Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <list id="1">
- <query id="2">
- <dictionary id="3"/>
- <name>Threats detected by the cloud (no signatures) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="4">
- <dictionary id="5"/>
- <name>Threat Events NOT handled (last 1 week) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="6">
- <dictionary id="7"/>
- <name>Top 10 users - Threat Events (last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="8">
- <dictionary id="9"/>
- <name>Threats detected by Local Threat Intelligence (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="10">
- <dictionary id="11"/>
- <name>Threat detection by OS (Last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="12">
- <dictionary id="13"/>
- <name>Threats detected locally (signatures only) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="14">
- <dictionary id="15"/>
- <name>Unique threats detected in the cloud (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="16">
- <dictionary id="17"/>
- <name>Threats for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="18">
- <dictionary id="19"/>
- <name>Threats for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="20">
- <dictionary id="21"/>
- <name>Threats/Host for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="22">
- <dictionary id="23"/>
- <name>Threats/Host for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="24">
- <dictionary id="25"/>
- <name>Threats/File for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="26">
- <dictionary id="27"/>
- <name>Threats/File for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="28">
- <dictionary id="29"/>
- <name>Threats/File for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="30">
- <dictionary id="31"/>
- <name>Versions of Products - ALL TC</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="32">
- <dictionary id="33"/>
- <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 24 hours</name>
- <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="34">
- <dictionary id="35"/>
- <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 48 hours</name>
- <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for machines not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="36">
- <dictionary id="37"/>
- <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 48 hours</name>
- <description>Operations report for machines that require action. This query will show you new infections that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="38">
- <dictionary id="39"/>
- <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 24 hours</name>
- <description>Operational report for that shows machines that may require action. This query will show you new infections that VirusScan may not be fully cleaning in the past day. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for the past 2 days.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="40">
- <dictionary id="41"/>
- <name>M-VS Access Protection FW Rules Triggered AND Blocked in the Past 3 Days</name>
- <description>These are access protection FW rules that are being blocked by VS. The only default FW rule enabled in VS is reporting/blocking IRC communication and SMTP port 25. Broken down by threat IP address, process name, and rule that is being triggered. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1094++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&orion.sum.order=az%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="42">
- <dictionary id="43"/>
- <name>M-VS Access Protection FW Rules Triggered but NOT Blocked in the Past 3 Days</name>
- <description>These are access protection FW rules that are set to report only and not block. The only default FW rule enabled in VS is reporting/blocking IRC communication. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1096++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&orion.sum.order=az%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="44">
- <dictionary id="45"/>
- <name>Threats detected locally (signatures only) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="46">
- <dictionary id="47"/>
- <name>Unique threats detected in the cloud (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="48">
- <dictionary id="49"/>
- <name>Top 10 endpoints - Threat Events (last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="50">
- <dictionary id="51"/>
- <name>M-Top 10 Computers with the Most Detections Cleaned in Past 3 Days</name>
- <description>Displays the top ten computers with the most detections in the last 3 Days</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+not_isBlank+EPOComputerProperties.ComputerName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOLeafNode.NodeName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOLeafNode.NodeName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="52">
- <dictionary id="53"/>
- <name>M-Top 10 Users with the Most Detections Cleaned in the Last 3 Days</name>
- <description>Top 10 user with the most infections cleaned in the last 3 days. Local System and Network username have been removed.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+notContains+EPOEvents.TargetUserName+%22authority%22+%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="54">
- <dictionary id="55"/>
- <name>Malware Detection History</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="56">
- <dictionary id="57"/>
- <name>Threats detected locally (signatures only)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="58">
- <dictionary id="59"/>
- <name>Unique threats detected in the cloud</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="60">
- <dictionary id="61"/>
- <name>Top 10 endpoints - Threat Events (last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="62">
