Advertisement
dev247

Nick's McAfee ePO Queries

Jul 13th, 2018
709
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 179.60 KB | None | 0 0
  1. <list id="1">
  2.   <query id="2">
  3.     <dictionary id="3"/>
  4.     <name>Threats detected by the cloud (no signatures) (imported)</name>
  5.     <description></description>
  6.     <target>EPOEvents</target>
  7.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  8.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  9.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  10.   </query>
  11.   <query id="4">
  12.     <dictionary id="5"/>
  13.     <name>Threat Events NOT handled (last 1 week) (imported)</name>
  14.     <description></description>
  15.     <target>EPOEvents</target>
  16.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  17.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  18.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  19.   </query>
  20.   <query id="6">
  21.     <dictionary id="7"/>
  22.     <name>Top 10 users - Threat Events (last 7 days) (imported)</name>
  23.     <description></description>
  24.     <target>EPOEvents</target>
  25.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  26.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  27.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  28.   </query>
  29.   <query id="8">
  30.     <dictionary id="9"/>
  31.     <name>Threats detected by Local Threat Intelligence (imported)</name>
  32.     <description></description>
  33.     <target>EPOEvents</target>
  34.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  35.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  36.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  37.   </query>
  38.   <query id="10">
  39.     <dictionary id="11"/>
  40.     <name>Threat detection by OS (Last 7 days) (imported)</name>
  41.     <description></description>
  42.     <target>EPOEvents</target>
  43.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  44.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  45.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  46.   </query>
  47.   <query id="12">
  48.     <dictionary id="13"/>
  49.     <name>Threats detected locally (signatures only) (imported 2)</name>
  50.     <description></description>
  51.     <target>EPOEvents</target>
  52.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  53.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  54.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  55.   </query>
  56.   <query id="14">
  57.     <dictionary id="15"/>
  58.     <name>Unique threats detected in the cloud (imported 2)</name>
  59.     <description></description>
  60.     <target>EPOEvents</target>
  61.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  62.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  63.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  64.   </query>
  65.   <query id="16">
  66.     <dictionary id="17"/>
  67.     <name>Threats for 1 Day</name>
  68.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  69.     <target>EPOEvents</target>
  70.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  71.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  72.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  73.   </query>
  74.   <query id="18">
  75.     <dictionary id="19"/>
  76.     <name>Threats for 1 Week</name>
  77.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  78.     <target>EPOEvents</target>
  79.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  80.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  81.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  82.   </query>
  83.   <query id="20">
  84.     <dictionary id="21"/>
  85.     <name>Threats/Host for 1 Month</name>
  86.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  87.     <target>EPOEvents</target>
  88.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  89.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  90.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  91.   </query>
  92.   <query id="22">
  93.     <dictionary id="23"/>
  94.     <name>Threats/Host for 1 Day</name>
  95.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  96.     <target>EPOEvents</target>
  97.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  98.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  99.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  100.   </query>
  101.   <query id="24">
  102.     <dictionary id="25"/>
  103.     <name>Threats/File for 1 Day</name>
  104.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  105.     <target>EPOEvents</target>
  106.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  107.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  108.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  109.   </query>
  110.   <query id="26">
  111.     <dictionary id="27"/>
  112.     <name>Threats/File for 1 Week</name>
  113.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  114.     <target>EPOEvents</target>
  115.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  116.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  117.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  118.   </query>
  119.   <query id="28">
  120.     <dictionary id="29"/>
  121.     <name>Threats/File for 1 Month</name>
  122.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  123.     <target>EPOEvents</target>
  124.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  125.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  126.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  127.   </query>
  128.   <query id="30">
  129.     <dictionary id="31"/>
  130.     <name>Versions of Products - ALL TC</name>
  131.     <description></description>
  132.     <target>EPOSystemProductVersionInfo</target>
  133.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  134.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
  135.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  136.   </query>
  137.   <query id="32">
  138.     <dictionary id="33"/>
  139.     <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 24 hours</name>
  140.     <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
  141.     <target>EPOEvents</target>
  142.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  143.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  144.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  145.   </query>
  146.   <query id="34">
  147.     <dictionary id="35"/>
  148.     <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 48 hours</name>
  149.     <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for machines not cleaned in the past 24 hours</description>
  150.     <target>EPOEvents</target>
  151.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  152.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  153.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  154.   </query>
  155.   <query id="36">
  156.     <dictionary id="37"/>
  157.     <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 48 hours</name>
  158.     <description>Operations report for machines that require action. This query will show you new infections that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
  159.     <target>EPOEvents</target>
  160.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  161.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  162.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  163.   </query>
  164.   <query id="38">
  165.     <dictionary id="39"/>
  166.     <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 24 hours</name>
  167.     <description>Operational report for that shows machines that may require action. This query will show you new infections that VirusScan may not be fully cleaning in the past day. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for the past 2 days.</description>
  168.     <target>EPOEvents</target>
  169.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  170.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  171.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  172.   </query>
  173.   <query id="40">
  174.     <dictionary id="41"/>
  175.     <name>M-VS Access Protection FW Rules Triggered AND Blocked in the Past 3 Days</name>
  176.     <description>These are access protection FW rules that are being blocked by VS. The only default FW rule enabled in VS is reporting/blocking IRC communication and SMTP port 25. Broken down by threat IP address, process name, and rule that is being triggered. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
