to you liking since they can be configured with any number of different parameters & criteria.

           

          Message was edited by: ktankink on 4/25/12 6:49:27 PM CDT