- <dictionary id="63"/>
- <name>Threats detected by the cloud (no signatures)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="64">
- <dictionary id="65"/>
- <name>Threat Events NOT handled (last 1 week)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="66">
- <dictionary id="67"/>
- <name>Top 10 users - Threat Events (last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="68">
- <dictionary id="69"/>
- <name>Threats detected by Local Threat Intelligence</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="70">
- <dictionary id="71"/>
- <name>Versions of Products - ALL</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="72">
- <dictionary id="73"/>
- <name>VSE Engine Versions Summary</name>
- <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="74">
- <dictionary id="75"/>
- <name>DAT Versions Summary</name>
- <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="76">
- <dictionary id="77"/>
- <name>Agent Versions Summary</name>
- <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="78">
- <dictionary id="79"/>
- <name>VirusScan Patch Versions</name>
- <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="80">
- <dictionary id="81"/>
- <name>Systems per Top-Level Group</name>
- <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&bool.red.text=Non-Compliant&orion.sum.query=true&bool.green.text=Compliant&orion.query.type=bar.bar&bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&bar.count.title=EPOLeafNode&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="82">
- <dictionary id="83"/>
- <name>Operating System Types PIE Charat</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOComputerProperties.OSType&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="84">
- <dictionary id="85"/>
- <name>Duplicate Systems Names by First Level Group</name>
- <description>Lists all system names that appear in multiple System Tree locations.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOLeafNode.NodeName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="86">
- <dictionary id="87"/>
- <name>Systems Not Reporting in - more than 30 Days</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L2ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="88">
- <dictionary id="89"/>
- <name>Systems with High Sequence Errors by Group</name>
- <description>Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.NodeTextPath2&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="90">
- <dictionary id="91"/>
- <name>UnManaged Systems by Group</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="92">
- <dictionary id="93"/>
- <name>Threat Events in the Last 2 Weeks</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks. </description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="94">
- <dictionary id="95"/>
- <name>Most Numerous Threat Event Descriptions in the Database</name>
- <description>Shows the most numerous threat events found in the database today. This can let you pinpoint events that may be overwhelming your database and then you can filter them by disabling them.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=40&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="96">
- <dictionary id="97"/>
- <name>Repositories Composite Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="98">
- <dictionary id="99"/>
- <name>Systems in Lost and Found</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L2ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="100">
- <dictionary id="101"/>
- <name>Rogue Systems, By OUI (Last 7 Days)</name>
- <description>Rogue Systems, By OUI (Last 7 Days)</description>
- <target>RSDInterfaces</target>
- <table-uri>query:table?orion.table.columns=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName&orion.table.order=az&orion.table.order.by=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+RSDInterfaces.LastDetectedTime+604800000++%29+%28+eq+RSDDetectedSystems.Rogue+%221%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=RSDInterfaces.OrgName&orion.query.type=pie.pie&orion.sum.group.by=RSDInterfaces.OrgName&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="102">
- <dictionary id="103"/>
- <name>PoV: Last 3 Months Detections Trend for TIE (imported)</name>
- <description>Last 3 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="104">
- <dictionary id="105"/>
- <name>PoV: Last 3 Months Detections Trend for HIPS (imported)</name>
- <description>Last 3 Month Detections Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="106">
- <dictionary id="107"/>
- <name>PoV: Last 2 Weeks Detections Trend for TIE</name>
- <description>Last 2 weeks Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="108">
- <dictionary id="109"/>
- <name>OBM: Detected Threats over the past 4 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="110">
- <dictionary id="111"/>
- <name>Repositories and Percentage Utilization</name>
- <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and needed repository configuration improvements in policy.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="112">
- <dictionary id="113"/>
- <name>Applied Policies Bubble Chart</name>
- <description></description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=bubble.bubble&orion.sum.query=true&orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.FeatureTextID&orion.sum.order=az%3Aaz&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="114">
- <dictionary id="115"/>
- <name>SiteAdvisor Product Versions</name>
- <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="116">
- <dictionary id="117"/>
- <name>ePO DB Table Space Usage</name>
- <description>Displays the space used by each table in the ePO database. Values are updated when the PA: Get Index and Space Statistics server task is run.</description>
- <target>PATableSizeView</target>