  177.     <target>EPOEvents</target>
  178.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  179.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1094++%29+%29+%29</condition-uri>
  180.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&amp;orion.sum.order=az%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  181.   </query>
  182.   <query id="42">
  183.     <dictionary id="43"/>
  184.     <name>M-VS Access Protection FW Rules Triggered but NOT Blocked in the Past 3 Days</name>
  185.     <description>These are access protection FW rules that are set to report only and not block. The only default FW rule enabled in VS is reporting/blocking IRC communication. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
  186.     <target>EPOEvents</target>
  187.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  188.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1096++%29+%29+%29</condition-uri>
  189.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&amp;orion.sum.order=az%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  190.   </query>
  191.   <query id="44">
  192.     <dictionary id="45"/>
  193.     <name>Threats detected locally (signatures only) (imported)</name>
  194.     <description></description>
  195.     <target>EPOEvents</target>
  196.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  197.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  198.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  199.   </query>
  200.   <query id="46">
  201.     <dictionary id="47"/>
  202.     <name>Unique threats detected in the cloud (imported)</name>
  203.     <description></description>
  204.     <target>EPOEvents</target>
  205.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  206.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  207.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  208.   </query>
  209.   <query id="48">
  210.     <dictionary id="49"/>
  211.     <name>Top 10 endpoints - Threat Events (last 7 days) (imported)</name>
  212.     <description></description>
  213.     <target>EPOEvents</target>
  214.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  215.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  216.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  217.   </query>
  218.   <query id="50">
  219.     <dictionary id="51"/>
  220.     <name>M-Top 10 Computers with the Most Detections Cleaned in Past 3 Days</name>
  221.     <description>Displays the top ten computers with the most detections in the last 3 Days</description>
  222.     <target>EPOEvents</target>
  223.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  224.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+not_isBlank+EPOComputerProperties.ComputerName+%29+%29+%29</condition-uri>
  225.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOLeafNode.NodeName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOLeafNode.NodeName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  226.   </query>
  227.   <query id="52">
  228.     <dictionary id="53"/>
  229.     <name>M-Top 10 Users with the Most Detections Cleaned in the Last 3 Days</name>
  230.     <description>Top 10 user with the most infections cleaned in the last 3 days. Local System and Network username have been removed.</description>
  231.     <target>EPOEvents</target>
  232.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  233.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+notContains+EPOEvents.TargetUserName+%22authority%22+%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%29+%29</condition-uri>
  234.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  235.   </query>
  236.   <query id="54">
  237.     <dictionary id="55"/>
  238.     <name>Malware Detection History</name>
  239.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  240.     <target>EPOEvents</target>
  241.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  242.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  243.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  244.   </query>
  245.   <query id="56">
  246.     <dictionary id="57"/>
  247.     <name>Threats detected locally (signatures only)</name>
  248.     <description></description>
  249.     <target>EPOEvents</target>
  250.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  251.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  252.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  253.   </query>
  254.   <query id="58">
  255.     <dictionary id="59"/>
  256.     <name>Unique threats detected in the cloud</name>
  257.     <description></description>
  258.     <target>EPOEvents</target>
  259.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  260.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  261.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  262.   </query>
  263.   <query id="60">
  264.     <dictionary id="61"/>
  265.     <name>Top 10 endpoints - Threat Events (last 7 days)</name>
  266.     <description></description>
  267.     <target>EPOEvents</target>
  268.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  269.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  270.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  271.   </query>
  272.   <query id="62">
  273.     <dictionary id="63"/>
  274.     <name>Threats detected by the cloud (no signatures)</name>
  275.     <description></description>
  276.     <target>EPOEvents</target>
  277.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  278.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  279.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  280.   </query>
  281.   <query id="64">
  282.     <dictionary id="65"/>
  283.     <name>Threat Events NOT handled (last 1 week)</name>
  284.     <description></description>
  285.     <target>EPOEvents</target>
  286.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  287.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  288.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  289.   </query>
  290.   <query id="66">
  291.     <dictionary id="67"/>
  292.     <name>Top 10 users - Threat Events (last 7 days)</name>
  293.     <description></description>
  294.     <target>EPOEvents</target>
  295.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  296.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  297.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  298.   </query>
  299.   <query id="68">
  300.     <dictionary id="69"/>
  301.     <name>Threats detected by Local Threat Intelligence</name>
  302.     <description></description>
  303.     <target>EPOEvents</target>
  304.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  305.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  306.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  307.   </query>
  308.   <query id="70">
  309.     <dictionary id="71"/>
  310.     <name>Versions of Products - ALL</name>
  311.     <description></description>
  312.     <target>EPOSystemProductVersionInfo</target>
  313.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  314.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
  315.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  316.   </query>
  317.   <query id="72">
  318.     <dictionary id="73"/>
  319.     <name>VSE Engine Versions Summary</name>
  320.     <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  321.     <target>EPOLeafNode</target>
  322.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  323.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  324.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  325.   </query>
  326.   <query id="74">
  327.     <dictionary id="75"/>
  328.     <name>DAT Versions Summary</name>
  329.     <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  330.     <target>EPOLeafNode</target>
  331.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  332.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  333.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  334.   </query>
  335.   <query id="76">
  336.     <dictionary id="77"/>
  337.     <name>Agent Versions Summary</name>
  338.     <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  339.     <target>EPOLeafNode</target>
  340.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  341.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  342.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  343.   </query>
