1 Reply Latest reply on Mar 13, 2014 9:26 AM by malware-alerts

    List of available counters in ePO queries for MEG7.x

    malware-alerts

      The counters available in ePO for queries on MEG7 data have different names depending if you are in the query builder or if you look at the actual results of a query.

       

      I got fed-up of always wondering what the counters meant and having to test my queries to make sure the counters I had selected in the query builder were in fact the ones I wanted to report on, so I decided to create a quick "cheat sheet".

       

      Thought it would be a good idea to share it here and maybe it could go in the "Documents" section and be available for everyone wondering the same thing when working with MEG7 queries in ePO:

       

      Counter  NameDisplay Name
      smtp.conn.bounced_emails.inboundBounced (Inbound)
      smtp.conn.bounced_emails.outboundBounced (Outbound)
      smtp.conn.compliancy.blocked.inboundCompliance (Inbound, Blocked)
      smtp.conn.conversation_mode.plain.inboundNon-TLS (Inbound)
      smtp.conn.conversation_mode.plain.outboundNon-TLS (Outbound)
      smtp.conn.conversation_mode.tls.inboundTLS (Inbound)
      smtp.conn.conversation_mode.tls.outboundTLS (Outbound)
      smtp.conn.format.blocked.inboundFile Filtering (Inbound, Blocked)
      smtp.conn.mail_size.blocked.inboundMail Size Filtering (Inbound, Blocked)
      smtp.conn.message_delivery.encrypted.tls.tls.inboundPlain (Inbound, TLS)
      smtp.conn.message_delivery.encrypted.tls.tls.outboundPlain (Outbound, TLS)
      smtp.conn.message_delivery.encrypted.tls.total.inboundTLS (Inbound)
      smtp.conn.message_delivery.encrypted.tls.total.outboundTLS (Outbound)
      smtp.conn.message_delivery.encrypted.total.inboundEncrypted (Inbound)
      smtp.conn.message_delivery.encrypted.total.outboundEncrypted (Outbound)
      smtp.conn.message_delivery.plain.inboundPlain (Inbound)
      smtp.conn.message_delivery.plain.outboundPlain (Outbound)
      smtp.conn.message_delivery.total.inboundDelivered (Inbound)
      smtp.conn.message_delivery.total.outboundDelivered (Outbound)
      smtp.conn.mu.blocked.inboundMail URL Reputation (Inbound, Blocked)
      smtp.conn.packer_mcafee.blocked.inboundPackers (McAfee) (Inbound, Blocked)
      smtp.conn.packer.blocked.inboundPackers (Inbound, Blocked)
      smtp.conn.phish.blocked.inboundPhish (Inbound, Blocked)
      smtp.conn.spam.blocked.inboundSpam (Inbound, Blocked)
      smtp.conn.spam.blocked.outboundSpam (Outbound, Blocked)
      smtp.conn.virus_authentium.blocked.inboundVirus (Commtouch® Command) (Inbound, Blocked)
      smtp.conn.virus_mcafee.blocked.inboundVirus (McAfee) (Inbound, Blocked)
      smtp.conn.virus.blocked.inboundVirus (Inbound, Blocked)
      smtp.DASHBOARD.Detections.Content.SenderID.totalSender ID (Detections)
      smtp.DASHBOARD.Detections.Content.SenderID.total.inboundSender ID (Inbound, Detections)
      smtp.DASHBOARD.Detections.Content.totalContent (Detections)
      smtp.DASHBOARD.Detections.Content.total.inboundContent (Inbound, Detections)
      smtp.DASHBOARD.Detections.Content.total.outboundContent (Outbound, Detections)
      smtp.DASHBOARD.Detections.Recipient.AntiRelay.totalAnti Relay (Detections)
      smtp.DASHBOARD.Detections.Recipient.AntiRelay.total.inboundAnti Relay (Inbound, Detections)
      smtp.DASHBOARD.Detections.Recipient.AntiRelay.total.outboundAnti Relay (Outbound, Detections)
      smtp.DASHBOARD.Detections.Recipient.totalRecipient (Detections)
      smtp.DASHBOARD.Detections.Recipient.total.inboundRecipient (Inbound, Detections)
      smtp.DASHBOARD.Detections.Recipient.total.outboundRecipient (Outbound, Detections)
      smtp.DASHBOARD.Detections.SenderConnection.SPF.totalSPF (Detections)
      smtp.DASHBOARD.Detections.SenderConnection.SPF.total.inboundSPF (Inbound, Detections)
      smtp.DASHBOARD.Detections.SenderConnection.totalSender/Connection (Detections)
      smtp.DASHBOARD.Detections.SenderConnection.total.inboundSender/Connection (Inbound, Detections)
      smtp.DASHBOARD.Detections.SenderConnection.total.outboundSender/Connection (Outbound, Detections)
      smtp.DASHBOARD.Detections.totalDetections (SMTP, Total)
      smtp.DASHBOARD.Detections.total.inboundDetections (Inbound)
      smtp.DASHBOARD.Detections.total.outboundDetections (Outbound)