- <table-uri>query:table?orion.table.columns=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB&orion.table.order=az&orion.table.order.by=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=PATableSizeView.TabName&orion.sum.order=desc&orion.sum.aggregation=sum&orion.sum.aggregation.column=PATableSizeView.ReservedMB&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="118">
- <dictionary id="119"/>
- <name>Agent Handler Status</name>
- <description>Agent handler communication status within the last hour.</description>
- <target>EPOAgentHandlers</target>
- <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&orion.table.order=az&orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=Not+Communicating&orion.sum.query=true&bool.green.text=Communicating&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="120">
- <dictionary id="121"/>
- <name>VSE Versions</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="122">
- <dictionary id="123"/>
- <name>PoV: Last Month Detections per Product</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="124">
- <dictionary id="125"/>
- <name>PoV: Last 3 Months Detections Trend for TIE</name>
- <description>Last 3 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="126">
- <dictionary id="127"/>
- <name>PoV: Last 3 Months Detections Trend for Virus Scan</name>
- <description>Last 3 Month Detections Trend for Virus Scan</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="128">
- <dictionary id="129"/>
- <name>PoV: Last 3 Months Detections Trend for ENS</name>
- <description>Last 3 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="130">
- <dictionary id="131"/>
- <name>PoV: Last 3 Months Detections Trend for HIPS</name>
- <description>Last 3 Month Detections Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="132">
- <dictionary id="133"/>
- <name>PoV: Last 1 Months Detections Trend for HIPS</name>
- <description>Last 1 Month Detection Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="134">
- <dictionary id="135"/>
- <name>PoV: Last 1 Month Detections Trend for TIE</name>
- <description>Last 1 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="136">
- <dictionary id="137"/>
- <name>PoV: Last 1 Month Detections Trend for ENS</name>
- <description>Last 1 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="138">
- <dictionary id="139"/>
- <name>PoV: Last 3 Month Detections per Product</name>
- <description>Displays a pie chart of detections within the last 3 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="140">
- <dictionary id="141"/>
- <name>PoV: Last Day Detections per Product</name>
- <description>Displays a pie chart of detections within the last 1 day organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="142">
- <dictionary id="143"/>
- <name>PoV: Last Month Detections per Product (imported)</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="144">
- <dictionary id="145"/>
- <name>PoV: Last Month Detections per Product by Severity-bar</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.AnalyzerName%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="146">
- <dictionary id="147"/>
- <name>TIE: Last 1 Week Rule Names and Action Taken</name>
- <description></description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatActionTaken&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="148">
- <dictionary id="149"/>
- <name>PoV: Last 3 Months Detections Trend for Virus Scan (imported)</name>
- <description>Last 3 Month Detections Trend for Virus Scan</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="150">
- <dictionary id="151"/>
- <name>PoV: Last 3 Months Detections Trend for ENS (imported)</name>
- <description>Last 3 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="152">
- <dictionary id="153"/>
- <name>OBM: Detected Threats 4 to 8 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="154">
- <dictionary id="155"/>
- <name>OBM: Detected Threats 8 to 12 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="156">
- <dictionary id="157"/>
- <name>OBM: Infected Systems over the past 4 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="158">
- <dictionary id="159"/>
- <name>OBM: Infected Systems over the past 4 to 8 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="160">
- <dictionary id="161"/>
- <name>OBM: Infected Systems over the past 8 to 12 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="162">
- <dictionary id="163"/>
- <name>VSE Versions Summary (imported)</name>
- <description>Displays a pie chart of installed VSE versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="164">
- <dictionary id="165"/>
- <name>VSE Engine Versions Summary (imported)</name>
- <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="166">
- <dictionary id="167"/>
- <name>DAT Versions Summary (imported)</name>
- <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="168">
- <dictionary id="169"/>
- <name>Agent Versions Summary (imported)</name>
- <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="170">
- <dictionary id="171"/>
- <name>VirusScan Patch Versions (imported)</name>
- <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="172">
- <dictionary id="173"/>
- <name>Systems per Top-Level Group (imported)</name>
- <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&bool.red.text=Non-Compliant&orion.sum.query=true&bool.green.text=Compliant&orion.query.type=bar.bar&bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&bar.count.title=EPOLeafNode&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="174">
- <dictionary id="175"/>
- <name>SiteAdvisor Product Versions (imported)</name>
- <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="176">
- <dictionary id="177"/>
- <name>Agent Communication Summary</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="178">