  344.   <query id="78">
  345.     <dictionary id="79"/>
  346.     <name>VirusScan Patch Versions</name>
  347.     <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
  348.     <target>EPOLeafNode</target>
  349.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
  350.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
  351.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  352.   </query>
  353.   <query id="80">
  354.     <dictionary id="81"/>
  355.     <name>Systems per Top-Level Group</name>
  356.     <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
  357.     <target>EPOLeafNode</target>
  358.     <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
  359.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  360.     <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&amp;bool.red.text=Non-Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;orion.query.type=bar.bar&amp;bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&amp;bar.count.title=EPOLeafNode&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  361.   </query>
  362.   <query id="82">
  363.     <dictionary id="83"/>
  364.     <name>Operating System Types PIE Charat</name>
  365.     <description></description>
  366.     <target>EPOLeafNode</target>
  367.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion</table-uri>
  368.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  369.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOComputerProperties.OSType&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  370.   </query>
  371.   <query id="84">
  372.     <dictionary id="85"/>
  373.     <name>Duplicate Systems Names by First Level Group</name>
  374.     <description>Lists all system names that appear in multiple System Tree locations.</description>
  375.     <target>EPOLeafNode</target>
  376.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
  377.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
  378.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOLeafNode.NodeName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  379.   </query>
  380.   <query id="86">
  381.     <dictionary id="87"/>
  382.     <name>Systems Not Reporting in - more than 30 Days</name>
  383.     <description></description>
  384.     <target>EPOLeafNode</target>
  385.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  386.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%29</condition-uri>
  387.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L2ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  388.   </query>
  389.   <query id="88">
  390.     <dictionary id="89"/>
  391.     <name>Systems with High Sequence Errors by Group</name>
  392.     <description>Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.</description>
  393.     <target>EPOLeafNode</target>
  394.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
  395.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
  396.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.NodeTextPath2&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  397.   </query>
  398.   <query id="90">
  399.     <dictionary id="91"/>
  400.     <name>UnManaged Systems by Group</name>
  401.     <description></description>
  402.     <target>EPOLeafNode</target>
  403.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  404.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
  405.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  406.   </query>
  407.   <query id="92">
  408.     <dictionary id="93"/>
  409.     <name>Threat Events in the Last 2 Weeks</name>
  410.     <description>This chart shows the trend of threat event generation for the last 2 weeks. </description>
  411.     <target>EPOEvents</target>
  412.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  413.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  414.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  415.   </query>
  416.   <query id="94">
  417.     <dictionary id="95"/>
  418.     <name>Most Numerous Threat Event Descriptions in the Database</name>
  419.     <description>Shows the most numerous threat events found in the database today. This can let you pinpoint events that may be overwhelming your database and then you can filter them by disabling them.</description>
  420.     <target>EPOEvents</target>
  421.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  422.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  423.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=40&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  424.   </query>
  425.   <query id="96">
  426.     <dictionary id="97"/>
  427.     <name>Repositories Composite Utilization</name>
  428.     <description></description>
  429.     <target>EPOProductEvents</target>
  430.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  431.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  432.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  433.   </query>
  434.   <query id="98">
  435.     <dictionary id="99"/>
  436.     <name>Systems in Lost and Found</name>
  437.     <description></description>
  438.     <target>EPOLeafNode</target>
  439.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  440.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
  441.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L2ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  442.   </query>
  443.   <query id="100">
  444.     <dictionary id="101"/>
  445.     <name>Rogue Systems, By OUI (Last 7 Days)</name>
  446.     <description>Rogue Systems, By OUI (Last 7 Days)</description>
  447.     <target>RSDInterfaces</target>
  448.     <table-uri>query:table?orion.table.columns=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName&amp;orion.table.order=az&amp;orion.table.order.by=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName</table-uri>
  449.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+RSDInterfaces.LastDetectedTime+604800000++%29+%28+eq+RSDDetectedSystems.Rogue+%221%22+%29+%29+%29</condition-uri>
  450.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=RSDInterfaces.OrgName&amp;orion.query.type=pie.pie&amp;orion.sum.group.by=RSDInterfaces.OrgName&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  451.   </query>
  452.   <query id="102">
  453.     <dictionary id="103"/>
  454.     <name>PoV: Last 3 Months Detections Trend for TIE (imported)</name>
  455.     <description>Last 3 Month Detections Trend for TIE</description>
  456.     <target>EPOEvents</target>
  457.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  458.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  459.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  460.   </query>
  461.   <query id="104">
  462.     <dictionary id="105"/>
  463.     <name>PoV: Last 3 Months Detections Trend for HIPS (imported)</name>
  464.     <description>Last 3 Month Detections Trend for HIPS</description>
  465.     <target>EPOEvents</target>
  466.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  467.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  468.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  469.   </query>
  470.   <query id="106">
  471.     <dictionary id="107"/>
  472.     <name>PoV: Last 2 Weeks Detections Trend for TIE</name>
  473.     <description>Last 2 weeks Detections Trend for TIE</description>
  474.     <target>EPOEvents</target>
  475.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  476.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29</condition-uri>
  477.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  478.   </query>
  479.   <query id="108">
  480.     <dictionary id="109"/>
  481.     <name>OBM: Detected Threats over the past 4 hours</name>
  482.     <description></description>
  483.     <target>EPOEvents</target>
  484.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  485.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
  486.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  487.   </query>
  488.   <query id="110">
  489.     <dictionary id="111"/>
  490.     <name>Repositories and Percentage Utilization</name>
  491.     <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and needed repository configuration improvements in policy.</description>
  492.     <target>EPOProductEvents</target>
  493.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  494.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
