This content has been marked as final. Show 6 replies
I too would love to hear if anyone has any insight on this issue.
First of all, you must enable event with ID 1203 in "Event Filtering".
Download from following link file and import to query repository. This query will help to find machines reported about ODS scan complete over time. Query created on ePO4 patch 3. If you find way to make some improvements, share it please.
The link is dead. Can you post the XML for the query?
Here is the XML
<name language="iw">VSE: ODS complete</name>
<property name="tableURI">query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEven ts.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents. ThreatEventID&orion.table.order=az&orion.table.order.by=EPOEvents.Detect edUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCatego ry%3AEPOEvents.ThreatEventID</property>
<property name="conditionURI">query:condition?orion.condition.sexp=%28+where+%28+eq+EPOEv ents.ThreatEventID+1203++%29+%29</property>
<property name="summaryURI">query:summary?orion.show.other.limit=0&orion.sum.order.by =EPOEvents.DetectedUTC&orion.show.other=false&orion.sum.group.by=EPOEven ts.ThreatEventID&orion.sum.aggregation.column=EPOEvents.DetectedUTC&orio n.sum.time.cols=false&orion.sum.aggregation=distinct&orion.sum.order=des c&orion.sum.limit.count=0&bar.title=EPOEvents.ThreatEventID&orion.ch art.type=bar&orion.sum.limit=false&orion.sum.query=true</property>
Like he said before. Make sure you enable event 1203 in event filtering.
Configuration...Server Settings...Event Filtering...Edit