- <dictionary id="179"/>
- <name>Composite Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="180">
- <dictionary id="181"/>
- <name>DAT Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="182">
- <dictionary id="183"/>
- <name>Install Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="184">
- <dictionary id="185"/>
- <name>Invalid Repositories</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.HostName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="186">
- <dictionary id="187"/>
- <name>Patch Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22HotFix%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="188">
- <dictionary id="189"/>
- <name>Update Errors</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%28+ne+EPOProductEvents.Error+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.Error&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="190">
- <dictionary id="191"/>
- <name>Threat Events in the Last Week</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="192">
- <dictionary id="193"/>
- <name>Top 10 endpoints - Threat Events Last 24h</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.AnalyzerHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="194">
- <dictionary id="195"/>
- <name>Malware Detections</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="196">
- <dictionary id="197"/>
- <name>Top 10 Users with the Most Detections Last 24h</name>
- <description>Top 10 user with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="198">
- <dictionary id="199"/>
- <name>Convictions by Technology</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="200">
- <dictionary id="201"/>
- <name>Last Month ENS Detections</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="202">
- <dictionary id="203"/>
- <name>Application Containment Results</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="204">
- <dictionary id="205"/>
- <name>Endpoint Detection Events by Analyzer Type</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="206">
- <dictionary id="207"/>
- <name>Threat detection by OS (Last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="208">
- <dictionary id="209"/>
- <name>Malware Detection History (imported)</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="210">
- <dictionary id="211"/>
- <name>Agent + Protection</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+7776000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion%3AEPOProdPropsView_THREATPREVENTION.productversion&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="212">
- <dictionary id="213"/>
- <name>Agent Communication Summary (imported)</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="214">
- <dictionary id="215"/>
- <name>DAT versions (last 1 month)</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOLeafNode.ManagedState+1++%29+%28+newerThan+EPOLeafNode.LastUpdate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="216">
- <dictionary id="217"/>
- <name>Failed DAT Updates (last week)</name>
- <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+258++%29+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="218">
- <dictionary id="219"/>
- <name>Distributed Repository Status</name>
- <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
- <target>EPORepositoryStatus</target>
- <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&orion.table.order=az&orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=failure&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&bool.green.text=success&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="220">
- <dictionary id="221"/>
- <name>Server Task Errors (last month)</name>
- <description></description>
- <target>OrionTaskLogTask</target>
- <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&orion.table.order=az&orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=OrionTaskLogTask.Status&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="222">
- <dictionary id="223"/>
- <name>Malware Detection History (imported 2)</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="224">
- <dictionary id="225"/>
- <name>Top 10 endpoints - Threat Events (last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="226">
- <dictionary id="227"/>
- <name>Threats detected by the cloud (no signatures) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="228">
- <dictionary id="229"/>
- <name>Threat Events NOT handled (last 1 week) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="230">
- <dictionary id="231"/>
- <name>Top 10 users - Threat Events (last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="232">
- <dictionary id="233"/>
- <name>Threats detected by Local Threat Intelligence (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="234">
- <dictionary id="235"/>
- <name>Top Blocked Sites by Users</name>
- <description>SiteAdvisor Enterprise: Top 100 sites that were blocked over the last 30 days.</description>
- <target>SAEEvent</target>
- <table-uri>query:table?orion.table.columns=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName%3ASAEEvent.Count&orion.table.order=az&orion.table.order.by=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+SAEEvent.EventTypeID+18600++%29+%28+newerThan+SAEEvent.DetectedUTC+2592000000++%29+%28+eq+SAEEvent.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=SAEEvent.DomainName&orion.query.type=summary.topn&orion.sum.group.by=SAEEvent.UserID&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=SAEEvent.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="236">
- <dictionary id="237"/>
- <name>Threat detection by OS (Last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="238">
- <dictionary id="239"/>
- <name>Threats for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="240">
- <dictionary id="241"/>