  495.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  496.   </query>
  497.   <query id="112">
  498.     <dictionary id="113"/>
  499.     <name>Applied Policies Bubble Chart</name>
  500.     <description></description>
  501.     <target>EPOAssignedPolicy</target>
  502.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID</table-uri>
  503.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  504.     <summary-uri>query:summary?orion.query.type=bubble.bubble&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.FeatureTextID&amp;orion.sum.order=az%3Aaz&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  505.   </query>
  506.   <query id="114">
  507.     <dictionary id="115"/>
  508.     <name>SiteAdvisor Product Versions</name>
  509.     <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
  510.     <target>EPOLeafNode</target>
  511.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
  512.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  513.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  514.   </query>
  515.   <query id="116">
  516.     <dictionary id="117"/>
  517.     <name>ePO DB Table Space Usage</name>
  518.     <description>Displays the space used by each table in the ePO database. Values are updated when the PA: Get Index and Space Statistics server task is run.</description>
  519.     <target>PATableSizeView</target>
  520.     <table-uri>query:table?orion.table.columns=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB&amp;orion.table.order=az&amp;orion.table.order.by=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB</table-uri>
  521.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  522.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=PATableSizeView.TabName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=PATableSizeView.ReservedMB&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  523.   </query>
  524.   <query id="118">
  525.     <dictionary id="119"/>
  526.     <name>Agent Handler Status</name>
  527.     <description>Agent handler communication status within the last hour.</description>
  528.     <target>EPOAgentHandlers</target>
  529.     <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
  530.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  531.     <summary-uri>query:summary?bool.red.text=Not+Communicating&amp;orion.sum.query=true&amp;bool.green.text=Communicating&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  532.   </query>
  533.   <query id="120">
  534.     <dictionary id="121"/>
  535.     <name>VSE Versions</name>
  536.     <description></description>
  537.     <target>EPOLeafNode</target>
  538.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  539.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  540.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  541.   </query>
  542.   <query id="122">
  543.     <dictionary id="123"/>
  544.     <name>PoV: Last Month Detections per Product</name>
  545.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  546.     <target>EPOEvents</target>
  547.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  548.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  549.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  550.   </query>
  551.   <query id="124">
  552.     <dictionary id="125"/>
  553.     <name>PoV: Last 3 Months Detections Trend for TIE</name>
  554.     <description>Last 3 Month Detections Trend for TIE</description>
  555.     <target>EPOEvents</target>
  556.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  557.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  558.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  559.   </query>
  560.   <query id="126">
  561.     <dictionary id="127"/>
  562.     <name>PoV: Last 3 Months Detections Trend for Virus Scan</name>
  563.     <description>Last 3 Month Detections Trend for Virus Scan</description>
  564.     <target>EPOEvents</target>
  565.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  566.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  567.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  568.   </query>
  569.   <query id="128">
  570.     <dictionary id="129"/>
  571.     <name>PoV: Last 3 Months Detections Trend for ENS</name>
  572.     <description>Last 3 Month Detections Trend for ENS</description>
  573.     <target>EPOEvents</target>
  574.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  575.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  576.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  577.   </query>
  578.   <query id="130">
  579.     <dictionary id="131"/>
  580.     <name>PoV: Last 3 Months Detections Trend for HIPS</name>
  581.     <description>Last 3 Month Detections Trend for HIPS</description>
  582.     <target>EPOEvents</target>
  583.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  584.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  585.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  586.   </query>
  587.   <query id="132">
  588.     <dictionary id="133"/>
  589.     <name>PoV: Last 1 Months Detections Trend for HIPS</name>
  590.     <description>Last 1 Month Detection Trend for HIPS</description>
  591.     <target>EPOEvents</target>
  592.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  593.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  594.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  595.   </query>
  596.   <query id="134">
  597.     <dictionary id="135"/>
  598.     <name>PoV: Last 1 Month Detections Trend for TIE</name>
  599.     <description>Last 1 Month Detections Trend for TIE</description>
  600.     <target>EPOEvents</target>
  601.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  602.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  603.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  604.   </query>
  605.   <query id="136">
  606.     <dictionary id="137"/>
  607.     <name>PoV: Last 1 Month Detections Trend for ENS</name>
  608.     <description>Last 1 Month Detections Trend for ENS</description>
  609.     <target>EPOEvents</target>
  610.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  611.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  612.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  613.   </query>
  614.   <query id="138">
  615.     <dictionary id="139"/>
  616.     <name>PoV: Last 3 Month Detections per Product</name>
  617.     <description>Displays a pie chart of detections within the last 3 month organized by detecting product.</description>
  618.     <target>EPOEvents</target>
  619.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  620.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  621.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  622.   </query>
  623.   <query id="140">
  624.     <dictionary id="141"/>
  625.     <name>PoV: Last Day Detections per Product</name>
  626.     <description>Displays a pie chart of detections within the last 1 day organized by detecting product.</description>
  627.     <target>EPOEvents</target>
  628.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  629.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  630.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  631.   </query>
  632.   <query id="142">
  633.     <dictionary id="143"/>
  634.     <name>PoV: Last Month Detections per Product (imported)</name>
  635.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  636.     <target>EPOEvents</target>
  637.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  638.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  639.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  640.   </query>
  641.   <query id="144">
  642.     <dictionary id="145"/>
  643.     <name>PoV: Last Month Detections per Product by Severity-bar</name>
  644.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  645.     <target>EPOEvents</target>
  646.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  647.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  648.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.AnalyzerName%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  649.   </query>
  650.   <query id="146">
  651.     <dictionary id="147"/>
  652.     <name>TIE: Last 1 Week Rule Names and Action Taken</name>
  653.     <description></description>
  654.     <target>JTIClientEventInfoView</target>
  655.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  656.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29</condition-uri>
