1 of 1 people found this helpful
Hi Attila Polinger ,
Instead of creating query you can configure Automatic response .
In Response builder
1) select Event Group ePO notification and event type as Threat .
2) select appropriate filter criteria as per your requirement such as " Threat Handled equals True"
4) In grouping :
Source Host name or Source IP address
as per your requirement .
Enter mail address to whom mail need to be sent and information about systems . which you can include using insert values drop down box.
thank you for your reply. Automatic Response would be good, however, among the clients we manage not everywhere is a SMTP server available in the respective ePO server.
Anyway thank you for the idea.
I did think maybe your answer would lie down the web.API route but the SQL support in that is not powerful enough for that type of query.
However if your familiar with XML/XSL scripting i'm sure it would be techinally possible to do the hard slog processing outside of ePO with a chained web.API and an XSL translation process.
Basically build a web.API query to extract all of the events in ePO and return the result as XML and then filter/count them with XSL.
Although this solution would be outside of ePO it would potentially just be a single action of just opening the inital query file in a browser.
Perhaps you could still use Automatic Response, but instead of triggering an e-mail, you assign a special tag to the affected systems, which you can then use to build your query.