1 of 1 people found this helpful
Good morning. This task isn't anything that needs the web API to solve, you can accomplish this entirely within the ePO console.
First, make sure you have your SMTP server configured -- ePO can't email you things without it. Go to Configuration -> Server Settings -> Email Server to set it up.
Next, create or find the query that you'd like to have mailed to you regularly. For example, I see a "VSE: Top 10 Threat Sources" default query. That might work for now, and then you might want to go back and edit the query to tweak the time range or other criteria to fine tune it after you get everything set up.
After you know what query you want to run, go to Automation->Server Tasks and create a new task.
In the first step of the new task wizard, you just need to give the task a name and make sure it's enabled.
The second step has most of the work. What you're going to want to do first is run the query you found or created above -- so make the first task a 'Run Query' task, and choose the query you want to run.
Next, you should see a 'Sub-action' menu ... choose 'email file' ... fill in the rest of the information about where to send it, and whether you want to see just the chart or additional drill down info.
Hit next and add the schedule on the third step of the wizard. Zip past the summary page, and once you've saved the server task you can choose to 'Run' it immediately to make sure you receive the email. Check the server task log to verify that it worked.
Once you've got the general setup down you might play around with creating different queries or, if you're running ePO 4.6 you can create reports with multiple queries in them (choose the action 'Run Report' instead of 'Run Query' to run a report in a server task).
Hope this was useful to you,
Just create a new task to run the query and email it at the required schedule.
Page 260 of the ePO 4.6 product guide has a step by step guide on how to set up a new server task to run a report.
Instead of selecting a report choose a query and then set up a sub-action to email it. You could even build a custom query if you want.
Great, that's very helpful. I already received a first email notification.
Now I recieve an email with a "weekly overview of top 10 most infected pc's this week"
When I click on a "Threat Target User Name" it shows me:
Event Category Threat Type Threat Target User Name Threat Target Host Name Detecting Product IPv4 Address Tags Detecting Product Name Detecting Product Version DAT Version Engine Version Last Communication
What I would like to see to is the "exact name of the threat" (not just the "Treat Type") and when exactly (date and time) it occurred.
Do you know how I can alter the query to obtain this information?
Right, I now almost have all columns I want, except one.
The only item left on this list is that I would like to see when the exact malware was found.
(Now I only have "Last Communication" as a time-stamp).
But I would like to see if the malware was caught on the same day or a different day, etc.
Is there a "Available Column" for that?
1 of 1 people found this helpful
'Event generated' is the column you probably want.
This will be when the detection occurred on the client.