  657.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatActionTaken&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  658.   </query>
  659.   <query id="148">
  660.     <dictionary id="149"/>
  661.     <name>PoV: Last 3 Months Detections Trend for Virus Scan (imported)</name>
  662.     <description>Last 3 Month Detections Trend for Virus Scan</description>
  663.     <target>EPOEvents</target>
  664.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  665.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  666.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  667.   </query>
  668.   <query id="150">
  669.     <dictionary id="151"/>
  670.     <name>PoV: Last 3 Months Detections Trend for ENS (imported)</name>
  671.     <description>Last 3 Month Detections Trend for ENS</description>
  672.     <target>EPOEvents</target>
  673.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  674.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  675.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  676.   </query>
  677.   <query id="152">
  678.     <dictionary id="153"/>
  679.     <name>OBM: Detected Threats 4 to 8 hours</name>
  680.     <description></description>
  681.     <target>EPOEvents</target>
  682.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  683.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
  684.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  685.   </query>
  686.   <query id="154">
  687.     <dictionary id="155"/>
  688.     <name>OBM: Detected Threats 8 to 12 hours</name>
  689.     <description></description>
  690.     <target>EPOEvents</target>
  691.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  692.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
  693.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  694.   </query>
  695.   <query id="156">
  696.     <dictionary id="157"/>
  697.     <name>OBM: Infected Systems over the past 4 hours</name>
  698.     <description></description>
  699.     <target>EPOEvents</target>
  700.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  701.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
  702.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  703.   </query>
  704.   <query id="158">
  705.     <dictionary id="159"/>
  706.     <name>OBM: Infected Systems over the past 4 to 8 hours</name>
  707.     <description></description>
  708.     <target>EPOEvents</target>
  709.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  710.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
  711.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  712.   </query>
  713.   <query id="160">
  714.     <dictionary id="161"/>
  715.     <name>OBM: Infected Systems over the past 8 to 12 hours</name>
  716.     <description></description>
  717.     <target>EPOEvents</target>
  718.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  719.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
  720.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  721.   </query>
  722.   <query id="162">
  723.     <dictionary id="163"/>
  724.     <name>VSE Versions Summary (imported)</name>
  725.     <description>Displays a pie chart of installed VSE versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  726.     <target>EPOLeafNode</target>
  727.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  728.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  729.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  730.   </query>
  731.   <query id="164">
  732.     <dictionary id="165"/>
  733.     <name>VSE Engine Versions Summary (imported)</name>
  734.     <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  735.     <target>EPOLeafNode</target>
  736.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  737.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  738.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  739.   </query>
  740.   <query id="166">
  741.     <dictionary id="167"/>
  742.     <name>DAT Versions Summary (imported)</name>
  743.     <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  744.     <target>EPOLeafNode</target>
  745.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  746.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  747.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  748.   </query>
  749.   <query id="168">
  750.     <dictionary id="169"/>
  751.     <name>Agent Versions Summary (imported)</name>
  752.     <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  753.     <target>EPOLeafNode</target>
  754.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  755.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  756.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  757.   </query>
  758.   <query id="170">
  759.     <dictionary id="171"/>
  760.     <name>VirusScan Patch Versions (imported)</name>
  761.     <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
  762.     <target>EPOLeafNode</target>
  763.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
  764.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
  765.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  766.   </query>
  767.   <query id="172">
  768.     <dictionary id="173"/>
  769.     <name>Systems per Top-Level Group (imported)</name>
  770.     <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
  771.     <target>EPOLeafNode</target>
  772.     <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
  773.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  774.     <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&amp;bool.red.text=Non-Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;orion.query.type=bar.bar&amp;bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&amp;bar.count.title=EPOLeafNode&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  775.   </query>
  776.   <query id="174">
  777.     <dictionary id="175"/>
  778.     <name>SiteAdvisor Product Versions (imported)</name>
  779.     <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
  780.     <target>EPOLeafNode</target>
  781.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
  782.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  783.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  784.   </query>
  785.   <query id="176">
  786.     <dictionary id="177"/>
  787.     <name>Agent Communication Summary</name>
  788.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  789.     <target>EPOLeafNode</target>
  790.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  791.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  792.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  793.   </query>
  794.   <query id="178">
  795.     <dictionary id="179"/>
  796.     <name>Composite Utilization</name>
  797.     <description></description>
  798.     <target>EPOProductEvents</target>
  799.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  800.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  801.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  802.   </query>
  803.   <query id="180">
  804.     <dictionary id="181"/>
  805.     <name>DAT Utilization</name>
  806.     <description></description>
  807.     <target>EPOProductEvents</target>
  808.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  809.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%29+%29</condition-uri>
  810.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  811.   </query>
  812.   <query id="182">
  813.     <dictionary id="183"/>
  814.     <name>Install Utilization</name>
  815.     <description></description>
  816.     <target>EPOProductEvents</target>
  817.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  818.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%29+%29</condition-uri>
  819.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  820.   </query>
  821.   <query id="184">
  822.     <dictionary id="185"/>
  823.     <name>Invalid Repositories</name>
  824.     <description></description>
  825.     <target>EPOProductEvents</target>
  826.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  827.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  828.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.HostName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  829.   </query>
  830.   <query id="186">
  831.     <dictionary id="187"/>
  832.     <name>Patch Utilization</name>
  833.     <description></description>
  834.     <target>EPOProductEvents</target>
  835.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  836.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22HotFix%22+%29+%29+%29</condition-uri>
  837.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  838.   </query>
  839.   <query id="188">
  840.     <dictionary id="189"/>
  841.     <name>Update Errors</name>
  842.     <description></description>
  843.     <target>EPOProductEvents</target>
  844.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  845.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%28+ne+EPOProductEvents.Error+0++%29+%29+%29</condition-uri>
  846.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.Error&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  847.   </query>
  848.   <query id="190">
  849.     <dictionary id="191"/>
  850.     <name>Threat Events in the Last Week</name>
  851.     <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
  852.     <target>EPOEvents</target>
  853.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  854.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  855.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  856.   </query>
  857.   <query id="192">
  858.     <dictionary id="193"/>
  859.     <name>Top 10 endpoints - Threat Events Last 24h</name>
  860.     <description></description>
  861.     <target>EPOEvents</target>
  862.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
  863.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  864.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  865.   </query>
  866.   <query id="194">
  867.     <dictionary id="195"/>
  868.     <name>Malware Detections</name>
  869.     <description></description>
  870.     <target>EPOEvents</target>
  871.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
  872.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
  873.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  874.   </query>
  875.   <query id="196">
  876.     <dictionary id="197"/>
  877.     <name>Top 10 Users with the Most Detections Last 24h</name>
  878.     <description>Top 10 user with the most detections in the last three months.</description>
  879.     <target>EPOEvents</target>
  880.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  881.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  882.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  883.   </query>
  884.   <query id="198">
  885.     <dictionary id="199"/>
  886.     <name>Convictions by Technology</name>
  887.     <description></description>
  888.     <target>EPOEvents</target>
  889.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  890.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
  891.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  892.   </query>
  893.   <query id="200">
  894.     <dictionary id="201"/>
  895.     <name>Last Month ENS Detections</name>
  896.     <description></description>
  897.     <target>EPOEvents</target>
  898.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  899.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
  900.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  901.   </query>
  902.   <query id="202">
  903.     <dictionary id="203"/>
  904.     <name>Application Containment Results</name>
  905.     <description></description>
  906.     <target>EPOEvents</target>
  907.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  908.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
  909.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  910.   </query>
  911.   <query id="204">
  912.     <dictionary id="205"/>
  913.     <name>Endpoint Detection Events by Analyzer Type</name>
  914.     <description></description>
  915.     <target>EPOEvents</target>
  916.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  917.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
  918.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  919.   </query>
  920.   <query id="206">
  921.     <dictionary id="207"/>
  922.     <name>Threat detection by OS (Last 7 days)</name>
  923.     <description></description>
  924.     <target>EPOEvents</target>
  925.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  926.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  927.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  928.   </query>
  929.   <query id="208">
  930.     <dictionary id="209"/>
  931.     <name>Malware Detection History (imported)</name>
  932.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  933.     <target>EPOEvents</target>
  934.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  935.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  936.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  937.   </query>
  938.   <query id="210">
  939.     <dictionary id="211"/>
  940.     <name>Agent + Protection</name>
  941.     <description></description>
  942.     <target>EPOLeafNode</target>
  943.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  944.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+7776000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
  945.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion%3AEPOProdPropsView_THREATPREVENTION.productversion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  946.   </query>
  947.   <query id="212">
  948.     <dictionary id="213"/>
  949.     <name>Agent Communication Summary (imported)</name>
  950.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  951.     <target>EPOLeafNode</target>
  952.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  953.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
  954.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  955.   </query>
  956.   <query id="214">
  957.     <dictionary id="215"/>
  958.     <name>DAT versions (last 1 month)</name>
  959.     <description></description>
  960.     <target>EPOLeafNode</target>
  961.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  962.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOLeafNode.ManagedState+1++%29+%28+newerThan+EPOLeafNode.LastUpdate+2592000000++%29+%29+%29</condition-uri>
  963.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  964.   </query>
  965.   <query id="216">
  966.     <dictionary id="217"/>
  967.     <name>Failed DAT Updates (last week)</name>
  968.     <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
  969.     <target>EPOProductEvents</target>
  970.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  971.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+258++%29+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  972.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  973.   </query>
  974.   <query id="218">
  975.     <dictionary id="219"/>
  976.     <name>Distributed Repository Status</name>
  977.     <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
  978.     <target>EPORepositoryStatus</target>
  979.     <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&amp;orion.table.order=az&amp;orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
  980.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
  981.     <summary-uri>query:summary?bool.red.text=failure&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&amp;bool.green.text=success&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  982.   </query>
  983.   <query id="220">
  984.     <dictionary id="221"/>
  985.     <name>Server Task Errors (last month)</name>
  986.     <description></description>
  987.     <target>OrionTaskLogTask</target>
  988.     <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&amp;orion.table.order=az&amp;orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
  989.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
  990.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=OrionTaskLogTask.Status&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  991.   </query>
  992.   <query id="222">
  993.     <dictionary id="223"/>
  994.     <name>Malware Detection History (imported 2)</name>
  995.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  996.     <target>EPOEvents</target>
  997.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  998.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  999.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1000.   </query>
  1001.   <query id="224">
  1002.     <dictionary id="225"/>
  1003.     <name>Top 10 endpoints - Threat Events (last 7 days) (imported 2)</name>
  1004.     <description></description>
  1005.     <target>EPOEvents</target>
  1006.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1007.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  1008.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1009.   </query>
  1010.   <query id="226">
  1011.     <dictionary id="227"/>
  1012.     <name>Threats detected by the cloud (no signatures) (imported 2)</name>
  1013.     <description></description>
  1014.     <target>EPOEvents</target>
  1015.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1016.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  1017.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1018.   </query>
  1019.   <query id="228">
  1020.     <dictionary id="229"/>
  1021.     <name>Threat Events NOT handled (last 1 week) (imported 2)</name>
  1022.     <description></description>
  1023.     <target>EPOEvents</target>
  1024.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1025.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  1026.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1027.   </query>
  1028.   <query id="230">
  1029.     <dictionary id="231"/>
  1030.     <name>Top 10 users - Threat Events (last 7 days) (imported 2)</name>
  1031.     <description></description>
  1032.     <target>EPOEvents</target>
  1033.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1034.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  1035.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1036.   </query>
  1037.   <query id="232">
  1038.     <dictionary id="233"/>
  1039.     <name>Threats detected by Local Threat Intelligence (imported 2)</name>
  1040.     <description></description>
  1041.     <target>EPOEvents</target>
  1042.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1043.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  1044.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1045.   </query>
  1046.   <query id="234">
  1047.     <dictionary id="235"/>
  1048.     <name>Top Blocked Sites by Users</name>
  1049.     <description>SiteAdvisor Enterprise: Top 100 sites that were blocked over the last 30 days.</description>
  1050.     <target>SAEEvent</target>
  1051.     <table-uri>query:table?orion.table.columns=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName%3ASAEEvent.Count&amp;orion.table.order=az&amp;orion.table.order.by=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName</table-uri>
  1052.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+SAEEvent.EventTypeID+18600++%29+%28+newerThan+SAEEvent.DetectedUTC+2592000000++%29+%28+eq+SAEEvent.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  1053.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=SAEEvent.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=SAEEvent.UserID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=SAEEvent.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1054.   </query>
  1055.   <query id="236">
  1056.     <dictionary id="237"/>
  1057.     <name>Threat detection by OS (Last 7 days) (imported 2)</name>
  1058.     <description></description>
  1059.     <target>EPOEvents</target>
  1060.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1061.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  1062.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1063.   </query>
  1064.   <query id="238">
  1065.     <dictionary id="239"/>
  1066.     <name>Threats for 1 Day (imported)</name>
  1067.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1068.     <target>EPOEvents</target>
  1069.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1070.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1071.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1072.   </query>
  1073.   <query id="240">
  1074.     <dictionary id="241"/>
  1075.     <name>Threats for 1 Week (imported)</name>
  1076.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1077.     <target>EPOEvents</target>
  1078.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1079.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1080.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1081.   </query>
  1082.   <query id="242">
  1083.     <dictionary id="243"/>
  1084.     <name>Threat Events in the Last Week (imported)</name>
  1085.     <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
  1086.     <target>EPOEvents</target>
  1087.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1088.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1089.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1090.   </query>
  1091.   <query id="244">
  1092.     <dictionary id="245"/>
  1093.     <name>Top 10 endpoints - Threat Events Last 24h (imported)</name>
  1094.     <description></description>
  1095.     <target>EPOEvents</target>
  1096.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
  1097.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  1098.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1099.   </query>
  1100.   <query id="246">
  1101.     <dictionary id="247"/>
  1102.     <name>Malware Detections (imported)</name>
  1103.     <description></description>
  1104.     <target>EPOEvents</target>
  1105.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
  1106.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
  1107.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1108.   </query>
  1109.   <query id="248">
  1110.     <dictionary id="249"/>
  1111.     <name>Top 10 Users with the Most Detections Last 24h (imported)</name>
  1112.     <description>Top 10 user with the most detections in the last three months.</description>
  1113.     <target>EPOEvents</target>
  1114.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1115.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  1116.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1117.   </query>
  1118.   <query id="250">
  1119.     <dictionary id="251"/>
  1120.     <name>Convictions by Technology (imported)</name>
  1121.     <description></description>
  1122.     <target>EPOEvents</target>
  1123.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  1124.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
  1125.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1126.   </query>
  1127.   <query id="252">
  1128.     <dictionary id="253"/>
  1129.     <name>Last Month ENS Detections (imported)</name>
  1130.     <description></description>
  1131.     <target>EPOEvents</target>
  1132.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  1133.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
  1134.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1135.   </query>
  1136.   <query id="254">
  1137.     <dictionary id="255"/>
  1138.     <name>Application Containment Results (imported)</name>
  1139.     <description></description>
  1140.     <target>EPOEvents</target>
  1141.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  1142.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
  1143.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1144.   </query>
  1145.   <query id="256">
  1146.     <dictionary id="257"/>
  1147.     <name>Endpoint Detection Events by Analyzer Type (imported)</name>
  1148.     <description></description>
  1149.     <target>EPOEvents</target>
  1150.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  1151.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
  1152.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1153.   </query>
  1154.   <query id="258">
  1155.     <dictionary id="259"/>
  1156.     <name>Threats for 1 Month</name>
  1157.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1158.     <target>EPOEvents</target>
  1159.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1160.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1161.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1162.   </query>
  1163.   <query id="260">
  1164.     <dictionary id="261"/>
  1165.     <name>Threats/Host for 1 Day (imported)</name>
  1166.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1167.     <target>EPOEvents</target>
  1168.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1169.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1170.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1171.   </query>
  1172.   <query id="262">
  1173.     <dictionary id="263"/>
  1174.     <name>Threats/Host for 1 Week</name>
  1175.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1176.     <target>EPOEvents</target>