- <name>Threats for 1 Week (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="242">
- <dictionary id="243"/>
- <name>Threat Events in the Last Week (imported)</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="244">
- <dictionary id="245"/>
- <name>Top 10 endpoints - Threat Events Last 24h (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.AnalyzerHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="246">
- <dictionary id="247"/>
- <name>Malware Detections (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="248">
- <dictionary id="249"/>
- <name>Top 10 Users with the Most Detections Last 24h (imported)</name>
- <description>Top 10 user with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="250">
- <dictionary id="251"/>
- <name>Convictions by Technology (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="252">
- <dictionary id="253"/>
- <name>Last Month ENS Detections (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="254">
- <dictionary id="255"/>
- <name>Application Containment Results (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="256">
- <dictionary id="257"/>
- <name>Endpoint Detection Events by Analyzer Type (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="258">
- <dictionary id="259"/>
- <name>Threats for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="260">
- <dictionary id="261"/>
- <name>Threats/Host for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="262">
- <dictionary id="263"/>
- <name>Threats/Host for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="264">
- <dictionary id="265"/>
- <name>Threats/Host for 1 Month (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="266">
- <dictionary id="267"/>
- <name>Threats/File for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="268">
- <dictionary id="269"/>
- <name>Threats/File for 1 Week (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="270">
- <dictionary id="271"/>
- <name>Threats/File for 1 Month (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="272">
- <dictionary id="273"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 categories chart</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Category_Query_Chart</target>
- <table-uri>query:table?orion.table.columns=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total&orion.table.order=az&orion.table.order.by=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Category_Query_Chart.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UA_Category_Query_Chart.Description&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="274">
- <dictionary id="275"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 analyze table</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Analyse_Query</target>
- <table-uri>query:table?orion.table.columns=UA_Analyse_Query.Product%3AUA_Analyse_Query.Your_Environment%3AUA_Analyse_Query.Required_Update%3AUA_Analyse_Query.Endpoints&orion.table.order=asc&orion.table.order.by=UA_Analyse_Query.Product</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Analyse_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="276">
- <dictionary id="277"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 plan table</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Plan_Query</target>
- <table-uri>query:table?orion.table.columns=UA_Plan_Query.Required_Actions%3AUA_Plan_Query.Restarts%3AUA_Plan_Query.Servers%3AUA_Plan_Query.Workstations%3AUA_Plan_Query.Total&orion.table.order=az&orion.table.order.by=UA_Plan_Query.Required_Actions</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Plan_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table</summary-uri>
- </query>
- <query id="278">
- <dictionary id="279"/>
- <name>Systeme pro Agentensteuerung</name>
- <description>Zeigt ein Kreisdiagramm von verwalteten Systemen an, wobei jedes Segment fΓΌr eine Agentensteuerung steht.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=&orion.sum.group.by=EPOAgentHandlers.DNSName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="280">
- <dictionary id="281"/>
- <name>Inaktive Agenten</name>
- <description>Agenten vom Typ McAfee Agent, die in den letzten 30 Tagen nicht mit dem ePolicy Orchestrator-Server kommuniziert haben.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="282">
- <dictionary id="283"/>
- <name>Agent Communication Summary (imported 2)</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="284">
- <dictionary id="285"/>
- <name>Systeme in Lost & Found</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.Tags%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.IPHostName&orion.table.order=asc&orion.table.order.by=EPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOLeafNode.NodeName&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="286">
- <dictionary id="287"/>
- <name>OS overview</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOComputerProperties.OSType&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="288">
- <dictionary id="289"/>
- <name>Total Threat Events in EPO Database</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="290">
- <dictionary id="291"/>
- <name>Total Client Events in EPO Database</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="292">
- <dictionary id="293"/>
- <name>Server Task Errors (last month) (imported)</name>
- <description></description>
- <target>OrionTaskLogTask</target>
- <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&orion.table.order=az&orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=OrionTaskLogTask.Status&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="294">
- <dictionary id="295"/>
- <name>Versions of Products - ALL (imported)</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- </list>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement