1 Reply Latest reply on Sep 24, 2012 11:09 AM by Kary Tankink

    HIPS reporting help needed

    Steve Chmiewliski

      Hi Everyone.

       

      Trying to put together 2 reports for HIPS 8.

          

           1. Firewall Blocked Traffic - This report needs to show all traffic that has\is being blocked

           2. IPS blocked Apps - This reports needs to show the apps / ips related that has \ is being blocked

       

      Can any one supply an idiots guide here.. I hate the reporting in ePO.

       

      Cheers

      Steve

        • 1. Re: HIPS reporting help needed
          Kary Tankink
          1. Firewall Blocked Traffic - This report needs to show all traffic that has\is being blocked

          This is not possible, as Firewall events are not sent to ePO.  This is by design.

           

           

          2. IPS blocked Apps - This reports needs to show the apps / ips related that has \ is being blocked


          IPS works via Signature numbers.  You'd have to write a query to pull whatever signature data you desired.  Some of the default HIPS queries perform this (by Severity and System Type: Workstation, Server).  Others can provide more info on how they create their own queries.