1 Reply Latest reply on Aug 20, 2013 3:00 AM by Manish KS

    Creating a query to show only unhandled events

    coopersim

      Hi!

       

      I'm trying to create a query in ePO Orchestrator 4.5.4 to show only unhandled events - those events that aren't quarantined, deleted etc. I have seen this done before but didn't have a chance to look at the query, can anyone help please?

       

      Thanks.

        • 1. Re: Creating a query to show only unhandled events
          Manish KS

          Hi Coopersim,

           

          If I understand correctly, you would like to create a query to know how many threats were not handled by McAfee VSE. If yes, you can try the steps below to create a query:

           

          -Log into ePO console

          -Menu>Reporting>Queries & Reports

          -Action>New , One new window will open there you will see Feature Group and Result Tyes

          -From the Feature Group select Events Then from the Result Types select Threat Events and click on Next

          -From the new window you can select the Desply results type, the default would be Bar Chart/ Click on Next

          -Another window open where you can select the columns as per your requirment and click on Next

          -Now the Filter window will open

          -From the available properties select  Threat Handled Equals False

          -If you wish to put any other filter to minimize the result that also you can do from this filter screen then Save it and give a name of the query.