      smtp.DASHBOARD.Summary.Blocked.Content.total.inboundContent (Inbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.Content.total.outboundContent (Outbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.Recipient.AntiRelay.total.inboundAnti Relay (Inbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.Recipient.total.inboundRecipient (Inbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.SenderConnection.SPF.total.inboundSPF (Inbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.SenderConnection.total.inboundSender/Connection (Inbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.SenderConnection.total.outboundSender/Connection (Outbound, Blocked)
      smtp.DASHBOARD.Summary.Blocked.total.inboundBlocked (Inbound)
      smtp.DASHBOARD.Summary.Blocked.total.outboundBlocked (Outbound)
      smtp.deny_rejectedDeny Sender (Detections)
      smtp.dkim_verify_failDKIM (Detections)
      smtp.from_inside.deny_rejectedDeny Sender (Outbound, Blocked)
      smtp.from_inside.messagesTotal Outbound Messages
      smtp.from_outside.deny_rejectedDeny Sender (Inbound, Blocked)
      smtp.from_outside.dkim_verify_failDKIM (Inbound, Detections)
      smtp.from_outside.messagesTotal Inbound Messages
      smtp.from_outside.rbl_matchRBL (Inbound, Detections)
      smtp.from_outside.spfpra_rejectedSender ID (Inbound, Blocked)
      smtp.from_outside.ts_message_lookup_maliciousGTI Message Reputation (Inbound, Detections)
      smtp.from_outside.ts_message_rejectedGTI Message Reputation (Inbound, Blocked)
      smtp.neat.scanresult.detection.compliancyCompliance (Detections)
      smtp.neat.scanresult.detection.compliancy.inboundCompliance (Inbound, Detections)
      smtp.neat.scanresult.detection.compliancy.outboundCompliance (Outbound, Detections)
      smtp.neat.scanresult.detection.dosDenial of Service (Detection)
      smtp.neat.scanresult.detection.dos.inboundDenial of Service (Inbound, Detection)
      smtp.neat.scanresult.detection.engine.authentium.virusVirus (Commtouch® Command)
      smtp.neat.scanresult.detection.engine.authentium.virus.inboundVirus (Commtouch® Command) (Inbound, Detections)
      smtp.neat.scanresult.detection.engine.mcafee.packersPackers (McAfee)
      smtp.neat.scanresult.detection.engine.mcafee.packers.inboundPackers (McAfee) (Inbound, Detections)
      smtp.neat.scanresult.detection.engine.mcafee.pupsPUPs (McAfee)
      smtp.neat.scanresult.detection.engine.mcafee.pups.inboundPUPs (McAfee) (Inbound, Detections)
      smtp.neat.scanresult.detection.engine.mcafee.virusVirus (McAfee)
      smtp.neat.scanresult.detection.engine.mcafee.virus.inboundVirus (McAfee)(Inbound, Detections)
      smtp.neat.scanresult.detection.file_filteringFile Filtering (Detections)
      smtp.neat.scanresult.detection.file_filtering.inboundFile Filtering (Inbound, Detections)
      smtp.neat.scanresult.detection.mail_filteringMail Filtering (Detections)
      smtp.neat.scanresult.detection.mail_filtering.inboundMail Filtering (Inbound, Detections)
      smtp.neat.scanresult.detection.mail_filtering.outboundMail Filtering (Outbound, Detections)
      smtp.neat.scanresult.detection.mail_size_filteringMail Size Filtering (Detections)
      smtp.neat.scanresult.detection.mail_size_filtering.inboundMail Size Filtering (Inbound, Detections)
      smtp.neat.scanresult.detection.max_urlsMail URL Reputation DoS (Detections)
      smtp.neat.scanresult.detection.max_urls.inboundMail URL Reputation DoS
      smtp.neat.scanresult.detection.max_urls.outboundMail URL Reputation DoS (Outbound, Detections)
      smtp.neat.scanresult.detection.packersPackers (Detections)
      smtp.neat.scanresult.detection.packers.inboundPackers (Inbound, Detections)
      smtp.neat.scanresult.detection.phishPhish (Detections)
      smtp.neat.scanresult.detection.phish.inboundPhish (Inbound, Detections)
      smtp.neat.scanresult.detection.pupsPUPs (Detections)
      smtp.neat.scanresult.detection.pups.inboundPUPs (Inbound, Detections)
      smtp.neat.scanresult.detection.spamSpam (Detections)
      smtp.neat.scanresult.detection.spam.inboundSpam (Inbound, Detections)
      smtp.neat.scanresult.detection.spam.outboundSpam (Outbound, Detections)
      smtp.neat.scanresult.detection.unsafe_urlsMail URL Reputation (Detections)
      smtp.neat.scanresult.detection.unsafe_urls.inboundMail URL Reputation (Inbound, Detections)
      smtp.neat.scanresult.detection.unsafe_urls.outboundMail URL Reputation (Outbound, Detections)
      smtp.neat.scanresult.detection.virusVirus (Detections)
      smtp.neat.scanresult.detection.virus.inboundVirus (Inbound, Detections)
      smtp.rbl_matchRBL (Detections)
      smtp.ts_message_lookup_maliciousGTI Message Reputation (Detections)

       

      Message was edited by: malware-alerts on 3/10/14 3:37:43 PM CDT