  1177.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1178.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1179.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1180.   </query>
  1181.   <query id="264">
  1182.     <dictionary id="265"/>
  1183.     <name>Threats/Host for 1 Month (imported)</name>
  1184.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1185.     <target>EPOEvents</target>
  1186.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1187.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1188.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1189.   </query>
  1190.   <query id="266">
  1191.     <dictionary id="267"/>
  1192.     <name>Threats/File for 1 Day (imported)</name>
  1193.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1194.     <target>EPOEvents</target>
  1195.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1196.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1197.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1198.   </query>
  1199.   <query id="268">
  1200.     <dictionary id="269"/>
  1201.     <name>Threats/File for 1 Week (imported)</name>
  1202.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1203.     <target>EPOEvents</target>
  1204.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1205.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1206.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1207.   </query>
  1208.   <query id="270">
  1209.     <dictionary id="271"/>
  1210.     <name>Threats/File for 1 Month (imported)</name>
  1211.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  1212.     <target>EPOEvents</target>
  1213.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  1214.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  1215.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1216.   </query>
  1217.   <query id="272">
  1218.     <dictionary id="273"/>
  1219.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 categories chart</name>
  1220.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  1221.     <target>UA_Category_Query_Chart</target>
  1222.     <table-uri>query:table?orion.table.columns=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total&amp;orion.table.order=az&amp;orion.table.order.by=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total</table-uri>
  1223.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Category_Query_Chart.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  1224.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UA_Category_Query_Chart.Description&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1225.   </query>
  1226.   <query id="274">
  1227.     <dictionary id="275"/>
  1228.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 analyze table</name>
  1229.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  1230.     <target>UA_Analyse_Query</target>
  1231.     <table-uri>query:table?orion.table.columns=UA_Analyse_Query.Product%3AUA_Analyse_Query.Your_Environment%3AUA_Analyse_Query.Required_Update%3AUA_Analyse_Query.Endpoints&amp;orion.table.order=asc&amp;orion.table.order.by=UA_Analyse_Query.Product</table-uri>
  1232.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Analyse_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  1233.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  1234.   </query>
  1235.   <query id="276">
  1236.     <dictionary id="277"/>
  1237.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 plan table</name>
  1238.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  1239.     <target>UA_Plan_Query</target>
  1240.     <table-uri>query:table?orion.table.columns=UA_Plan_Query.Required_Actions%3AUA_Plan_Query.Restarts%3AUA_Plan_Query.Servers%3AUA_Plan_Query.Workstations%3AUA_Plan_Query.Total&amp;orion.table.order=az&amp;orion.table.order.by=UA_Plan_Query.Required_Actions</table-uri>
  1241.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Plan_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  1242.     <summary-uri>query:summary?orion.query.type=table.table</summary-uri>
  1243.   </query>
  1244.   <query id="278">
  1245.     <dictionary id="279"/>
  1246.     <name>Systeme pro Agentensteuerung</name>
  1247.     <description>Zeigt ein Kreisdiagramm von verwalteten Systemen an, wobei jedes Segment fΓΌr eine Agentensteuerung steht.</description>
  1248.     <target>EPOLeafNode</target>
  1249.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
  1250.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1+%29+%29</condition-uri>
  1251.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=&amp;orion.sum.group.by=EPOAgentHandlers.DNSName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1252.   </query>
  1253.   <query id="280">
  1254.     <dictionary id="281"/>
  1255.     <name>Inaktive Agenten</name>
  1256.     <description>Agenten vom Typ McAfee Agent, die in den letzten 30 Tagen nicht mit dem ePolicy Orchestrator-Server kommuniziert haben.</description>
  1257.     <target>EPOLeafNode</target>
  1258.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
  1259.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
  1260.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1261.   </query>
  1262.   <query id="282">
  1263.     <dictionary id="283"/>
  1264.     <name>Agent Communication Summary (imported 2)</name>
  1265.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  1266.     <target>EPOLeafNode</target>
  1267.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  1268.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
  1269.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1270.   </query>
  1271.   <query id="284">
  1272.     <dictionary id="285"/>
  1273.     <name>Systeme in Lost &amp; Found</name>
  1274.     <description></description>
  1275.     <target>EPOLeafNode</target>
  1276.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.Tags%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.IPHostName&amp;orion.table.order=asc&amp;orion.table.order.by=EPOLeafNode.LastUpdate</table-uri>
  1277.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
  1278.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOLeafNode.NodeName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1279.   </query>
  1280.   <query id="286">
  1281.     <dictionary id="287"/>
  1282.     <name>OS overview</name>
  1283.     <description></description>
  1284.     <target>EPOLeafNode</target>
  1285.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion</table-uri>
  1286.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1287.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOComputerProperties.OSType&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1288.   </query>
  1289.   <query id="288">
  1290.     <dictionary id="289"/>
  1291.     <name>Total Threat Events in EPO Database</name>
  1292.     <description></description>
  1293.     <target>EPOEvents</target>
  1294.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  1295.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1296.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1297.   </query>
  1298.   <query id="290">
  1299.     <dictionary id="291"/>
  1300.     <name>Total Client Events in EPO Database</name>
  1301.     <description></description>
  1302.     <target>EPOProductEvents</target>
  1303.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  1304.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1305.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1306.   </query>
  1307.   <query id="292">
  1308.     <dictionary id="293"/>
  1309.     <name>Server Task Errors (last month) (imported)</name>
  1310.     <description></description>
  1311.     <target>OrionTaskLogTask</target>
  1312.     <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&amp;orion.table.order=az&amp;orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
  1313.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
  1314.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=OrionTaskLogTask.Status&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1315.   </query>
  1316.   <query id="294">
  1317.     <dictionary id="295"/>
  1318.     <name>Versions of Products - ALL (imported)</name>
  1319.     <description></description>
  1320.     <target>EPOSystemProductVersionInfo</target>
  1321.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  1322.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1323.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1324.   </query>
  1325. </list>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement