Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <list id="1">
- <query id="2">
- <dictionary id="3"/>
- <name>Effective permissions for users</name>
- <description>Shows all permissions for each user</description>
- <target>EntitlementView</target>
- <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&orion.table.order=az&orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ne+EntitlementView.RoleUri+%22%25%25NOEPOROLES%25%25%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EntitlementView.PrincipalName%3AEntitlementView.RoleUri&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="4">
- <dictionary id="5"/>
- <name>Permission set details</name>
- <description>Shows the permissions associated with each permission set</description>
- <target>EntitlementView</target>
- <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&orion.table.order=az&orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EntitlementView.GroupName%3AEntitlementView.RoleUri&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="6">
- <dictionary id="7"/>
- <name>Permission set membership</name>
- <description>Shows the permission sets associated with each principal</description>
- <target>EntitlementView</target>
- <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&orion.table.order=az&orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName&orion.sum.order=az%3Adesc&orion.sum.aggregation=distinct&orion.sum.aggregation.column=EntitlementView.GroupName&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="8">
- <dictionary id="9"/>
- <name>Policy Assignment Change History by User (30 days)</name>
- <description>Displays a report grouped by user of all policy assignments in the last 30 days as recorded in the Audit log.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.Message&orion.table.order=az&orion.table.order.by=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.Message</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Assign+policy%22+%29+%28+eq+OrionAuditLog.CmdName+%22Remove+policy+assignment%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+Policy+Assignment+Rule+Priority%22+%29+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%28+ne+OrionAuditLog.UserName+%22system%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=OrionAuditLog.UserName&orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="10">
- <dictionary id="11"/>
- <name>Today's Detections per Product</name>
- <description>Displays a pie chart of detections within the last 24 hours organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="12">
- <dictionary id="13"/>
- <name>Systems per Top-Level Group</name>
- <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&bool.red.text=nonCompliant&orion.sum.query=true&bool.green.text=compliant&orion.query.type=bar.bar&bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&bar.count.title=EPOLeafNode&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="14">
- <dictionary id="15"/>
- <name>Duplicate Systems Names</name>
- <description>Lists all system names that appear in multiple System Tree locations.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="16">
- <dictionary id="17"/>
- <name>McAfee Agent Compliance Summary</name>
- <description>Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSPlatform%3AEPOProdPropsView_EPOAGENT.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSPlatform%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOLeafNode.LastUpdate+86400000++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=nonCompliant&orion.sum.query=true&bool.green.text=compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%224.8%22+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="18">
- <dictionary id="19"/>
- <name>McAfee Agent Compliance History</name>
- <description>Displays the percentage of systems (over time) in your environment which are compliant. Uses the "McAfee Agent Compliance Summary" query to determine compliance. The "Generate Records for McAfee Compliance History Reporting" server task is used to record the daily compliance percentage.</description>
- <target>EpoComplianceHistory</target>
- <table-uri>query:table?orion.table.columns=EpoComplianceHistory.ChartName%3AEpoComplianceHistory.TheTimestamp%3AEpoComplianceHistory.CountCompliant%3AEpoComplianceHistory.CountNonCompliant%3AEpoComplianceHistory.CountComputers%3AEpoComplianceHistory.PercentCompliant%3AEpoComplianceHistory.PercentNonCompliant&orion.table.order=az&orion.table.order.by=EpoComplianceHistory.ChartName%3AEpoComplianceHistory.TheTimestamp%3AEpoComplianceHistory.CountCompliant%3AEpoComplianceHistory.CountNonCompliant%3AEpoComplianceHistory.CountComputers%3AEpoComplianceHistory.PercentCompliant%3AEpoComplianceHistory.PercentNonCompliant</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EpoComplianceHistory.TheTimestamp+31536000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+EpoComplianceHistory.ChartName+%22McAfee+Agent+Compliance+Summary%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EpoComplianceHistory&orion.query.type=line.line&line.title=EpoComplianceHistory.TheTimestamp&orion.sum.group.by=EpoComplianceHistory.TheTimestamp&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=newest&orion.sum.aggregation=avg&orion.sum.aggregation.column=EpoComplianceHistory.PercentCompliant</summary-uri>
- </query>
- <query id="20">
- <dictionary id="21"/>
- <name>Multi-Server McAfee Agent Compliance Summary</name>
- <description>Displays a Boolean pie chart of systems across all the registered servers which are compliant or noncompliant by version of McAfee Agent.</description>
- <target>EpoRollup_Computers</target>
- <table-uri>query:table?orion.table.columns=OrionRegisteredServers.Name%3AEpoRollup_Computers.NodeName%3AEpoRollup_Computers.FullPath%3AEPORollup_ProductPropertiesEPOAGENT.productversion&orion.table.order=az&orion.table.order.by=OrionRegisteredServers.Name%3AEpoRollup_Computers.NodeName%3AEpoRollup_Computers.FullPath%3AEPORollup_ProductPropertiesEPOAGENT.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EpoRollup_Computers.LastUpdate+1209600000++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=nonCompliant&orion.sum.query=true&bool.green.text=compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+version_ge+EPORollup_ProductPropertiesEPOAGENT.productversion+%224.8%22+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="22">
- <dictionary id="23"/>
- <name>Multi-Server McAfee Agent Compliance History</name>
- <description>Displays the percentage of systems (over time) across all registered server which are compliant.</description>
- <target>EpoRollup_ComplianceHistory</target>
- <table-uri>query:table?orion.table.columns=OrionRegisteredServers.Name%3AEpoRollup_ComplianceHistory.TheTimestamp%3AEpoRollup_ComplianceHistory.CountComputers%3AEpoRollup_ComplianceHistory.CountCompliant%3AEpoRollup_ComplianceHistory.PercentCompliant%3AEpoRollup_ComplianceHistory.CountNonCompliant&orion.table.order=az&orion.table.order.by=OrionRegisteredServers.Name%3AEpoRollup_ComplianceHistory.TheTimestamp%3AEpoRollup_ComplianceHistory.CountComputers%3AEpoRollup_ComplianceHistory.CountCompliant%3AEpoRollup_ComplianceHistory.PercentCompliant%3AEpoRollup_ComplianceHistory.CountNonCompliant%3AEpoRollup_ComplianceHistory.PercentNonCompliant</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EpoRollup_ComplianceHistory.TheTimestamp+31536000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+EpoRollup_ComplianceHistory.ChartName+%22McAfee+Agent+Compliance+Summary%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EpoRollup_ComplianceHistory&orion.query.type=line.line&line.title=EpoRollup_ComplianceHistory.TheTimestamp&orion.sum.group.by=EpoRollup_ComplianceHistory.TheTimestamp&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=avg&orion.sum.aggregation.column=EpoRollup_ComplianceHistory.PercentCompliant</summary-uri>
- </query>
- <query id="24">
- <dictionary id="25"/>
- <name>Repository Replication Trend for 2 Months</name>
- <description>Shows a multi-line chart with the total number of successful and unsuccessful replications per week for the last 2 months.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+OrionAuditLog.EndTime+5184000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+OrionAuditLog.CmdName+%22Repository+Replication%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=OrionAuditLog.Success%3AOrionAuditLog.EndTime&orion.sum.order=az%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aweek&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="26">
- <dictionary id="27"/>
- <name>Failed Login Attempts in Last 30 Days</name>
- <description>Displays a list grouped by user of all failed login attempts in the last 30 days.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+OrionAuditLog.CmdName+%22Logon+attempt%22+%29+%28+eq+OrionAuditLog.Success+f+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=OrionAuditLog.UserName&orion.query.type=summary.topn&orion.sum.group.by=OrionAuditLog.UserName&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="28">
- <dictionary id="29"/>
- <name>Failed User Actions in ePO Console within Last 30 Days</name>
- <description>Displays a table of all failed actions within the last 30 days from the Audit Log.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Message&orion.table.order=az&orion.table.order.by=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Message</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+OrionAuditLog.Success+f+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="30">
- <dictionary id="31"/>
- <name>Successful Login Attempts in Last 30 Days</name>
- <description>Displays a list grouped by user of all successful login attempts in the last 30 days.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%28+eq+OrionAuditLog.CmdName+%22Logon+attempt%22+%29+%28+eq+OrionAuditLog.Success+t+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=OrionAuditLog.UserName&orion.query.type=summary.topn&orion.sum.group.by=OrionAuditLog.UserName&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="32">
- <dictionary id="33"/>
- <name>Server Configurations by User (30 days)</name>
- <description>Displays a report grouped by user of all server configuration actions in the last 30 days as recorded in the Audit log.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.CmdName%3AOrionAuditLog.UserName%3AOrionAuditLog.Success%3AOrionAuditLog.Message%3AOrionAuditLog.StartTime&orion.table.order=az&orion.table.order.by=OrionAuditLog.CmdName%3AOrionAuditLog.UserName%3AOrionAuditLog.Success%3AOrionAuditLog.Message%3AOrionAuditLog.StartTime</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Add+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+License+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Backup+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Password%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Registered+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Create+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Download+Keystore+File%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+event+filtering+settings%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Agent+Handler+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Public+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Agent+Handler+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Modify+server+ports%22+%29+%28+eq+OrionAuditLog.CmdName+%22New+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Restore+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Set+master+key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Update+Server+Certificate%22+%29+%29+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="34">
- <dictionary id="35"/>
- <name>Software Configurations by user (30 days)</name>
- <description>Displays a report grouped by user of all software configuration actions in the last 30 days as recorded in the Audit Log.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Upload+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Uninstall+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Install+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Check-in+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Repository+Pull%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Repository+Replication%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+credentials%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Check+in+software+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Software+Package%22+%29+%29+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="36">
- <dictionary id="37"/>
- <name>Configuration Changes by User (30 days)</name>
- <description>Displays a report grouped by user of all actions considered configuration changes in the last 30 days as recorded in the Audit log.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Backup+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22Duplicate+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22New+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Update+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Password%22+%29+%28+eq+OrionAuditLog.CmdName+%22Remove+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Permission+Sets+for+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Purge+Audit+Log%22+%29+%28+eq+OrionAuditLog.CmdName+%22Purge+Threat+Event+Log%22+%29+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=OrionAuditLog.UserName&orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="38">
- <dictionary id="39"/>
- <name>Malware Detection History</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="40">
- <dictionary id="41"/>
- <name>Applied Policies for McAfee Agent</name>
- <description>Displays a group summary table of all applied policies for McAfee agent grouped by category.</description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOAssignedPolicy.FeatureTextID+%22EPOAGENTMETA%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.CategoryTextID&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="42">
- <dictionary id="43"/>
- <name>Applied Policies by Policy Name</name>
- <description>Displays a list of all applied policies and the number of times each policy has been applied.</description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="44">
- <dictionary id="45"/>
- <name>Systems with High Sequence Errors</name>
- <description>Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="46">
- <dictionary id="47"/>
- <name>Systems with no Recent Sequence Errors</name>
- <description>Lists the systems with sequence errors older than 1 week. These systems probably do not have duplicate agent GUIDs and can have their error count reset.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.SequenceErrorCountLastUpdate+604800000++%29+%28+gt+EPOLeafNode.SequenceErrorCount+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="48">
- <dictionary id="49"/>
- <name>Unmanaged Systems</name>
- <description>List all unmanaged systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="50">
- <dictionary id="51"/>
- <name>Software Manager Failed Installs</name>
- <description>Lists all Software Manager failed installs.</description>
- <target>OrionTaskLogTask</target>
- <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource%3AOrionTaskLogTask.Duration&orion.table.order=az&orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource%3AOrionTaskLogTask.Duration</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionTaskLogTask.Status+1++%29+%28+eq+OrionTaskLogTask.Status+-1++%29+%29+%28+startsWith+OrionTaskLogTask.Name+%22Check+In+Components%22+%29+%28+eq+OrionTaskLogTask.TaskSource+%22softwareTaskSource%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="52">
- <dictionary id="53"/>
- <name>Policy Assignment Broken Inheritance</name>
- <description>Lists all points of broken inheritance for policy assignments other than My Organization. </description>
- <target>EPOBrokenInherintanceView</target>
- <table-uri>query:table?orion.table.columns=EPOBrokenInherintanceView.nodetype2%3AEPOBrokenInherintanceView.nodetextpath%3AEPOBrokenInherintanceView.policyobjectid%3AEPOBrokenInherintanceView.editflags%3AEPOBrokenInherintanceView.PolicyDesc&orion.table.order=az&orion.table.order.by=EPOBrokenInherintanceView.nodetype2%3AEPOBrokenInherintanceView.nodetextpath%3AEPOBrokenInherintanceView.policyobjectid%3AEPOBrokenInherintanceView.editflags%3AEPOBrokenInherintanceView.PolicyDesc</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBrokenInherintanceView.FeatureTextID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="54">
- <dictionary id="55"/>
- <name>Applied Client Tasks</name>
- <description>List all applied client tasks grouped by product.</description>
- <target>EPOTaskAppliedTasks</target>
- <table-uri>query:table?orion.table.columns=EPOTaskAppliedTasks.ProductCode%3AEPOTaskAppliedTasks.Name%3AEPOTaskAppliedTasks.ServerId%3AEPOTaskAppliedTasks.NodeTxtPath%3AEPOTaskAppliedTasks.TagAssigned%3AEPOTaskAppliedTasks.Description&orion.table.order=az&orion.table.order.by=EPOTaskAppliedTasks.ProductCode%3AEPOTaskAppliedTasks.Name%3AEPOTaskAppliedTasks.ServerId%3AEPOTaskAppliedTasks.NodeTxtPath%3AEPOTaskAppliedTasks.TagAssigned%3AEPOTaskAppliedTasks.Description</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOTaskAppliedTasks.ProductCode&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="56">
- <dictionary id="57"/>
- <name>Client Task Assignment Broken Inheritance</name>
- <description>Lists all points in the tree where client task assignment inheritance has been broken, grouped by task name.</description>
- <target>EPOTaskBrokenInheritAssignments</target>
- <table-uri>query:table?orion.table.columns=EPOTaskBrokenInheritAssignments.Name%3AEPOTaskBrokenInheritAssignments.TaskTypeId%3AEPOTaskBrokenInheritAssignments.ProductCode%3AEPOTaskBrokenInheritAssignments.NodeType%3AEPOTaskBrokenInheritAssignments.NodeTxtPath%3AEPOTaskBrokenInheritAssignments.InhRootTxtPath%3AEPOTaskBrokenInheritAssignments.ServerId&orion.table.order=az&orion.table.order.by=EPOTaskBrokenInheritAssignments.Name%3AEPOTaskBrokenInheritAssignments.TaskTypeId%3AEPOTaskBrokenInheritAssignments.ProductCode%3AEPOTaskBrokenInheritAssignments.NodeType%3AEPOTaskBrokenInheritAssignments.NodeTxtPath%3AEPOTaskBrokenInheritAssignments.InhRootTxtPath%3AEPOTaskBrokenInheritAssignments.ServerId</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOTaskBrokenInheritAssignments.Name&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="58">
- <dictionary id="59"/>
- <name>Agent Versions Summary</name>
- <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="60">
- <dictionary id="61"/>
- <name>Agent Communication Summary</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=agent.comm.nonCompliant&orion.sum.query=true&bool.green.text=agent.comm.compliant&orion.query.type=pie.bool&bool.show.criteria=false&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+86400000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="62">
- <dictionary id="63"/>
- <name>Managed Nodes Having Point Product Policy Enforcement Failures</name>
- <description>Displays a single group bar chart showing all managed nodes where policy enforcement is failing for at least one of the point products.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID&orion.table.order=az&orion.table.order.by=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+MAEnforcementStatusView.pestatus+0++%29+%28+eq+EPOProductEvents.TVDEventID+2422++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=year&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="64">
- <dictionary id="65"/>
- <name>Managed Nodes Having Point Product Property Collection Failures</name>
- <description>Displays a single group bar chart showing all managed nodes where property collection is failing for at least one of the point products.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID&orion.table.order=az&orion.table.order.by=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+MAEnforcementStatusView.pcstatus+0++%29+%28+eq+EPOProductEvents.TVDEventID+2427++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=year&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="66">
- <dictionary id="67"/>
- <name>Repository Usage Based On DAT and Engine Pulling</name>
- <description>Displays the amount of DAT and Engine pulling per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%28+eq+EPOProductEvents.Type+%22Engine%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.Type&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="68">
- <dictionary id="69"/>
- <name>Repositories and Percentage Utilization</name>
- <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="70">
- <dictionary id="71"/>
- <name>Endpoint Security Web Control: Compliance Status</name>
- <description>This is the Web Control Compliance Status Report.</description>
- <target>WP_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AWP_CustomProps.WPbComplianceStatus%3AWP_CustomProps.WPComplianceStatus%3AWP_CustomProps.WPAdditionalComplianceStatus%3AEPOProdPropsView_WEBCONTROL.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AWP_CustomProps.WPbComplianceStatus%3AWP_CustomProps.WPComplianceStatus%3AWP_CustomProps.WPAdditionalComplianceStatus%3AEPOProdPropsView_WEBCONTROL.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+WP_CustomProps.WPbComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="72">
- <dictionary id="73"/>
- <name>Endpoint Security Web Control: Web Content Categories that Caused the Most Infections in the Last 7 Days</name>
- <description>This report lists the Web Content Categories with the most infections in the last 7 days</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AEPOEvents.ThreatEventID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AEPOEvents.SourceUserName%3AWP_EventInfo.ActionID&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=WP_EventInfo.ContentID&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="74">
- <dictionary id="75"/>
- <name>Endpoint Security Web Control: Hotfixes Installed</name>
- <description>Displays the hotfixes installed for Web Control.</description>
- <target>WP_CustomProps</target>
- <table-uri>query:table?orion.table.columns=WP_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=WP_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+WP_CustomProps.Hotfixes+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=WP_CustomProps.Hotfixes&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="76">
- <dictionary id="77"/>
- <name>Endpoint Security Web Control: Visits by Rating</name>
- <description>Pie chart depicting number of visits over the last 30 days, grouped by site rating.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=WP_EventInfo.RatingID&orion.query.type=pie.pie&orion.sum.group.by=WP_EventInfo.RatingID&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="78">
- <dictionary id="79"/>
- <name>Endpoint Security Web Control: Visits by Content</name>
- <description>Pie chart depicting number of visits over the last 30 days, grouped by site content.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=WP_EventInfo.ContentID&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="80">
- <dictionary id="81"/>
- <name>Endpoint Security Web Control: Downloads by Rating</name>
- <description>Pie chart depicting number of downloads over the last 30 days, grouped by file rating.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=WP_EventInfo.RatingID&orion.query.type=pie.pie&orion.sum.group.by=WP_EventInfo.RatingID&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="82">
- <dictionary id="83"/>
- <name>Endpoint Security Web Control: Top 100 Visited Red Sites</name>
- <description>Top 100 red sites visited over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="84">
- <dictionary id="85"/>
- <name>Endpoint Security Web Control: Top 100 Visited Yellow Sites</name>
- <description>Top 100 yellow sites visited over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="86">
- <dictionary id="87"/>
- <name>Endpoint Security Web Control: Top 100 Visited Unrated Sites</name>
- <description>Top 100 unrated sites visited over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+6++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="88">
- <dictionary id="89"/>
- <name>Product Deployment in the Last 24 Hours</name>
- <description>Displays a Boolean pie chart of all product deployments in the last 24 hours. Successful deployments are shown in green.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOProductEvents.TVDEventID+2411++%29+%28+eq+EPOProductEvents.TVDEventID+2412++%29+%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=failedDeployments&orion.sum.query=true&bool.green.text=deployments&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPOProductEvents.TVDEventID+2411++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="90">
- <dictionary id="91"/>
- <name>Agent Uninstalls Attempted in the Last 7 Days</name>
- <description>Displays a single line chart grouped by day of all Agent uninstall client events in the last 7 days.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.UserName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.UserName%3AEPOLeafNode.NodeName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=%28+where+%28+eq+EPOProductEvents.TVDEventID+2413++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="92">
- <dictionary id="93"/>
- <name>Failed Product Deployment in the Last 24 Hours</name>
- <description>Displays a bar chart grouped by hour all the failed product deployments in the last 24 hours.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+2412++%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="94">
- <dictionary id="95"/>
- <name>Failed Product Updates in the Last 24 Hours</name>
- <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+2402++%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="96">
- <dictionary id="97"/>
- <name>Product Updates in the Last 24 Hours</name>
- <description>Displays a Boolean pie chart of all product updates in the last 24 hours. Successful updates are shown in green.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOProductEvents.TVDEventID+2401++%29+%28+eq+EPOProductEvents.TVDEventID+2402++%29+%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=failedUpdates&orion.sum.query=true&bool.green.text=updates&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPOProductEvents.TVDEventID+2401++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="98">
- <dictionary id="99"/>
- <name>Distributed Repository Status</name>
- <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
- <target>EPORepositoryStatus</target>
- <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&orion.table.order=az&orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=failure&orion.query.type=pie.bool&bool.green.text=success&bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="100">
- <dictionary id="101"/>
- <name>New Agents Added to ePO per Week</name>
- <description>Great query during a rollout or tracking the number of new agents showing up in ePO on daily, weekly or monthly basis.</description>
- <target>OrionAuditLog</target>
- <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message&orion.table.order=az&orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+OrionAuditLog.EndTime+%29+%29&orion.condition.sexp=%28+where+%28+eq+OrionAuditLog.CmdName+%22New+system%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=OrionAuditLog.EndTime&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="102">
- <dictionary id="103"/>
- <name>Most Numerous Threat Event Descriptions</name>
- <description>Shows the most numerous threat events found.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=30&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="104">
- <dictionary id="105"/>
- <name>Threat Events by System Tree Group</name>
- <description>This is a breakdown of threat events by where they reside in the system tree. The goal is to show an admin what groups are being hit with malware more than others are. This can help pinpoint where an organization needs to improve their security strategy.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="106">
- <dictionary id="107"/>
- <name>Threat Event Descriptions in the Last 24 Hours</name>
- <description>Groups, totals, and charts the number of different threat events that occurred in the last 24 hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="108">
- <dictionary id="109"/>
- <name>Threat Events in the Last 2 Weeks</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ReceivedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.ReceivedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.ReceivedUTC+1209600000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.ReceivedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="110">
- <dictionary id="111"/>
- <name>Product Update Successes and Failures Trend for the last 2 Months</name>
- <description>Shows multi-line chart of the total number of product updates successes and failures on a weekly basis for the last 2 months.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOProductEvents.DetectedUTC+5184000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOProductEvents.TVDEventID+2402++2401++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.DetectedUTC&orion.sum.order=az%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aweek&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="112">
- <dictionary id="113"/>
- <name>Inactive Agents</name>
- <description>McAfee Agents that have not communicated with the McAfee ePO server in the last 30 days.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="114">
- <dictionary id="115"/>
- <name>Systems per Agent Handler</name>
- <description>Displays a pie chart of managed systems each slice representing an Agent Handler.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=&orion.sum.group.by=EPOAgentHandlers.DNSName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="116">
- <dictionary id="117"/>
- <name>Agent Handler Status</name>
- <description>Agent handler communication status within the last hour.</description>
- <target>EPOAgentHandlers</target>
- <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&orion.table.order=az&orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=nonCompliant&orion.sum.query=true&bool.green.text=compliant&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="118">
- <dictionary id="119"/>
- <name>Endpoint Security Web Control: Top 100 Blocked Red Sites</name>
- <description>Top 100 red sites that were blocked over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="120">
- <dictionary id="121"/>
- <name>Endpoint Security Web Control: Top 100 Warned-Continued Sites</name>
- <description>Top 100 sites that were warned-continued over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="122">
- <dictionary id="123"/>
- <name>Endpoint Security Web Control: Top 100 Blocked Sites</name>
- <description>Top 100 sites that were blocked over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="124">
- <dictionary id="125"/>
- <name>Endpoint Security Web Control: Visit Log</name>
- <description>Detailed event log of site navigation activity over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="126">
- <dictionary id="127"/>
- <name>Endpoint Security Web Control: Downloads by Action</name>
- <description>Bar chart depicting number of downloads over the last 30 days, grouped by policy-based action.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bar.title=WP_EventInfo.ActionID&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=WP_EventInfo.ActionID&orion.sum.order=desc&orion.sum.limit.count=200&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="128">
- <dictionary id="129"/>
- <name>Endpoint Security: Installation Status Report</name>
- <description>This is a stacked bar chart of multiple modules and their installation status</description>
- <target>EndpointInstallationStatus_View</target>
- <table-uri>query:table?orion.table.columns=EndpointInstallationStatus_View.ProductVersion%3AEndpointInstallationStatus_View.FamilyDispName%3AEPOLeafNode.os%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6&orion.table.order=az&orion.table.order.by=EndpointInstallationStatus_View.ProductVersion%3AEndpointInstallationStatus_View.FamilyDispName%3AEPOLeafNode.os%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EndpointInstallationStatus_View.FamilyDispName%3AEndpointInstallationStatus_View.ProductVersion&orion.sum.order=asc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="130">
- <dictionary id="131"/>
- <name>Endpoint Security: Threats Detected in the Last 24 Hours</name>
- <description>The number of threat events in the last twenty-four hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="132">
- <dictionary id="133"/>
- <name>Endpoint Security: Threats Detected in the Last 7 Days</name>
- <description>The number of threat events in the last seven days.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="134">
- <dictionary id="135"/>
- <name>Endpoint Security: Summary of Threats Detected in the Last 24 Hours</name>
- <description>Summary of threats that have been detected in the last 24 hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV6%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.DetectedUTC%3AEPOEvents.TargetProcessName%3AEPOEvents.AnalyzerDetectionMethod%3AEPExtendedEvent.AMCoreContentVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.ThreatName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=az&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="136">
- <dictionary id="137"/>
- <name>Endpoint Security: Summary of Threats Detected in the Last 7 Days</name>
- <description>Summary of threats that have been detected in the last seven days.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV6%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.DetectedUTC%3AEPOEvents.TargetProcessName%3AEPOEvents.AnalyzerDetectionMethod%3AEPExtendedEvent.AMCoreContentVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.ThreatName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=az&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="138">
- <dictionary id="139"/>
- <name>Endpoint Security: Primary Vectors of Attack in the Last 7 Days</name>
- <description>This report lists the Primary Vectors of Attack in the last 7 days.</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPExtendedEvent.AttackVectorType&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="140">
- <dictionary id="141"/>
- <name>Endpoint Security: Top Infected Users in the Last 7 Days</name>
- <description>This report lists the Top Infected Users in the Last 7 Days</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOComputerProperties.ComputerName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOComputerProperties.ComputerName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="142">
- <dictionary id="143"/>
- <name>Endpoint Security: Top Threats in the Last 48 Hours</name>
- <description>This report lists the Top Threats in the Last 48 Hours</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=az&amp%3Borion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&amp%3Borion.table.order=az</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%29&orion.condition.sexp=%28+where+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.DetectedUTC&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=5&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Ahour&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="144">
- <dictionary id="145"/>
- <name>Endpoint Security: Duration before Detection on Endpoints in the Last 2 Weeks</name>
- <description>This report lists the Duration before Detection on Endpoints in the Last 2 Weeks</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPExtendedEvent.SourceModifyTime%3AEPExtendedEvent.DurationBeforeDetection%3AEPOEvents.ThreatName%3AEPOEvents.ThreatSeverity%3AEPExtendedEvent.ThreatImpact%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPExtendedEvent.DurationBeforeDetection%3AEPOEvents.ThreatName%3AEPOEvents.ThreatSeverity%3AEPExtendedEvent.ThreatImpact%3AEPOLeafNode.NodeName%3AEPOEvents.SourceUserName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPExtendedEvent.DurationBeforeDetection&orion.sum.order=az&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="146">
- <dictionary id="147"/>
- <name>Endpoint Security: Top 10 Attacking Systems in the Last 7 Days</name>
- <description>This report lists the top 10 attacking systems in the last 7 days</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetIPV6%3AEPExtendedEvent.TargetDeviceDisplayName%3AEPOEvents.TargetMAC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceIPV6%3AEPExtendedEvent.SourceDeviceDisplayName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetIPV6%3AEPExtendedEvent.TargetDeviceDisplayName%3AEPOEvents.TargetMAC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceIPV6%3AEPExtendedEvent.SourceDeviceDisplayName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.SourceIPV6&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="148">
- <dictionary id="149"/>
- <name>Endpoint Security: Currently Enabled Technology</name>
- <description>This report lists the technologies that are currently enabled on each system</description>
- <target>AM_EndpointTechnologyStatus_View</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOComputerProperties.ComputerName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOComputerProperties.ComputerName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=AM_EndpointTechnologyStatus_View.TechnologyType%3AAM_EndpointTechnologyStatus_View.Enabled&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="150">
- <dictionary id="151"/>
- <name>Endpoint Security: Self Protection Compliance Status</name>
- <description>This is the Self Protection Compliance Status Report.</description>
- <target>GS_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AGS_CustomProps.SPbComplianceStatus%3AGS_CustomProps.SPComplianceStatus%3AGS_CustomProps.SPAdditionalComplianceStatus%3AEPOProdPropsView_ENDPOINTSECURITYPLATFORM.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AGS_CustomProps.SPbComplianceStatus%3AGS_CustomProps.SPComplianceStatus%3AGS_CustomProps.SPAdditionalComplianceStatus%3AEPOProdPropsView_ENDPOINTSECURITYPLATFORM.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+GS_CustomProps.SPbComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="152">
- <dictionary id="153"/>
- <name>Endpoint Security: Policy Compliance by Computer Name</name>
- <description>Displays two lists of computers which do and do not have the latest policies applied.</description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_GS_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_FW_META_FW%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_WP_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1050%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1060%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.NodeName&orion.sum.order=az%3Aaz&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="154">
- <dictionary id="155"/>
- <name>Endpoint Security: Policy Compliance by Policy Name</name>
- <description>Displays a boolean pie chart showing which policies have and have not been updated on the clients.</description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_GS_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_FW_META_FW%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_WP_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1050%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1060%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=oldpolicyapplied&orion.sum.query=true&bool.green.text=latestpolicyapplied&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPOAssignedPolicy.upToDate+t+%29+%29&show.percentage=true&orion.sum.aggregation=distinct&orion.sum.aggregation.column=EPOAssignedPolicy.NodeName&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="156">
- <dictionary id="157"/>
- <name>Endpoint Security Platform: Hotfixes Installed</name>
- <description>Displays the hotfixes installed for Endpoint Security Platform.</description>
- <target>GS_CustomProps</target>
- <table-uri>query:table?orion.table.columns=GS_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=GS_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+GS_CustomProps.Hotfixes+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=GS_CustomProps.Hotfixes&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="158">
- <dictionary id="159"/>
- <name>Endpoint Security Firewall: Intrusion events in the last 24 hours</name>
- <description>The number of intrusion events in the last twenty-four hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.ThreatEventID+35001++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="160">
- <dictionary id="161"/>
- <name>Endpoint Security Firewall: Events in the last 24 hours</name>
- <description>The number of firewall events in the last twenty-four hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+in+EPOEvents.ThreatEventID+35000++35001++35002++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="162">
- <dictionary id="163"/>
- <name>Endpoint Security Firewall: Events from McAfee GTI in the last 6 months</name>
- <description>Endpoint Security Firewall: Displays events generated by system within McAfee GTI in the last 6 months.</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPExtendedEvent.AnalyzerGTIQuery+t+%29+%28+eq+EPExtendedEvent.BladeName+%22IDS_BLADE_NAME_FW%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="164">
- <dictionary id="165"/>
- <name>Endpoint Security Firewall: Traffic block events in the last 24 hours</name>
- <description>The number of traffic block events in the last twenty-four hours.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.ThreatEventID+35002++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="166">
- <dictionary id="167"/>
- <name>Endpoint Security Firewall: Status</name>
- <description>Endpoint Security Firewall Status</description>
- <target>FW_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AFW_CustomProps.FWStatus%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.FWMode&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AFW_CustomProps.FWStatus%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.FWMode</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=FW_CustomProps.FWStatus&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="168">
- <dictionary id="169"/>
- <name>Endpoint Security Firewall: Compliance Status</name>
- <description>Displays where Firewall protection is enabled or disabled on managed systems.</description>
- <target>FW_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.ComplianceReason%3AFW_CustomProps.AdditionalComplianceReason%3AEPOProdPropsView_FIREWALL.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.ComplianceReason%3AFW_CustomProps.AdditionalComplianceReason%3AEPOProdPropsView_FIREWALL.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+FW_CustomProps.ComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="170">
- <dictionary id="171"/>
- <name>Endpoint Security Firewall: Count of Firewall Client Rules</name>
- <description>Displays the number of Firewall client rules created over time.</description>
- <target>FW_Rule</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_Rule.name%3AFW_Rule.enabled%3AFW_Rule.direction%3AFW_Rule.transportProtocol&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_Rule.name%3AFW_Rule.enabled%3AFW_Rule.direction%3AFW_Rule.transportProtocol</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+FW_Rule.lastModified+%29+%29&orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=FW_Rule.lastModified&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="172">
- <dictionary id="173"/>
- <name>Endpoint Security Firewall: Client Rules By Process/Port Range</name>
- <description>Displays firewall client rules listed by process and port range.</description>
- <target>FW_Rule</target>
- <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_Rule.name%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeSignername&orion.table.order=az&orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_Rule.name%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeSignername</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=FW_Rule.name%3AFW_Rule.localServiceList&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="174">
- <dictionary id="175"/>
- <name>Endpoint Security Firewall: Client Rules By Process/User</name>
- <description>Displays firewall client rules listed by process and user.</description>
- <target>FW_Rule</target>
- <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion&orion.table.order=az&orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.UserName%3AFW_ClientRuleExecutableView.ExeName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="176">
- <dictionary id="177"/>
- <name>Endpoint Security Firewall: Client Rules By Process</name>
- <description>Displays firewall client rules listed by process.</description>
- <target>FW_Rule</target>
- <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeName&orion.table.order=az&orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=FW_ClientRuleExecutableView.ExeName&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="178">
- <dictionary id="179"/>
- <name>Endpoint Security Firewall: Client Rules By Protocol/System Name</name>
- <description>Displays firewall client rules listed by protocol and system name.</description>
- <target>FW_Rule</target>
- <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion&orion.table.order=az&orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=FW_Rule.transportProtocol%3AEPOComputerProperties.ComputerName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="180">
- <dictionary id="181"/>
- <name>Endpoint Security Firewall: Errors</name>
- <description>Displays managed systems where the Firewall feature is enabled by policy but didn't start successfully.</description>
- <target>FW_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_CustomProps.FWStatus%3AFW_CustomProps.FWFault%3AFW_CustomProps.ProductVer&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_CustomProps.FWStatus%3AFW_CustomProps.FWFault%3AFW_CustomProps.ProductVer</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+FW_CustomProps.FWStatus+1++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=Query.FWDisabled&orion.sum.query=true&bool.green.text=Query.FWEnabled&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+FW_CustomProps.FWFault+0++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="182">
- <dictionary id="183"/>
- <name>Endpoint Security Firewall: Hotfixes Installed</name>
- <description>Displays the hotfixes installed for Firewall.</description>
- <target>FW_CustomProps</target>
- <table-uri>query:table?orion.table.columns=FW_CustomProps.Hotfix%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=FW_CustomProps.Hotfix%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+FW_CustomProps.Hotfix+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=FW_CustomProps.Hotfix&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="184">
- <dictionary id="185"/>
- <name>Endpoint Security Web Control: Top 100 Sites on Block List</name>
- <description>Top 100 sites blocked because of Block List policy over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+3++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="186">
- <dictionary id="187"/>
- <name>Endpoint Security Web Control: Top 100 Sites on Allow List</name>
- <description>Top 100 sites allowed because of Allow List policy over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="188">
- <dictionary id="189"/>
- <name>Endpoint Security Web Control: Top 100 Red Sites on Allow List</name>
- <description>Top 100 red sites allowed because of Allow List policy over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+2++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="190">
- <dictionary id="191"/>
- <name>Endpoint Security Web Control: Download Log</name>
- <description>Detailed event log of download activity over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="192">
- <dictionary id="193"/>
- <name>Endpoint Security Web Control: Top Sites Grouped by Content</name>
- <description>Top sites grouped by content over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=WP_EventInfo.ContentID&orion.sum.group.by=WP_EventInfo.ContentID%3AWP_EventInfo.DomainName&orion.sum.order=az%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="194">
- <dictionary id="195"/>
- <name>Endpoint Security Web Control: Top 100 Warned-Cancelled Sites</name>
- <description>Top 100 sites that were warned-cancelled over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+3++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="196">
- <dictionary id="197"/>
- <name>Endpoint Security Web Control: Visits by Action</name>
- <description>Bar chart depicting number of visits over the last 30 days, grouped by policy-based action.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bar.title=WP_EventInfo.ActionID&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=WP_EventInfo.ActionID&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="198">
- <dictionary id="199"/>
- <name>Endpoint Security Web Control: Top 100 Red Downloads</name>
- <description>Top 100 red downloads over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="200">
- <dictionary id="201"/>
- <name>Endpoint Security Web Control: Top 100 Yellow Downloads</name>
- <description>Top 100 yellow downloads over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="202">
- <dictionary id="203"/>
- <name>Endpoint Security Web Control: Top 100 Unrated Downloads</name>
- <description>Top 100 unrated downloads over the last 30 days.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+6++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=WP_EventInfo.DomainName&orion.query.type=summary.topn&orion.sum.group.by=WP_EventInfo.DomainName&orion.sum.order=desc&orion.sum.limit.count=100&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="204">
- <dictionary id="205"/>
- <name>Endpoint Security Web Control: Visits by Action Grouped by Content</name>
- <description>Bar chart depicting number of visits to each content category over the last 30 days, grouped by policy-based action.</description>
- <target>WP_EventInfo</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=WP_EventInfo.ActionID&orion.sum.group.by=WP_EventInfo.ActionID%3AWP_EventInfo.ContentID&orion.sum.order=az%3Aaz&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=WP_EventInfo.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="206">
- <dictionary id="207"/>
- <name>Endpoint Security Threat Prevention: Applications with the Most Exploits in the Last 7 Days</name>
- <description>This report lists the Applications with the Most Exploits in the Last 7 Days</description>
- <target>EPExtendedEvent</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOLeafNode.NodeName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOLeafNode.NodeName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+in+EPOEvents.ThreatEventID+18051++18052++18053++18054++18055++18056++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetProcessName&orion.sum.order=desc&orion.sum.limit.count=5&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="208">
- <dictionary id="209"/>
- <name>Endpoint Security Threat Prevention: Duration of Completed Full Scans in the Last 7 Days</name>
- <description>This report lists the Duration of Completed Full Scans in the last 7 days</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullAverageScanDuration</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+AM_CustomProps.ODSLastFullScanDate+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=AM_CustomProps.ODSFullAverageScanDuration&orion.sum.order=az&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="210">
- <dictionary id="211"/>
- <name>Endpoint Security Threat Prevention: Duration of Completed Quick Scans in the Last 7 Days</name>
- <description>This report lists the Duration of Completed Quick Scans in the last 7 days</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickAverageScanDuration</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+AM_CustomProps.ODSLastQuickScanDate+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=AM_CustomProps.ODSQuickAverageScanDuration&orion.sum.order=az&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="212">
- <dictionary id="213"/>
- <name>Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last 7 Days</name>
- <description>This report lists the number of systems that have not completed a Full Scan in the last 7 days but within the last month</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+AM_CustomProps.ODSLastFullScanDate+604800000++%29+%28+newerThan+AM_CustomProps.ODSLastFullScanDate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=AM_CustomProps.ODSLastFullScanDate&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="214">
- <dictionary id="215"/>
- <name>MCP: Endpoint Install Success/Failed events in last month</name>
- <description>This query displays computers which successfully installed the MCP Endpoint or failed installing the MCP Endpoint in the last month</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.DetectedUTC%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.HostName%3AEPOProductEvents.Error&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.HostName%3AEPOProductEvents.Error</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+in+EPOProductEvents.TVDEventID+2412++2411++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%28+eq+EPOProductEvents.ProductCode+%22MCPAGENT1000%22+%29+%28+newerThan+EPOProductEvents.DetectedUTC+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.Error&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="216">
- <dictionary id="217"/>
- <name>Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last Month</name>
- <description>This report lists the number of systems that have not completed a Full Scan in the last month</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+olderThan+AM_CustomProps.ODSLastFullScanDate+2592000000++%29+%28+isBlank+AM_CustomProps.ODSLastFullScanDate+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=AM_CustomProps.ODSLastFullScanDate&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="218">
- <dictionary id="219"/>
- <name>Endpoint Security Threat Prevention: Access Protection Compliance Status</name>
- <description>This is the Access Protection Compliance Status Report.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.APbComplianceStatus%3AAM_CustomProps.APComplianceStatus%3AAM_CustomProps.APAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.APbComplianceStatus%3AAM_CustomProps.APComplianceStatus%3AAM_CustomProps.APAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%28+startsWith+EPOComputerProperties.OSType+%22Linux%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+AM_CustomProps.APbComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="220">
- <dictionary id="221"/>
- <name>Endpoint Security Threat Prevention: AMCore Content Compliance Status</name>
- <description>This is the AMCore Content Compliance Status Report.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.AVCMGRbComplianceStatus%3AAM_CustomProps.AVCMGRComplianceStatus%3AAM_CustomProps.AVCMGRAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.AVCMGRbComplianceStatus%3AAM_CustomProps.AVCMGRComplianceStatus%3AAM_CustomProps.AVCMGRAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+AM_CustomProps.AVCMGRbComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="222">
- <dictionary id="223"/>
- <name>Endpoint Security Threat Prevention: Exploit Prevention Compliance Status</name>
- <description>This is the Exploit Prevention Compliance Status Report.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.BObComplianceStatus%3AAM_CustomProps.BOComplianceStatus%3AAM_CustomProps.BOAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.BObComplianceStatus%3AAM_CustomProps.BOComplianceStatus%3AAM_CustomProps.BOAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+AM_CustomProps.BObComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="224">
- <dictionary id="225"/>
- <name>Endpoint Security Threat Prevention: On-Access Scan Compliance Status</name>
- <description>This is the On-Access Scan Compliance Status Report.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.OASbComplianceStatus%3AAM_CustomProps.OASComplianceStatus%3AAM_CustomProps.OASAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.OASbComplianceStatus%3AAM_CustomProps.OASComplianceStatus%3AAM_CustomProps.OASAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=noncompliantkey&orion.sum.query=true&bool.green.text=compliantkey&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+AM_CustomProps.OASbComplianceStatus+1++%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="226">
- <dictionary id="227"/>
- <name>Endpoint Security Threat Prevention: Content Status</name>
- <description>This is the Content Status Report for Threat Prevention.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ManifestVersion%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ManifestVersion%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.ManifestVersion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="228">
- <dictionary id="229"/>
- <name>Endpoint Security Threat Prevention: Exploit Prevention Content Status</name>
- <description>This is the Content Status Report for the Exploit Prevention feature.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ExploitPreventionContentVersion%3AAM_CustomProps.ExploitPreventionContentCreated%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ExploitPreventionContentVersion%3AAM_CustomProps.ExploitPreventionContentCreated%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.ExploitPreventionContentVersion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="230">
- <dictionary id="231"/>
- <name>Endpoint Security Threat Prevention: Detection Response Summary</name>
- <description>Displays the number of threats on which an action was taken (cleaned, deleted) versus the number of threats on which no action was taken, in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatHandled%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatHandled%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+eq+EPExtendedEvent.BladeName+%22IDS_BLADE_NAME_SPB%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=nothandledid&orion.sum.query=true&bool.green.text=handledid&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPOEvents.ThreatHandled+%221%22+%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="232">
- <dictionary id="233"/>
- <name>Endpoint Security Threat Prevention: Threats Detected Over the Previous 2 Quarters</name>
- <description>Displays the threats detected over the previous two quarters. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15724800000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.count.title=EPOEvents&groupedbar.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType&orion.sum.time.cols=true&orion.sum.time.unit=quarter&orion.sum.order=oldest%3Adesc&orion.sum.limit.count=2&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="234">
- <dictionary id="235"/>
- <name>Endpoint Security Threat Prevention: Top 10 Computers with the Most Detections</name>
- <description>Displays the top ten computers with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOLeafNode.NodeName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOLeafNode.NodeName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="236">
- <dictionary id="237"/>
- <name>Endpoint Security Threat Prevention: Top 10 Detected Threats</name>
- <description>Displays the top ten detected threats in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.ThreatName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="238">
- <dictionary id="239"/>
- <name>Endpoint Security Threat Prevention: Top 10 Access Protection Rules Broken</name>
- <description>Displays the top ten most frequently broken access protection rules in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.SourceIPV6&orion.table.order=az&orion.table.order.by=EPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.SourceIPV6</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatEventID+1092++%29+%28+eq+EPOEvents.ThreatEventID+1095++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="240">
- <dictionary id="241"/>
- <name>Endpoint Security Threat Prevention: Threat Count by Severity</name>
- <description>Slice count is the number of events. Slices are the different event severities. All in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.ThreatSeverity&orion.query.type=pie.pie&pie.count.title=EPOEvents&orion.sum.group.by=EPOEvents.ThreatSeverity&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="242">
- <dictionary id="243"/>
- <name>Endpoint Security Threat Prevention: Top 10 Users with the Most Detections</name>
- <description>Top 10 user with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="244">
- <dictionary id="245"/>
- <name>Endpoint Security Threat Prevention: Top 10 Threats Per Threat Category</name>
- <description>Displays the top ten threats per threat category over the last three months. Grouped by threat category, then threat name.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=EPOEvents.ThreatType&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.show.other=false&orion.sum.limit.count=%3A10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="246">
- <dictionary id="247"/>
- <name>Endpoint Security Threat Prevention: Top 10 Threat Sources</name>
- <description>Displays the top ten computers which are the source of a threat in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.SourceHostName%3AEPOEvents.SourceIPV6%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion&orion.table.order=az&orion.table.order.by=EPOEvents.SourceHostName%3AEPOEvents.SourceIPV6%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.SourceHostName+%22_%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.SourceHostName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.SourceHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="248">
- <dictionary id="249"/>
- <name>Endpoint Security Threat Prevention: Top 10 Exploits Prevented</name>
- <description>Displays the top ten exploits prevented in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.TargetProcessName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetProcessName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatEventID+18051++%29+%28+eq+EPOEvents.ThreatEventID+18052++%29+%28+eq+EPOEvents.ThreatEventID+18053++%29+%28+eq+EPOEvents.ThreatEventID+18054++%29+%28+eq+EPOEvents.ThreatEventID+18055++%29+%28+eq+EPOEvents.ThreatEventID+18056++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.SourceProcessName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetProcessName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="250">
- <dictionary id="251"/>
- <name>Endpoint Security Threat Prevention: Hotfixes Installed</name>
- <description>Displays the hotfixes installed for Threat Prevention.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=AM_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=AM_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+AM_CustomProps.Hotfixes+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=AM_CustomProps.Hotfixes&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="252">
- <dictionary id="253"/>
- <name>Endpoint Security Threat Prevention: On-Access Scan McAfee GTI Sensitivity Level</name>
- <description>This reports displays the McAfee GTI sensitivity level for On-Access Scans.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.OASGTILevel&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.OASGTILevel</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.OASGTILevel&orion.sum.order=asc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="254">
- <dictionary id="255"/>
- <name>Endpoint Security Threat Prevention: On-Demand Full Scan McAfee GTI Sensitivity Level</name>
- <description>This reports displays the McAfee GTI sensitivity level for On-Demand Full Scans.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullScanGTILevel%3AAM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullScanGTILevel%3AAM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.ODSFullScanGTILevel&orion.sum.order=asc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="256">
- <dictionary id="257"/>
- <name>Endpoint Security Threat Prevention: On-Demand Quick Scan McAfee GTI Sensitivity Level</name>
- <description>This reports displays the McAfee GTI sensitivity level for On-Demand Quick Scans.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickScanGTILevel%3AAM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickScanGTILevel%3AAM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.ODSQuickScanGTILevel&orion.sum.order=asc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="258">
- <dictionary id="259"/>
- <name>Endpoint Security Threat Prevention: Right-Click Scan McAfee GTI Sensitivity Level</name>
- <description>This reports displays the McAfee GTI sensitivity level for Right-Click Scans.</description>
- <target>AM_CustomProps</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSRightClickScanGTILevel&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSRightClickScanGTILevel</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=AM_CustomProps.ODSRightClickScanGTILevel&orion.sum.order=asc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="260">
- <dictionary id="261"/>
- <name>Endpoint Security Threat Prevention: False Positive Mitigation Events</name>
- <description>False Positive Mitigation Events for the last 30 days</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPExtendedEvent.BladeName%3AEPExtendedEvent.TargetName%3AEPExtendedEvent.TargetPath%3AEPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.ThreatActionTaken&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPExtendedEvent.BladeName%3AEPExtendedEvent.TargetName%3AEPExtendedEvent.TargetPath%3AEPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.ThreatActionTaken</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+EPOEvents.ThreatEventID+34928++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="262">
- <dictionary id="263"/>
- <name>Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Block Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="264">
- <dictionary id="265"/>
- <name>Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Allow Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35105++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="266">
- <dictionary id="267"/>
- <name>Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Clean Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35107++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="268">
- <dictionary id="269"/>
- <name>Endpoint Security Adaptive Threat Protection: Events by System (Top 10)</name>
- <description>Adaptive Threat Protection Events by System (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++35105++35107++35112++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=EPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc%3Adesc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="270">
- <dictionary id="271"/>
- <name>Endpoint Security Adaptive Threat Protection: Block Events by Event Type</name>
- <description>Adaptive Threat Protection Block Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.blocked%22+%29+%28+in+EPOEvents.ThreatEventID+35104++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="272">
- <dictionary id="273"/>
- <name>Endpoint Security Adaptive Threat Protection: Allow Events by Event Type</name>
- <description>Adaptive Threat Protection Allow Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+in+EPOEvents.ThreatEventID+35105++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="274">
- <dictionary id="275"/>
- <name>Endpoint Security Adaptive Threat Protection: Clean Events by Event Type</name>
- <description>Adaptive Threat Protection Clean Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.repaired%22+%29+%28+in+EPOEvents.ThreatEventID+35107++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="276">
- <dictionary id="277"/>
- <name>Endpoint Security Adaptive Threat Protection: Events by File (Top 10)</name>
- <description>Adaptive Threat Protection Events by File (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++35105++35107++35112++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="278">
- <dictionary id="279"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Observation Block Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="280">
- <dictionary id="281"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Observation Allow Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35103++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="282">
- <dictionary id="283"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Observation Clean Events for Last 30 Days</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35106++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="284">
- <dictionary id="285"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10)</name>
- <description>Adaptive Threat Protection Observation Events by System (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++35103++35106++35111++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=EPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc%3Adesc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="286">
- <dictionary id="287"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type</name>
- <description>Adaptive Threat Protection Observation Block Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.would.blocked%22+%29+%28+in+EPOEvents.ThreatEventID+35102++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="288">
- <dictionary id="289"/>
- <name>TIE Server Appliances per Platform Version</name>
- <description>Find TIE appliances split by TIE platform version.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOComputerProperties.OSOEMID&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="290">
- <dictionary id="291"/>
- <name>TIE Server Appliances per Agent Version</name>
- <description>Find TIE appliances split by agent version.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="292">
- <dictionary id="293"/>
- <name>TIE Server Appliances per Broker Version</name>
- <description>Find TIE appliances split by DXL broker version.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%28+version_ge+EPOProdPropsView_DXLBROKER.productversion+%221%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_DXLBROKER.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="294">
- <dictionary id="295"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type</name>
- <description>Adaptive Threat Protection Observation Allow Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+in+EPOEvents.ThreatEventID+35103++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="296">
- <dictionary id="297"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type</name>
- <description>Adaptive Threat Protection Observation Clean Events by Event Type</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.would.repaired%22+%29+%28+in+EPOEvents.ThreatEventID+35106++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatCategory&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="298">
- <dictionary id="299"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10)</name>
- <description>Adaptive Threat Protection Observation Events by File (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++35103++35106++35111++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="300">
- <dictionary id="301"/>
- <name>Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Block Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="302">
- <dictionary id="303"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Observation Block Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="304">
- <dictionary id="305"/>
- <name>Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Allow Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35105++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="306">
- <dictionary id="307"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Observation Allow Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35103++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="308">
- <dictionary id="309"/>
- <name>Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Clean Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35107++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="310">
- <dictionary id="311"/>
- <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10)</name>
- <description>Adaptive Threat Protection Observation Clean Events by Rule (Top 10)</description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35106++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="312">
- <dictionary id="313"/>
- <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours</name>
- <description>Adaptive Threat Protection Observation Real Protect Detection Events in Last 24 Hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="314">
- <dictionary id="315"/>
- <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days</name>
- <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last 7 Days</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="316">
- <dictionary id="317"/>
- <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days</name>
- <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last 30 Days</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="318">
- <dictionary id="319"/>
- <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter</name>
- <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last Quarter</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7862400000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="320">
- <dictionary id="321"/>
- <name>TIE Server New Certificates by GTI Reputation in Last Week</name>
- <description>Find all certificates created in the last week and aggregate by reputation.</description>
- <target>TieServerSchema.certificate_rep_summary</target>
- <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_rep_summary.provider_id+2++%29+%28+newerThan+certificate_rep_summary.new_date+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=certificate_rep_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="322">
- <dictionary id="323"/>
- <name>TIE Server Malicious or Unidentified Certificates by GTI Reputation in Last Month</name>
- <description>Find all Malicious or Unidentified Certificates by GTI Reputation in Last Month.</description>
- <target>TieServerSchema.certificate_rep_summary</target>
- <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+certificate_rep_summary.new_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+or+%28+eq+certificate_rep_summary.trust_level+1++%29+%28+eq+certificate_rep_summary.trust_level+30++%29+%28+eq+certificate_rep_summary.trust_level+15++%29+%28+eq+certificate_rep_summary.trust_level+50++%29+%28+eq+certificate_rep_summary.trust_level+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=certificate_rep_summary.new_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="324">
- <dictionary id="325"/>
- <name>Endpoint Security Adaptive Threat Protection: Content Status</name>
- <description>Adaptive Threat Protection Content Status</description>
- <target>ATP_CustomProps</target>
- <table-uri>query:table?orion.table.columns=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus&orion.table.order=az&orion.table.order.by=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=ATP_CustomProps.JTIContentVersion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="326">
- <dictionary id="327"/>
- <name>Endpoint Security Adaptive Threat Protection: Extra.DAT Signatures</name>
- <description>Adaptive Threat Protection Extra.DAT Signature Names</description>
- <target>ATP_CustomProps</target>
- <table-uri>query:table?orion.table.columns=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus%3AATP_CustomProps.szExtraDATNames&orion.table.order=az&orion.table.order.by=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus%3AATP_CustomProps.szExtraDATNames</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=ATP_CustomProps.szExtraDATNames&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="328">
- <dictionary id="329"/>
- <name>DLP: Number of Operational events per day</name>
- <description>This report summarizes number of operational events per day</description>
- <target>udlpQuerySchema.UDLP_Operationals</target>
- <table-uri>query:table?orion.table.columns=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID&orion.table.order=az&orion.table.order.by=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_Operationals.InsertionTime+2419200000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=UDLP_Operationals.InsertionTime&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="330">
- <dictionary id="331"/>
- <name>TIE Server Certificates by Enterprise Reputation</name>
- <description>Find all certificates and aggregate by enterprise reputation.</description>
- <target>TieServerSchema.certificate_trust_level_count_summary</target>
- <table-uri>query:table?orion.table.columns=certificate_trust_level_count_summary.count%3Acertificate_trust_level_count_summary.provider_id%3Acertificate_trust_level_count_summary.trust_level&orion.table.order=az&orion.table.order.by=certificate_trust_level_count_summary.count%3Acertificate_trust_level_count_summary.provider_id%3Acertificate_trust_level_count_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_trust_level_count_summary.provider_id+4++%29+%28+gt+certificate_trust_level_count_summary.count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=certificate_trust_level_count_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=certificate_trust_level_count_summary.count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="332">
- <dictionary id="333"/>
- <name>TIE Server Certificates with Changed GTI Reputation in Last Week</name>
- <description>Find all certificates where the GTI reputation changed in the last week.</description>
- <target>TieServerSchema.certificate_rep_summary</target>
- <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_rep_summary.provider_id+2++%29+%28+newerThan+certificate_rep_summary.update_date+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=certificate_rep_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="334">
- <dictionary id="335"/>
- <name>TIE Server Top 10 Systems with New Certificates in Last Week</name>
- <description>Find top 10 systems with new certificates in the last week.</description>
- <target>TieServerSchema.agent_new_certificate_summary</target>
- <table-uri>query:table?orion.table.columns=agent_new_certificate_summary.agent%3Aagent_new_certificate_summary.count%3Aagent_new_certificate_summary.date&orion.table.order=az&orion.table.order.by=agent_new_certificate_summary.agent%3Aagent_new_certificate_summary.count%3Aagent_new_certificate_summary.date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+agent_new_certificate_summary.date+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=agent_new_certificate_summary.agent&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=agent_new_certificate_summary.count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="336">
- <dictionary id="337"/>
- <name>TIE Server New Files by GTI Reputation in Last Week</name>
- <description>Find all files created in the last week and aggregate by reputation.</description>
- <target>TieServerSchema.file_rep_summary</target>
- <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_rep_summary.provider_id+1++%29+%28+newerThan+file_rep_summary.new_date+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=file_rep_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="338">
- <dictionary id="339"/>
- <name>TIE Server Malicious or Unidentified Files by GTI Reputation in Last Month</name>
- <description>Find all Malicious or Unidentified Files by GTI Reputation in Last Month.</description>
- <target>TieServerSchema.file_rep_summary</target>
- <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_summary.new_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_summary.trust_level+1++%29+%28+eq+file_rep_summary.trust_level+30++%29+%28+eq+file_rep_summary.trust_level+15++%29+%28+eq+file_rep_summary.trust_level+50++%29+%28+eq+file_rep_summary.trust_level+0++%29+%29+%28+eq+file_rep_summary.provider_id+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=file_rep_summary.new_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="340">
- <dictionary id="341"/>
- <name>TIE Server Files by Enterprise Reputation</name>
- <description>Find all files and aggregate by enterprise reputation.</description>
- <target>TieServerSchema.file_trust_level_count_summary</target>
- <table-uri>query:table?orion.table.columns=file_trust_level_count_summary.count%3Afile_trust_level_count_summary.provider_id%3Afile_trust_level_count_summary.trust_level&orion.table.order=az&orion.table.order.by=file_trust_level_count_summary.count%3Afile_trust_level_count_summary.provider_id%3Afile_trust_level_count_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_trust_level_count_summary.provider_id+3++%29+%28+gt+file_trust_level_count_summary.count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=file_trust_level_count_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=file_trust_level_count_summary.count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="342">
- <dictionary id="343"/>
- <name>TIE Server Files with Changed GTI Reputation in Last Week</name>
- <description>Find all files where the GTI reputation changed in the last week.</description>
- <target>TieServerSchema.file_rep_summary</target>
- <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&orion.table.order=az&orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_rep_summary.provider_id+1++%29+%28+newerThan+file_rep_summary.update_date+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=file_rep_summary.trust_level&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="344">
- <dictionary id="345"/>
- <name>TIE Server Top 10 Systems with New Files in Last Week</name>
- <description>Find top 10 systems with new files in the last week.</description>
- <target>TieServerSchema.agent_new_file_summary</target>
- <table-uri>query:table?orion.table.columns=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count&orion.table.order=az&orion.table.order.by=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+newerThan+agent_new_file_summary.date+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=agent_new_file_summary.agent&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=agent_new_file_summary.count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="346">
- <dictionary id="347"/>
- <name>TIE Server Cleanup Trending Summary</name>
- <description>Show cleanup trending summary.</description>
- <target>TieServerSchema.cleanup_trending_summary</target>
- <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&orion.table.order=desc&orion.table.order.by=cleanup_trending_summary.date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="348">
- <dictionary id="349"/>
- <name>TIE Server Cleanup Criteria Effectiveness</name>
- <description>Display the number of executions that delete items versus those that don't delete items.</description>
- <target>TieServerSchema.cleanup_trending_summary</target>
- <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&orion.table.order=desc&orion.table.order.by=cleanup_trending_summary.date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+cleanup_trending_summary.cleanup_executed+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="350">
- <dictionary id="351"/>
- <name>TIE Server Cleanup Executions Deleting Items</name>
- <description>Summarize how many cleanup executions deleted items.</description>
- <target>TieServerSchema.cleanup_trending_summary</target>
- <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&orion.table.order=desc&orion.table.order.by=cleanup_trending_summary.date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=tieserver.query.cleanUpExecutions.non-compliant&orion.sum.query=true&bool.green.text=tieserver.query.cleanUpExecutions.compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+eq+cleanup_trending_summary.cleanup_executed+1++%29+%28+gt+cleanup_trending_summary.deleted_subjects+0++%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="352">
- <dictionary id="353"/>
- <name>TIE Server Cleanup Items Deleted By Week</name>
- <description>Summary of the number of items deleted by week during cleanup executions.</description>
- <target>TieServerSchema.cleanup_trending_summary</target>
- <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&orion.table.order=desc&orion.table.order.by=cleanup_trending_summary.date</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+cleanup_trending_summary.date+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=cleanup_trending_summary.date&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=sum&orion.sum.aggregation.column=cleanup_trending_summary.deleted_subjects&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="354">
- <dictionary id="355"/>
- <name>TIE Server Database Size</name>
- <description>Shows database size in last month.</description>
- <target>TieServerSchema.cleanup_trending_summary</target>
- <table-uri>query:table?orion.table.columns=cleanup_trending_summary.id%3Acleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&orion.table.order=az&orion.table.order.by=cleanup_trending_summary.id%3Acleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+cleanup_trending_summary.date+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=cleanup_trending_summary.date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=avg&orion.sum.aggregation.column=cleanup_trending_summary.db_current_size</summary-uri>
- </query>
- <query id="356">
- <dictionary id="357"/>
- <name>TIE Server New Files</name>
- <description>Find new files in last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="358">
- <dictionary id="359"/>
- <name>TIE Server Used Malicious Files</name>
- <description>Find malicious files by composite reputation from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+fileJoined.composite_reputation+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="360">
- <dictionary id="361"/>
- <name>TIE Server Most Recently Used Malicious Files</name>
- <description>Find most recent malicious files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=16&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="362">
- <dictionary id="363"/>
- <name>TIE Server Most Prevalent Malicious Files Created</name>
- <description>Find most prevalent malicious files created from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+1++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=16&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="364">
- <dictionary id="365"/>
- <name>TIE Server Most Used Suspicious Files</name>
- <description>Find suspicious most used files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+or+%28+eq+fileJoined.composite_reputation+15++%29+%28+eq+fileJoined.composite_reputation+30++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="366">
- <dictionary id="367"/>
- <name>TIE Server Most Recently Used Suspicious Files</name>
- <description>Find most recently used suspicious files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+or+%28+eq+fileJoined.composite_reputation+30++%29+%28+eq+fileJoined.composite_reputation+15++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="368">
- <dictionary id="369"/>
- <name>TIE Server Most Prevalent Suspicious Files Created</name>
- <description>Find most prevalent suspicious files created from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+or+%28+eq+fileJoined.composite_reputation+30++%29+%28+eq+fileJoined.composite_reputation+15++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="370">
- <dictionary id="371"/>
- <name>TIE Server Most Used Monitored Files</name>
- <description>Find monitored files most used from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+eq+fileJoined.composite_reputation+50++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="372">
- <dictionary id="373"/>
- <name>TIE Server Most Recently Used Monitored Files</name>
- <description>Find most recently used monitored files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=16&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="374">
- <dictionary id="375"/>
- <name>TIE Server Most Prevalent Monitored Files Created</name>
- <description>Find most prevalent monitored files created from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=16&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="376">
- <dictionary id="377"/>
- <name>ATD Submissions</name>
- <description>Find ATD sample submissions during last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_atd.refresh_date+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=file_rep_atd.refresh_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="378">
- <dictionary id="379"/>
- <name>ATD Reputations</name>
- <description>Find ATD submissions split by reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=file_rep_atd.trust_level&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="380">
- <dictionary id="381"/>
- <name>New ATD Submissions</name>
- <description>Find new ATD submissions in last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="382">
- <dictionary id="383"/>
- <name>Recently Used ATD Submissions</name>
- <description>Find used ATD submissions from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.last_access_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="384">
- <dictionary id="385"/>
- <name>Most Prevalent ATD Submissions</name>
- <description>Find most prevalent ATD submissions.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Aassociated_certificate_rep_enterprise.trust_level%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Aassociated_certificate_rep_enterprise.trust_level%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_atd.trust_level+%29+%28+newerThan+file_rep_atd.refresh_date+7776000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="386">
- <dictionary id="387"/>
- <name>CTD Submissions</name>
- <description>Find CTD sample submissions during last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_ctd.refresh_date+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=file_rep_ctd.refresh_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="388">
- <dictionary id="389"/>
- <name>TIE Server Connectivity</name>
- <description>Find TIE appliances split by DXL connectivity.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.order=az&orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=DXLClientCustomProps.IsConnected&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="390">
- <dictionary id="391"/>
- <name>TIE Server Appliances per Server Version</name>
- <description>Find TIE appliances split by TIE server version.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_TIE.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="392">
- <dictionary id="393"/>
- <name>CTD Reputations</name>
- <description>Find CTD submissions split by reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=file_rep_ctd.trust_level&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="394">
- <dictionary id="395"/>
- <name>New CTD Submissions</name>
- <description>Find new CTD submissions in last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="396">
- <dictionary id="397"/>
- <name>Recently Used CTD Submissions</name>
- <description>Find used CTD submissions from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.localrep_latest%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.localrep_latest%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.last_access_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="398">
- <dictionary id="399"/>
- <name>Most Prevalent CTD Submissions</name>
- <description>Find most prevalent CTD submissions.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_ctd.trust_level+%29+%28+newerThan+file_rep_ctd.refresh_date+7776000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=false&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=valueOf&orion.sum.aggregation.column=fileJoined.ent_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="400">
- <dictionary id="401"/>
- <name>TIE Server GTI Refresh</name>
- <description>Find refreshed files in last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.order=asc&orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_gti.refresh_date%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order.by=fileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_gti.trust_level+%29+%28+ne+file_rep_gti.trust_level+0++%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+file_rep_gti.refresh_date+86400000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=file_rep_gti.refresh_date&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="402">
- <dictionary id="403"/>
- <name>TIE Server New Overrides</name>
- <description>Find new overrides in last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_enterprise.refresh_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_enterprise.trust_level+%29+%28+ne+file_rep_enterprise.trust_level+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=file_rep_enterprise.refresh_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="404">
- <dictionary id="405"/>
- <name>TIE Server Recently Used Overrides</name>
- <description>Find used overridden files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_enterprise.trust_level+%29+%28+ne+file_rep_enterprise.trust_level+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.last_access_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="406">
- <dictionary id="407"/>
- <name>Redundant Trusted Overrides</name>
- <description>Find trusted file overrides having similar GTI reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.order=asc&orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order.by=fileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_gti.trust_level+100++%29+%28+eq+file_rep_gti.trust_level+99++%29+%28+eq+file_rep_gti.trust_level+85++%29+%28+eq+file_rep_gti.trust_level+70++%29+%29+%28+or+%28+eq+file_rep_enterprise.trust_level+100++%29+%28+eq+file_rep_enterprise.trust_level+99++%29+%28+eq+file_rep_enterprise.trust_level+85++%29+%28+eq+file_rep_enterprise.trust_level+70++%29+%29+%29+%29&orion.requied.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=fileJoined.composite_reputation&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="408">
- <dictionary id="409"/>
- <name>Redundant Suspicious Overrides</name>
- <description>Find suspicious file overrides having similar GTI reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.order=asc&orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order.by=fileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_gti.trust_level+1++%29+%28+eq+file_rep_gti.trust_level+15++%29+%28+eq+file_rep_gti.trust_level+30++%29+%29+%28+or+%28+eq+file_rep_enterprise.trust_level+1++%29+%28+eq+file_rep_enterprise.trust_level+15++%29+%28+eq+file_rep_enterprise.trust_level+30++%29+%29+%29+%29&orion.requied.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=fileJoined.composite_reputation&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="410">
- <dictionary id="411"/>
- <name>Conflicting Suspicious Overrides</name>
- <description>Find suspicious file overrides having conflicting GTI reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.order=az&orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_enterprise.trust_level+1++%29+%28+eq+file_rep_enterprise.trust_level+15++%29+%28+eq+file_rep_enterprise.trust_level+30++%29+%29+%28+or+%28+eq+file_rep_gti.trust_level+100++%29+%28+eq+file_rep_gti.trust_level+99++%29+%28+eq+file_rep_gti.trust_level+85++%29+%28+eq+file_rep_gti.trust_level+70++%29+%29+%29+%29&orion.requied.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=fileJoined.composite_reputation&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="412">
- <dictionary id="413"/>
- <name>Conflicting Trusted Overrides</name>
- <description>Find trusted file overrides having conflicting GTI reputation.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.order=az&orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_enterprise.trust_level+100++%29+%28+eq+file_rep_enterprise.trust_level+99++%29+%28+eq+file_rep_enterprise.trust_level+85++%29+%28+eq+file_rep_enterprise.trust_level+70++%29+%29+%28+or+%28+eq+file_rep_gti.trust_level+30++%29+%28+eq+file_rep_gti.trust_level+15++%29+%28+eq+file_rep_gti.trust_level+1++%29+%29+%29+%29&orion.requied.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=fileJoined.composite_reputation&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="414">
- <dictionary id="415"/>
- <name>MWG7: URL Executive Summary for 24 hours</name>
- <description>Summary of legitimate vs. protected traffic through all registered MWG7 appliances broken down by scanning engine.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.am.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.dlpfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.appcontrol.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="416">
- <dictionary id="417"/>
- <name>MWG7: URL Executive Summary for 1 month</name>
- <description>Summary of legitimate vs. protected traffic through all registered MWG7 appliances broken down by scanning engine.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.am.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.dlpfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.appcontrol.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="418">
- <dictionary id="419"/>
- <name>MWG7: Web reputation by hits for 24 hours</name>
- <description>Break-down of the scanned traffic and its web reputation score for all registered MWG7 appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="420">
- <dictionary id="421"/>
- <name>MWG7: Web reputation by hits for 1 month</name>
- <description>Break-down of the scanned traffic and its web reputation score for all registered MWG7 appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="422">
- <dictionary id="423"/>
- <name>EWS: E-Mail (Inbound) Security Summary for last 24 hours</name>
- <description>Summary of inbound e-mail security threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="424">
- <dictionary id="425"/>
- <name>EWS: E-Mail (Outbound) Security Summary for last 24 hours</name>
- <description>Summary of outbound e-mail security threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="426">
- <dictionary id="427"/>
- <name>EWS: E-Mail (Inbound) Security Summary for 1 month</name>
- <description>Summary of inbound e-mail security threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="428">
- <dictionary id="429"/>
- <name>EWS: E-Mail (Outbound) Security Summary for 1 month</name>
- <description>Summary of outbound e-mail security threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="430">
- <dictionary id="431"/>
- <name>EWS: E-Mail Hourly Volume</name>
- <description>Number of e-mails passed through all registered EWS appliances per hour.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22email.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22email.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22email.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.title=MWSEventsView.DetectedUTC&orion.query.type=line.line&orion.sum.group.by=MWSEventsView.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="432">
- <dictionary id="433"/>
- <name>EWS: E-Mail Volume Trends for 1 Month</name>
- <description>Summary of inbound and outbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22email.messages.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.messages.out%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="434">
- <dictionary id="435"/>
- <name>EWS: Web Hourly Volume</name>
- <description>Number of web traffic requests passed through all registered EWS appliances per hour.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22web.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22web.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.title=MWSEventsView.DetectedUTC&orion.query.type=line.line&orion.sum.group.by=MWSEventsView.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="436">
- <dictionary id="437"/>
- <name>EWS: E-Mail Traffic Flow (Inbound) for 1 Month</name>
- <description>Summary of monitored, legitimate and protected inbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="438">
- <dictionary id="439"/>
- <name>EWS: E-Mail Traffic Flow (Outbound) for 1 Month</name>
- <description>Summary of monitored, legitimate and protected outbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="440">
- <dictionary id="441"/>
- <name>EWS: E-Mail Security Trends (Inbound) for 1 Month</name>
- <description>Summary of inbound e-mail security threats through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="442">
- <dictionary id="443"/>
- <name>EWS: E-Mail Security Trends (Outbound) for 1 Month</name>
- <description>Summary of outbound e-mail security threats through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="444">
- <dictionary id="445"/>
- <name>EWS: E-Mail deferred queue for 24 hours</name>
- <description>Summary of deferred e-mail traffic through all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.deferred.queue%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=200&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="446">
- <dictionary id="447"/>
- <name>EWS: Web Security Summary for 24 hours</name>
- <description>Summary of web traffic threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.siteadvisor.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.im.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="448">
- <dictionary id="449"/>
- <name>EWS: Web Security Summary for 1 month</name>
- <description>Summary of web traffic threats detected on all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.siteadvisor.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.im.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="450">
- <dictionary id="451"/>
- <name>EWS: Web Traffic Summary for 24 hours</name>
- <description>Summary of monitored, legitimate and protected web traffic through all registered EWS appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="452">
- <dictionary id="453"/>
- <name>EWS: Web Security Trend for 1 Month</name>
- <description>Summary of web security threats through all registered EWS appliances on a weekly basis.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.virus.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="454">
- <dictionary id="455"/>
- <name>EWS: SMTP (Inbound) 24 Hours</name>
- <description>Summary of the inbound SMTP traffic through all registered EWS appliances broken down by threat type.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22smtp.content.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.dlp.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.legitimate.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.monitored.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.other.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.pups.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.virus.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.sender_auth.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.spam.protected.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="456">
- <dictionary id="457"/>
- <name>EWS: POP3 24 Hours</name>
- <description>Summary of the POP3 traffic through all registered EWS appliances broken down by threat type.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22pop3.legitimate.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.monitored.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.other.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.pups.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.virus.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.spam.protected.in%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="458">
- <dictionary id="459"/>
- <name>EWS: HTTP 24 Hours</name>
- <description>Summary of the HTTP traffic through all registered EWS appliances broken down by threat type.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22http.content.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.virus.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.siteadvisor.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.url.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.im.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="460">
- <dictionary id="461"/>
- <name>EWS: FTP 24 Hours</name>
- <description>Summary of the FTP traffic through all registered EWS appliances broken down by threat type.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22ftp.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.virus.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="462">
- <dictionary id="463"/>
- <name>EWS: ICAP 24 Hours</name>
- <description>Summary of the ICAP traffic through all registered EWS appliances broken down by threat type.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22icap.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.virus.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.siteadvisor.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.url.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.im.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="464">
- <dictionary id="465"/>
- <name>High Risk Web Usage</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_malware.malware_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_reputation.reputation_name+%22High+Risk%22+%29+%28+eq+csr_dim_reputation.reputation_name+%22Medium+Risk%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_reputation.reputation_name%3Acsr_fct_web.datetime_hour_round&orion.sum.order=az%3Aoldest&orion.sum.limit.count=10&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="466">
- <dictionary id="467"/>
- <name>Web Usage by Reputation</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_malware.malware_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_reputation.reputation_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_reputation.reputation_name%3Acsr_fct_web.datetime_hour_round&orion.sum.order=az%3Aoldest&orion.sum.limit.count=10&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="468">
- <dictionary id="469"/>
- <name>Web Malware Detected by Application</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+mesa_known+csr_dim_site_request.application+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_malware.malware_name%3Acsr_dim_site_request.application&orion.sum.order=desc%3Adesc&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="470">
- <dictionary id="471"/>
- <name>Web Malware Detected by Site</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_malware.malware_name%3Acsr_fct_web.site_name&orion.sum.order=desc%3Adesc&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="472">
- <dictionary id="473"/>
- <name>Top Web Client IP Addresses with Malware Detected</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ipaddress.ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="474">
- <dictionary id="475"/>
- <name>Top Web Security Risk Categories</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_category.category_name+%22Anonymizers%22+%29+%28+eq+csr_dim_category.category_name+%22Anonymizing+Utilities%22+%29+%28+eq+csr_dim_category.category_name+%22Browser+Exploits%22+%29+%28+eq+csr_dim_category.category_name+%22Malicious+Downloads%22+%29+%28+eq+csr_dim_category.category_name+%22Malicious+Sites%22+%29+%28+eq+csr_dim_category.category_name+%22P2P%2FFile+Sharing%22+%29+%28+eq+csr_dim_category.category_name+%22Parked+Domain%22+%29+%28+eq+csr_dim_category.category_name+%22Phishing%22+%29+%28+eq+csr_dim_category.category_name+%22Potential+Hacking%2FComputer+Crime%22+%29+%28+eq+csr_dim_category.category_name+%22PUPs%22+%29+%28+eq+csr_dim_category.category_name+%22Spam+URLs%22+%29+%28+eq+csr_dim_category.category_name+%22Spyware%2FAdware%2FKeyloggers%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="476">
- <dictionary id="477"/>
- <name>Top Web Users with Malware Detected</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_user.user_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="478">
- <dictionary id="479"/>
- <name>Web Protection Coverage</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_reason.reason_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_reason.reason_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="480">
- <dictionary id="481"/>
- <name>Top Web Applications</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_site_request.application&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="482">
- <dictionary id="483"/>
- <name>Top Web Categories</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="484">
- <dictionary id="485"/>
- <name>Top Web Client IP Addresses</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ipaddress.ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="486">
- <dictionary id="487"/>
- <name>Top Web Client IP Addresses by Browse Time</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ipaddress.ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.browse_time&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="488">
- <dictionary id="489"/>
- <name>Top Websites</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_web.site_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="490">
- <dictionary id="491"/>
- <name>Top Web Users</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_user.user_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_user.user_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="492">
- <dictionary id="493"/>
- <name>Top Web Users by Browse Time</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_user.user_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_user.user_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.browse_time&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="494">
- <dictionary id="495"/>
- <name>Top Blocked Web Applications</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_site_request.application+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_site_request.application&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="496">
- <dictionary id="497"/>
- <name>Top Blocked Web Categories</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="498">
- <dictionary id="499"/>
- <name>Top Blocked Web Client IP Addresses</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ipaddress.ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="500">
- <dictionary id="501"/>
- <name>Top Blocked Web Malware</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_malware.malware_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="502">
- <dictionary id="503"/>
- <name>Top Blocked Websites</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_web.site_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="504">
- <dictionary id="505"/>
- <name>Top Blocked Websites by Protection Area</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_reason.reason_name+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_reason.reason_name%3Acsr_fct_web.site_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="506">
- <dictionary id="507"/>
- <name>Top Blocked Web Users</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_user.user_name+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_user.user_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="508">
- <dictionary id="509"/>
- <name>Web Policy Enforcement Summary</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_action.action_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="510">
- <dictionary id="511"/>
- <name>Web Bandwidth Consumption by Log Source</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_log_source_name.log_source_name&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="512">
- <dictionary id="513"/>
- <name>Inbound Web Bandwidth Consumption</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.bytes_from_server&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_web.datetime_hour_round&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes_from_server&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="514">
- <dictionary id="515"/>
- <name>Outbound Web Bandwidth Consumption</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.bytes_from_server&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_web.datetime_hour_round&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes_from_client&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="516">
- <dictionary id="517"/>
- <name>Top Web Applications by Bandwidth Consumption</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_site_request.application&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="518">
- <dictionary id="519"/>
- <name>Top Web Bandwidth Consumption Usage by IP Address and Site</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_user.user_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="520">
- <dictionary id="521"/>
- <name>Top Web Bandwidth Consumption Usage by User and Site</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_user.user_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_user.user_name%3Acsr_fct_web.site_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="522">
- <dictionary id="523"/>
- <name>Top Web Categories by Bandwidth Consumption</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="524">
- <dictionary id="525"/>
- <name>Top Web Client IP Addresses by Application</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_site_request.application%3Acsr_dim_ipaddress.ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="526">
- <dictionary id="527"/>
- <name>Top Web Client IP Addresses by Category</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="528">
- <dictionary id="529"/>
- <name>Top Web Users by Application</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_site_request.application%3Acsr_dim_user.user_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="530">
- <dictionary id="531"/>
- <name>Top Web Users by Category</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_category.category_name%3Acsr_dim_user.user_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="532">
- <dictionary id="533"/>
- <name>Web Browsing by Agent</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_access</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_access.datetime%3Acsr_dim_agent.agent_id_group_1%3Acsr_dim_agent.agent_id_string%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_exact_access.site_name%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.bytes&orion.table.order=az&orion.table.order.by=csr_fct_exact_access.datetime%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_agent.agent_id_group_1%3Acsr_dim_agent.agent_id_string%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.url%3Acsr_fct_exact_access.bytes_from_client%3Acsr_fct_exact_access.bytes_from_server</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=bubble.bubble&orion.sum.query=true&orion.sum.group.by=csr_dim_agent.agent_id_group_2%3Acsr_dim_agent.agent_id_group_1&orion.sum.order=az%3Aaz&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="534">
- <dictionary id="535"/>
- <name>Web Usage Trend</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_web.datetime_hour_round&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="536">
- <dictionary id="537"/>
- <name>Top Websites by Bandwidth Consumption</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_web.site_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.bytes&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="538">
- <dictionary id="539"/>
- <name>Web Activity Detail</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_access</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_access.datetime%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_exact_access.site_name%3Acsr_dim_site_request.method%3Acsr_fct_exact_access.url%3Acsr_dim_site_request.content_type%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.bytes&orion.table.order=desc&orion.table.order.by=csr_fct_exact_access.datetime</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="540">
- <dictionary id="541"/>
- <name>Top Blocked Web Categories - On-premise</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="542">
- <dictionary id="543"/>
- <name>Web Hybrid Usage Trend</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_log_source_type.log_source_type%3Acsr_fct_web.datetime_hour_round&orion.sum.order=az%3Aoldest&orion.sum.limit.count=10&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="544">
- <dictionary id="545"/>
- <name>Top Blocked Web Categories - Cloud Service</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_category.category_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="546">
- <dictionary id="547"/>
- <name>Top Blocked Web Malware - On-premise</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_malware.malware_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="548">
- <dictionary id="549"/>
- <name>Web Hybrid Policy Enforcement Summary</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&orion.table.order=az&orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=csr_dim_action.action_name%3Acsr_dim_log_source_type.log_source_type&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10%3A10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="550">
- <dictionary id="551"/>
- <name>Top Blocked Websites - Cloud Service</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_web.site_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="552">
- <dictionary id="553"/>
- <name>Top Blocked Websites - On-premise</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_web.site_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="554">
- <dictionary id="555"/>
- <name>Top Blocked Web Malware - Cloud Service</name>
- <description></description>
- <target>mesaschema.csr_fct_web</target>
- <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&orion.table.order=az&orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_malware.malware_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_web.hits&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="556">
- <dictionary id="557"/>
- <name>Top Attacks</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_name.attack_name+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ips_attack_name.attack_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="558">
- <dictionary id="559"/>
- <name>Attack Summary by Result</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_action.result&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="560">
- <dictionary id="561"/>
- <name>Attack Summary by Severity</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_alert_severity.alert_severity&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="562">
- <dictionary id="563"/>
- <name>Attack Overview</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.sum.limit.count=100%3A10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="564">
- <dictionary id="565"/>
- <name>Attack Overview by Attack Category</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_category.attack_category+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=csr_dim_ips_attack_category.attack_category%3Acsr_dim_ips_attack_category.attack_subcategory&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="566">
- <dictionary id="567"/>
- <name>Attack Overview by Sensor</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_ips_alerts.datetime+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_ips_log_source_sensor.sensor_name%3Acsr_fct_exact_ips_alerts.datetime&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="568">
- <dictionary id="569"/>
- <name>Top Attacks by Source IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_src_ip.src_ipaddress+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ips_src_ip.src_ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="570">
- <dictionary id="571"/>
- <name>Top Attacks by Destination IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_dest_ip.dest_ipaddress+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_ips_dest_ip.dest_ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="572">
- <dictionary id="573"/>
- <name>Top Attacks by Attack Category</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_category.attack_category+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_attack_category.attack_category&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="574">
- <dictionary id="575"/>
- <name>Top Attacks by Application Category</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_application_category.application_category_long_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_application_category.application_category_long_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="576">
- <dictionary id="577"/>
- <name>Top Attacks by Application</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_application_name.application_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_application_name.application_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="578">
- <dictionary id="579"/>
- <name>Top Attack Source Countries</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_src_geo.src_geo_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_src_geo.src_geo_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="580">
- <dictionary id="581"/>
- <name>Top Attack Destination Countries</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_ips_alerts</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_dest_geo.dest_geo_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_ips_dest_geo.dest_geo_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="582">
- <dictionary id="583"/>
- <name>Email Summary by Detections</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_scanner.scanner_desc+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_scanner.scanner_desc&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="584">
- <dictionary id="585"/>
- <name>Email Summary by Direction</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.traffic_direction+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_connection_info.traffic_direction&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="586">
- <dictionary id="587"/>
- <name>Email Summary by Protocol</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.protocol_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_connection_info.protocol_name&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="588">
- <dictionary id="589"/>
- <name>Total Delivered Email Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&orion.condition.sexp=%28+where+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_summary_email.datetime_hour_round&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="590">
- <dictionary id="591"/>
- <name>Total Dropped Email by Domain</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Accept+the+email+and+then+drop+it%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email+and+deny+the+connection+for+a+period+of+time%22+%29+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_src_domain.src_domain&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="592">
- <dictionary id="593"/>
- <name>Total Delivered Email Volume by Bytes</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_delivery</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_delivery.bytes&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_delivery.bytes</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_delivery.datetime+%29+%29&orion.condition.sexp=%28+where+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_delivery.datetime&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_exact_email_delivery.bytes&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="594">
- <dictionary id="595"/>
- <name>Total Delivered Email Volume by Domain and IP</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="596">
- <dictionary id="597"/>
- <name>Email Summary by Action</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_action.action_taken_desc+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_action.action_taken_desc&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="598">
- <dictionary id="599"/>
- <name>Total Bounced Email by Domain</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_reason.reason_desc+%22The+undeliverable+email+has+been+bounced%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_src_domain.src_domain&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="600">
- <dictionary id="601"/>
- <name>Total Dropped Email Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Accept+the+email+and+then+drop+it%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email+and+deny+the+connection+for+a+period+of+time%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_summary_email.datetime_hour_round&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="602">
- <dictionary id="603"/>
- <name>Email Volume by Reason</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_reason.reason_desc+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_email_reason.reason_desc%3Acsr_fct_summary_email.datetime_hour_round&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="604">
- <dictionary id="605"/>
- <name>Top Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_scanner.scanner_desc+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="606">
- <dictionary id="607"/>
- <name>Email Summary by Encryption Type</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.encryption_type_desc+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_connection_info.encryption_type_desc&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="608">
- <dictionary id="609"/>
- <name>Email Virus/Malware/Packers Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+PuP%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_scanner.scanner_desc&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="610">
- <dictionary id="611"/>
- <name>Email Virus/Malware/Packers Volume by Domain and IP</name>
- <description></description>
- <target>mesaschema.csr_fct_summary_email</target>
- <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&orion.table.order=az&orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+PuP%22+%29+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=sum&orion.sum.aggregation.column=csr_fct_summary_email.event_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="612">
- <dictionary id="613"/>
- <name>Top Email Virus Detections</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%29+%28+mesa_known+csr_dim_email_virus.virus_name+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_virus.virus_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="614">
- <dictionary id="615"/>
- <name>Top Content Filtered Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Content+Filter%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Compliancy%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Format+Blocking%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Image+Analysis%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Denial+of+Service%22+%29+%29+%28+ne+csr_dim_email_action.action_taken_desc+%22Allow+the+email+through%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="616">
- <dictionary id="617"/>
- <name>Top Phishing Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="618">
- <dictionary id="619"/>
- <name>Top Internal Recipients of Blocked or Monitored Emails</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Inbound%22+%29+%28+mesa_known+csr_fct_exact_email_detection.recipients+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_exact_email_detection.recipients&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="620">
- <dictionary id="621"/>
- <name>Top External Recipients of Blocked or Monitored Emails</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Outbound%22+%29+%28+mesa_known+csr_fct_exact_email_detection.recipients+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_fct_exact_email_detection.recipients&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="622">
- <dictionary id="623"/>
- <name>Top Phishing Email Senders by Domain</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_src_domain.src_domain&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="624">
- <dictionary id="625"/>
- <name>Email Phishing Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_detection.datetime+%29+%29&orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_exact_email_detection.datetime&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="626">
- <dictionary id="627"/>
- <name>Top Spam Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="628">
- <dictionary id="629"/>
- <name>Top DLP Filtered Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Data+Loss+Prevention%22+%29+%28+ne+csr_dim_email_action.action_taken_desc+%22Allow+the+email+through%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="630">
- <dictionary id="631"/>
- <name>DLP: Agent Version</name>
- <description>This report summarizes the DLP client version installed on endpoint computers</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.contentTrackingMode%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpWorkingFolder%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.lastEpoCommunication%3AUDLP_ComputerProperties.dlpOperationMode&orion.table.order=az&orion.table.order.by=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.contentTrackingMode%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpWorkingFolder%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.lastEpoCommunication</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=UDLP_ComputerProperties.dlpPluginVersion&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="632">
- <dictionary id="633"/>
- <name>DLP: Agent Status</name>
- <description>This report summarizes the DLP client status on endpoint computers</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion&orion.table.order=az&orion.table.order.by=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ComputerProperties.agentStatus&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="634">
- <dictionary id="635"/>
- <name>DLP: Agent Operation mode</name>
- <description>This report summarizes the DLP client operational mode on endpoint computers</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpOperationMode&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ComputerProperties.dlpOperationMode&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="636">
- <dictionary id="637"/>
- <name>DLP: Operational events per type</name>
- <description>This report summarizes the number of DLP operational events per type</description>
- <target>udlpQuerySchema.UDLP_Operationals</target>
- <table-uri>query:table?orion.table.columns=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID&orion.table.order=az&orion.table.order.by=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_Operationals.EventType&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="638">
- <dictionary id="639"/>
- <name>DLP: Distribution of DLP products on endpoint computers</name>
- <description>This report summarizes the Distribution of DLP products on endpoint computers</description>
- <target>udlpQuerySchema.UDLP_ProductDistributionAllView</target>
- <table-uri>query:table?orion.table.columns=UDLP_ProductDistributionAllView.ProductCode%3AUDLP_ProductDistributionAllView.ProductVersion%3AUDLP_EPOProductPropertiesAllView.NodeName%3AUDLP_EPOProductPropertiesAllView.OSType&orion.table.order=az&orion.table.order.by=UDLP_ProductDistributionAllView.ProductCode%3AUDLP_ProductDistributionAllView.ProductVersion%3AUDLP_EPOProductPropertiesAllView.NodeName%3AUDLP_EPOProductPropertiesAllView.OSType</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ProductDistributionAllView.ProductCode&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="640">
- <dictionary id="641"/>
- <name>DLP Discovery (Endpoint): Local Email Storage Scan Current Status</name>
- <description>This report summarizes the current status of Local Email Storage endpoint scans</description>
- <target>udlpQuerySchema.UDLP_UserEmailStorageDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserEmailStorageDiscoveryView.user_name%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScannedSoFar%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanStartDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanEndDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTotalMessages%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryElapsedTime%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTimeToComplete%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryIncidents%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserEmailStorageDiscoveryView.user_name%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScannedSoFar%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanStartDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanEndDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTotalMessages%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryElapsedTime%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTimeToComplete%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryIncidents%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="642">
- <dictionary id="643"/>
- <name>DLP Discovery (Endpoint): Local File System Scan Current Status</name>
- <description>This report summarizes the current status of Local File System endpoint scans</description>
- <target>udlpQuerySchema.UDLP_UserFileSystemDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserFileSystemDiscoveryView.user_name%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScannedSoFar%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanStartDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanEndDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTotalFiles%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryElapsedTime%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTimeToComplete%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryIncidents%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserFileSystemDiscoveryView.user_name%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScannedSoFar%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanStartDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanEndDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTotalFiles%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryElapsedTime%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTimeToComplete%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryIncidents%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="644">
- <dictionary id="645"/>
- <name>DLP: Number of Incidents per day</name>
- <description>This report summarizes number of incidents per day</description>
- <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
- <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.TotalContentSize%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction&orion.table.order=az&orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.TotalContentSize%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=UDLP_IncidentsQueriesView.LastUpdateTimestamp&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="646">
- <dictionary id="647"/>
- <name>DLP: Number of Incidents per severity</name>
- <description>This report summarizes number of incidents per severity</description>
- <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
- <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction&orion.table.order=az&orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_IncidentsQueriesView.Severity&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="648">
- <dictionary id="649"/>
- <name>DLP: Number of Incidents per type</name>
- <description>This report summarizes number of incidents per type</description>
- <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
- <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentsQueriesView.JustificationText&orion.table.order=az&orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentsQueriesView.JustificationText</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_IncidentsQueriesView.IncidentType&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="650">
- <dictionary id="651"/>
- <name>DLP: Number of Incidents per rule set</name>
- <description>This report summarizes number of incidents per rule set</description>
- <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
- <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationTimezone%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentRuleEvidencesQueriesView.RuleSetName%3AUDLP_IncidentRuleEvidencesQueriesView.RuleName&orion.table.order=az&orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationTimezone%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentRuleEvidencesQueriesView.RuleSetName%3AUDLP_IncidentRuleEvidencesQueriesView.RuleName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_IncidentRuleEvidencesQueriesView.RuleSetName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="652">
- <dictionary id="653"/>
- <name>DLP Discovery (Endpoint): Local File System Scan Latest Status</name>
- <description>This report summarizes the latest status of Local File System endpoint scans</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="654">
- <dictionary id="655"/>
- <name>DLP Discovery (Endpoint): Local File System Scan Latest Sensitive Files</name>
- <description>This report summarizes the latest Local File System endpoint scans sensitive files</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="656">
- <dictionary id="657"/>
- <name>DLP Discovery (Endpoint): Local File System Scan Latest Errors</name>
- <description>This report summarizes the latest Local File System endpoint scans errors</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="658">
- <dictionary id="659"/>
- <name>DLP Discovery (Endpoint): Local File System Scan Latest Classifications</name>
- <description>This report summarizes the latest Local File System endpoint scans classifications</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryClassificationView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.NumberOfSensitiveFiles&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.NumberOfSensitiveFiles</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryClassificationView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="660">
- <dictionary id="661"/>
- <name>DLP Discovery (Endpoint): Local Email Scan Latest Status</name>
- <description>This report summarizes the latest status of Local Email endpoint scans</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="662">
- <dictionary id="663"/>
- <name>DLP: Policy distribution</name>
- <description>This report summarizes policy distribution</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ComputerProperties.policyName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="664">
- <dictionary id="665"/>
- <name>DLP: Enforced Rule Sets per endpoint computers</name>
- <description>This report summarizes enforced Rule Sets per endpoint computer</description>
- <target>udlpQuerySchema.UDLP_ComputersToPoliciesView</target>
- <table-uri>query:table?orion.table.columns=UDLP_ComputersToPoliciesView.policyName%3AUDLP_ComputersToPoliciesView.computer_name%3AUDLP_ComputersToPoliciesView.ruleSetName&orion.table.order=az&orion.table.order.by=UDLP_ComputersToPoliciesView.policyName%3AUDLP_ComputersToPoliciesView.computer_name%3AUDLP_ComputersToPoliciesView.ruleSetName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_ComputersToPoliciesView.ruleSetName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="666">
- <dictionary id="667"/>
- <name>DLP: Bypassed users</name>
- <description>This report lists Bypassed users</description>
- <target>udlpQuerySchema.UDLP_UserProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_UserProperties.user_name%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions&orion.table.order=az&orion.table.order.by=UDLP_UserProperties.user_name%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UDLP_UserProperties.policyEnforcementMode+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserProperties.user_name&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="668">
- <dictionary id="669"/>
- <name>DLP Discovery (Endpoint): Local Email Scan Latest Sensitive Files</name>
- <description>This report summarizes the latest Local Email endpoint scans sensitive files</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&show.percentage=false&orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="670">
- <dictionary id="671"/>
- <name>DLP Discovery (Endpoint): Local Email Scan Latest Errors</name>
- <description>This report summarizes the latest Local Email endpoint scans errors</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&show.percentage=false&orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="672">
- <dictionary id="673"/>
- <name>DLP Discovery (Endpoint): Local Email Scan Latest Classifications</name>
- <description>This report summarizes the latest Local Email endpoint scans classifications</description>
- <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryClassificationView</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.NumberOfSensitiveFiles&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.NumberOfSensitiveFiles</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=distinct&orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryClassificationView.computer_id&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="674">
- <dictionary id="675"/>
- <name>DLP: Undefined Device Classes (for Windows Devices)</name>
- <description>This report summarizes undefined device classes for windows devices only</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpOperationMode&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+UDLP_ComputerProperties.undefinedDeviceClassesList+%29+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=UDLP_ComputerProperties.undefinedDeviceClassesList&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="676">
- <dictionary id="677"/>
- <name>DLP: Policy revision distribution</name>
- <description>This report summarizes policy revision distribution</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=UDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="678">
- <dictionary id="679"/>
- <name>Threats detected by the cloud (no signatures) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="680">
- <dictionary id="681"/>
- <name>Threat Events NOT handled (last 1 week) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="682">
- <dictionary id="683"/>
- <name>Top 10 users - Threat Events (last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="684">
- <dictionary id="685"/>
- <name>MWG 6.x: Blocked malware objects by engine for 24 hours</name>
- <description>Summary of blocked security threats broken down by scanning engine through all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.malware.mcafee.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.secure.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="686">
- <dictionary id="687"/>
- <name>MWG 6.x: Blocked malware objects by engine for 1 month</name>
- <description>Summary of blocked security threats broken down by scanning engine through all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.malware.mcafee.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.secure.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="688">
- <dictionary id="689"/>
- <name>MWG 6.x: SSL certificate verification overview for 24 hours</name>
- <description>Summary of verification status for all secure certificates passed through all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="690">
- <dictionary id="691"/>
- <name>MWG 6.x: SSL certificate verification overview for 1 month</name>
- <description>Summary of verification status for all secure certificates passed through all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="692">
- <dictionary id="693"/>
- <name>MWG 6.x: Traffic volume (bytes) by protocol for 24 hours</name>
- <description>Volume of traffic through all registered MWG 6.x appliances broken down by scanned protocol.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="694">
- <dictionary id="695"/>
- <name>MWG 6.x: Traffic volume (bytes) by protocol for 1 month</name>
- <description>Volume of traffic through all registered MWG 6.x appliances broken down by scanned protocol.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="696">
- <dictionary id="697"/>
- <name>MWG 6.x: URL Executive Summary for 24 hours</name>
- <description>Summary of legitimate vs. protected traffic through all registered MWG 6.x appliances broken down by scanning engine.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.av.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="698">
- <dictionary id="699"/>
- <name>MWG 6.x: URL Executive Summary for 1 month</name>
- <description>Summary of legitimate vs. protected traffic through all registered MWG 6.x appliances broken down by scanning engine.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.av.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="700">
- <dictionary id="701"/>
- <name>MWG 6.x: Web reputation by hits for 24 hours</name>
- <description>Break-down of the scanned traffic and its web reputation score for all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="702">
- <dictionary id="703"/>
- <name>MWG 6.x: Web reputation by hits for 1 month</name>
- <description>Break-down of the scanned traffic and its web reputation score for all registered MWG 6.x appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="704">
- <dictionary id="705"/>
- <name>MWG7: SSL certificate verification incidents for 24 hours</name>
- <description>Summary of verification status for all secure certificates passed through all registered MWG7 appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="706">
- <dictionary id="707"/>
- <name>MWG7: SSL certificate verification incidents for 1 month</name>
- <description>Summary of verification status for all secure certificates passed through all registered MWG7 appliances.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=MWSEventsView.CounterName&orion.sum.order=az&orion.sum.limit.count=360&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="708">
- <dictionary id="709"/>
- <name>MWG7: Traffic volume (bytes) by protocol for 24 hours</name>
- <description>Volume of traffic through all registered MWG7 appliances broken down by scanned protocol.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="710">
- <dictionary id="711"/>
- <name>MWG7: Traffic volume (bytes) by protocol for 1 month</name>
- <description>Volume of traffic through all registered MWG7 appliances broken down by scanned protocol.</description>
- <target>MWSEventsView</target>
- <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&orion.table.order=az&orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&groupedbar.title=MWSEventsView.DetectedUTC&orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest%3Adesc&orion.show.other=false&orion.sum.aggregation=sum&orion.sum.aggregation.column=MWSEventsView.Counter&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="712">
- <dictionary id="713"/>
- <name>Threats detected by Local Threat Intelligence (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="714">
- <dictionary id="715"/>
- <name>Top Blocked or Monitored Email Attachments</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.attachments%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.attachments%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Deferred%22+%29+%29+%28+mesa_known+csr_fct_exact_email_detection.attachments+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=csr_fct_exact_email_detection.attachments&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="716">
- <dictionary id="717"/>
- <name>Top External Senders of Blocked or Monitored Emails</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Inbound%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="718">
- <dictionary id="719"/>
- <name>Top Internal Senders of Blocked or Monitored Emails</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Outbound%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="720">
- <dictionary id="721"/>
- <name>Top Blocked or Monitored Email Subjects</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_delivery</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_delivery.msg_id%3Acsr_dim_email_reason.reason_desc%3Acsr_fct_exact_email_delivery.subject%3Acsr_dim_email_sender.sender_name%3Acsr_fct_exact_email_delivery.recipients%3Acsr_fct_exact_email_delivery.bytes&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_delivery.datetime%3Acsr_fct_exact_email_delivery.recipients%3Acsr_fct_exact_email_delivery.bytes%3Acsr_fct_exact_email_delivery.subject%3Acsr_fct_exact_email_delivery.msg_id%3Acsr_fct_exact_email_delivery.num_attachments%3Acsr_fct_exact_email_delivery.attachments%3Acsr_fct_exact_email_delivery.information</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Deferred%22+%29+%29+%28+mesa_known+csr_fct_exact_email_delivery.subject+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=csr_fct_exact_email_delivery.subject&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="722">
- <dictionary id="723"/>
- <name>Top Spam Email Senders by IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_ip.src_ipaddress+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="724">
- <dictionary id="725"/>
- <name>Email Spam Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_detection.datetime+%29+%29&orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_exact_email_detection.datetime&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="726">
- <dictionary id="727"/>
- <name>Top Viral Email Senders</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=csr_dim_email_sender.sender_name&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="728">
- <dictionary id="729"/>
- <name>Email Phishing Volume by Domain and IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="730">
- <dictionary id="731"/>
- <name>Top Spam Email Senders by Domain</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_src_domain.src_domain&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="732">
- <dictionary id="733"/>
- <name>Top Phishing Email Senders by IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_ip.src_ipaddress+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=csr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="734">
- <dictionary id="735"/>
- <name>Email Spam Volume by Domain and IP</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_email_detection</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&orion.table.order=az&orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A5&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="736">
- <dictionary id="737"/>
- <name>Authentication Overview by Geolocation</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail%3Acsr_dim_otp_geo.geo_name&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail%3Acsr_dim_otp_geo.geo_name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_geo.geo_name+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=csr_dim_otp_geo.geo_name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="738">
- <dictionary id="739"/>
- <name>Authentication Overview by Reason</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=csr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="740">
- <dictionary id="741"/>
- <name>Authentication Overview by Result</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_otp.datetime+%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.multiline&orion.sum.group.by=csr_dim_otp_result.otp_result%3Acsr_fct_exact_otp.datetime&orion.sum.order=desc%3Aoldest&orion.sum.limit.count=50&orion.sum.time.cols=%3Atrue&orion.sum.time.unit=%3Aday&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="742">
- <dictionary id="743"/>
- <name>Top Delivery Methods by Destination</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_identity.otp_identity+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=csr_dim_otp_identity.otp_identity%3Acsr_dim_otp_delivery_method.delivery_method&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10%3A10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="744">
- <dictionary id="745"/>
- <name>Top Delivery Methods by Username</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_delivery_method.delivery_method+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=csr_dim_otp_username.user_name%3Acsr_dim_otp_delivery_method.delivery_method&orion.sum.order=desc%3Adesc&orion.sum.limit.count=10%3A10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="746">
- <dictionary id="747"/>
- <name>Authentication Event Volume</name>
- <description></description>
- <target>mesaschema.csr_fct_exact_otp</target>
- <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&orion.table.order=az&orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_otp.datetime+%29+%29&orion.condition.sexp=%28+where+%28+mesa_success+csr_dim_otp_result.otp_result+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=csr_fct_exact_otp.datetime&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="748">
- <dictionary id="749"/>
- <name>Threat detection by OS (Last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="750">
- <dictionary id="751"/>
- <name>Threats detected locally (signatures only) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="752">
- <dictionary id="753"/>
- <name>Unique threats detected in the cloud (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="754">
- <dictionary id="755"/>
- <name>Threats for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="756">
- <dictionary id="757"/>
- <name>Threats for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="758">
- <dictionary id="759"/>
- <name>Threats/Host for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="760">
- <dictionary id="761"/>
- <name>Threats/Host for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="762">
- <dictionary id="763"/>
- <name>Threats/File for 1 Day</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="764">
- <dictionary id="765"/>
- <name>Threats/File for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="766">
- <dictionary id="767"/>
- <name>Threats/File for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="768">
- <dictionary id="769"/>
- <name>DLP: Privileged Users</name>
- <description>This report summarizes privileged users</description>
- <target>udlpQuerySchema.UDLP_UserProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_UserProperties.user_name%3AUDLP_UserProperties.computer_id%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions%3AUDLP_UserProperties.evidencePath%3A&orion.table.order=az&orion.table.order.by=UDLP_UserProperties.user_name%3AUDLP_UserProperties.computer_id%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions%3AUDLP_UserProperties.evidencePath%3A</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UDLP_UserProperties.userPrivilegedPermissions+1++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserProperties.user_name&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="770">
- <dictionary id="771"/>
- <name>DLP: Chrome Support Summary</name>
- <description>This report summarizes Chrome support</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ComputerProperties.isChromeVersionSupported&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="772">
- <dictionary id="773"/>
- <name>DLP: Chrome unsupported versions </name>
- <description>This report displays unsupported Chrome versions</description>
- <target>udlpQuerySchema.UDLP_ComputerProperties</target>
- <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed&orion.table.order=az&orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+UDLP_ComputerProperties.isChromeVersionSupported+2++%29+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UDLP_ComputerProperties.lastChromeVersionUsed&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="774">
- <dictionary id="775"/>
- <name>Versions of Products - ALL TC</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="776">
- <dictionary id="777"/>
- <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 24 hours</name>
- <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="778">
- <dictionary id="779"/>
- <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 48 hours</name>
- <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for machines not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="780">
- <dictionary id="781"/>
- <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 48 hours</name>
- <description>Operations report for machines that require action. This query will show you new infections that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="782">
- <dictionary id="783"/>
- <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 24 hours</name>
- <description>Operational report for that shows machines that may require action. This query will show you new infections that VirusScan may not be fully cleaning in the past day. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for the past 2 days.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&multigroup.title=EPOEvents.ThreatName&orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&orion.sum.order=az%3Aaz%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="784">
- <dictionary id="785"/>
- <name>M-VS Access Protection FW Rules Triggered AND Blocked in the Past 3 Days</name>
- <description>These are access protection FW rules that are being blocked by VS. The only default FW rule enabled in VS is reporting/blocking IRC communication and SMTP port 25. Broken down by threat IP address, process name, and rule that is being triggered. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1094++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&orion.sum.order=az%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="786">
- <dictionary id="787"/>
- <name>M-VS Access Protection FW Rules Triggered but NOT Blocked in the Past 3 Days</name>
- <description>These are access protection FW rules that are set to report only and not block. The only default FW rule enabled in VS is reporting/blocking IRC communication. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1096++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&orion.sum.order=az%3Aaz%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="788">
- <dictionary id="789"/>
- <name>Threats detected locally (signatures only) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="790">
- <dictionary id="791"/>
- <name>Unique threats detected in the cloud (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="792">
- <dictionary id="793"/>
- <name>Top 10 endpoints - Threat Events (last 7 days) (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="794">
- <dictionary id="795"/>
- <name>Unsigned Unknown Files</name>
- <description>Find unknown files that are not signed from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+fileJoined.composite_reputation+50++%29+%28+eq+fileJoined.composite_reputation+0++%29+%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="796">
- <dictionary id="797"/>
- <name>TIE Server Unsigned Unknown Files Usage</name>
- <description>Find unsigned unknown files per composite reputation and group them by their first and last access.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.type%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.type%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+15552000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.last_access_date+604800000++%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=fileJoined.last_access_date%3AfileJoined.create_date&orion.sum.time.cols=true%3Atrue&orion.sum.time.unit=week%3Aweek&orion.sum.order=oldest%3Aoldest&orion.sum.limit.count=1&orion.sum.aggregation=count%3Amax&orion.sum.aggregation.column=%3AfileJoined.ent_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="798">
- <dictionary id="799"/>
- <name>Unsigned Unknown Files by Company</name>
- <description>Find Unsigned Unknown Files by company from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.company_name&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count%3Amax&orion.sum.aggregation.column=%3AfileJoined.ent_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="800">
- <dictionary id="801"/>
- <name>Most Active Parents of Unknown Files</name>
- <description>Find the most active parent Files of Unknown Files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.parent_sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.parent_sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+fileJoined.parent_sha1+%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.parent_sha1&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count%3Asum&orion.sum.aggregation.column=%3AfileJoined.ent_count&orion.sum.aggregation.showTotal=true%3Atrue</summary-uri>
- </query>
- <query id="802">
- <dictionary id="803"/>
- <name>Most Monitored Unknown Files</name>
- <description>Find the 10 most monitored Unknown Files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+gt+fileJoined.localrep_count+10++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.sha1&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=max&orion.sum.aggregation.column=fileJoined.localrep_count</summary-uri>
- </query>
- <query id="804">
- <dictionary id="805"/>
- <name>Most Active Endpoints</name>
- <description>Find the 10 systems that reported the largest number of New Files from last month.</description>
- <target>TieServerSchema.agent_new_file_summary</target>
- <table-uri>query:table?orion.table.columns=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count&orion.table.order=az&orion.table.order.by=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+agent_new_file_summary.date+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=agent_new_file_summary.agent&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=sum&orion.sum.aggregation.column=agent_new_file_summary.count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="806">
- <dictionary id="807"/>
- <name>Signed Unknown Files</name>
- <description>Find signed unknown files from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+fileJoined.composite_reputation+50++%29+%28+eq+fileJoined.composite_reputation+0++%29+%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%28+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=fileJoined.create_date&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="808">
- <dictionary id="809"/>
- <name>Signed Unknown Files per Certificate Subject</name>
- <description>Find files split by certificate subject and SHA-1.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=fileJoined.cert_subject%3AfileJoined.cert_sha1&orion.sum.order=desc%3Adesc&orion.sum.limit.count=20%3A10&orion.sum.aggregation=count%3Amax&orion.sum.aggregation.column=%3AfileJoined.ent_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="810">
- <dictionary id="811"/>
- <name>Signed Unknown Files by Company</name>
- <description>Find signed Unknown Files by company from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=fileJoined.company_name&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count%3Amax&orion.sum.aggregation.column=%3AfileJoined.ent_count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="812">
- <dictionary id="813"/>
- <name>Signed Unknown Files by Product</name>
- <description>Find signed Unknown Files by product from last month.</description>
- <target>TieServerSchema.fileJoined</target>
- <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&orion.table.order=az&orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.multigroup&orion.sum.group.by=fileJoined.company_name%3AfileJoined.product_name&orion.sum.order=desc%3Adesc&orion.sum.limit.count=20%3A20&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="814">
- <dictionary id="815"/>
- <name>M-Top 10 Computers with the Most Detections Cleaned in Past 3 Days</name>
- <description>Displays the top ten computers with the most detections in the last 3 Days</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+not_isBlank+EPOComputerProperties.ComputerName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOLeafNode.NodeName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOLeafNode.NodeName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="816">
- <dictionary id="817"/>
- <name>M-Top 10 Users with the Most Detections Cleaned in the Last 3 Days</name>
- <description>Top 10 user with the most infections cleaned in the last 3 days. Local System and Network username have been removed.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+notContains+EPOEvents.TargetUserName+%22authority%22+%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="818">
- <dictionary id="819"/>
- <name>Malware Detection History</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="820">
- <dictionary id="821"/>
- <name>Threats detected locally (signatures only)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="822">
- <dictionary id="823"/>
- <name>Unique threats detected in the cloud</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.ThreatName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="824">
- <dictionary id="825"/>
- <name>Top 10 endpoints - Threat Events (last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="826">
- <dictionary id="827"/>
- <name>Threats detected by the cloud (no signatures)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="828">
- <dictionary id="829"/>
- <name>Threat Events NOT handled (last 1 week)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="830">
- <dictionary id="831"/>
- <name>Top 10 users - Threat Events (last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="832">
- <dictionary id="833"/>
- <name>Threats detected by Local Threat Intelligence</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="834">
- <dictionary id="835"/>
- <name>Versions of Products - ALL</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="836">
- <dictionary id="837"/>
- <name>VSE Engine Versions Summary</name>
- <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="838">
- <dictionary id="839"/>
- <name>DAT Versions Summary</name>
- <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="840">
- <dictionary id="841"/>
- <name>Agent Versions Summary</name>
- <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="842">
- <dictionary id="843"/>
- <name>VirusScan Patch Versions</name>
- <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="844">
- <dictionary id="845"/>
- <name>Systems per Top-Level Group</name>
- <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&bool.red.text=Non-Compliant&orion.sum.query=true&bool.green.text=Compliant&orion.query.type=bar.bar&bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&bar.count.title=EPOLeafNode&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="846">
- <dictionary id="847"/>
- <name>Operating System Types PIE Charat</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOComputerProperties.OSType&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="848">
- <dictionary id="849"/>
- <name>Duplicate Systems Names by First Level Group</name>
- <description>Lists all system names that appear in multiple System Tree locations.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOLeafNode.NodeName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="850">
- <dictionary id="851"/>
- <name>Systems Not Reporting in - more than 30 Days</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L2ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="852">
- <dictionary id="853"/>
- <name>Systems with High Sequence Errors by Group</name>
- <description>Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.NodeTextPath2&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="854">
- <dictionary id="855"/>
- <name>UnManaged Systems by Group</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="856">
- <dictionary id="857"/>
- <name>Threat Events in the Last 2 Weeks</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks. </description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="858">
- <dictionary id="859"/>
- <name>Most Numerous Threat Event Descriptions in the Database</name>
- <description>Shows the most numerous threat events found in the database today. This can let you pinpoint events that may be overwhelming your database and then you can filter them by disabling them.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=40&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="860">
- <dictionary id="861"/>
- <name>Repositories Composite Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="862">
- <dictionary id="863"/>
- <name>Systems in Lost and Found</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L2ParentID&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="864">
- <dictionary id="865"/>
- <name>Rogue Systems, By OUI (Last 7 Days)</name>
- <description>Rogue Systems, By OUI (Last 7 Days)</description>
- <target>RSDInterfaces</target>
- <table-uri>query:table?orion.table.columns=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName&orion.table.order=az&orion.table.order.by=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+RSDInterfaces.LastDetectedTime+604800000++%29+%28+eq+RSDDetectedSystems.Rogue+%221%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=RSDInterfaces.OrgName&orion.query.type=pie.pie&orion.sum.group.by=RSDInterfaces.OrgName&orion.sum.order=desc&orion.show.other=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="866">
- <dictionary id="867"/>
- <name>PoV: Last 3 Months Detections Trend for TIE (imported)</name>
- <description>Last 3 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="868">
- <dictionary id="869"/>
- <name>PoV: Last 3 Months Detections Trend for HIPS (imported)</name>
- <description>Last 3 Month Detections Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="870">
- <dictionary id="871"/>
- <name>PoV: Last 2 Weeks Detections Trend for TIE</name>
- <description>Last 2 weeks Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="872">
- <dictionary id="873"/>
- <name>OBM: Detected Threats over the past 4 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="874">
- <dictionary id="875"/>
- <name>Repositories and Percentage Utilization</name>
- <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and needed repository configuration improvements in policy.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="876">
- <dictionary id="877"/>
- <name>Applied Policies Bubble Chart</name>
- <description></description>
- <target>EPOAssignedPolicy</target>
- <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID&orion.table.order=az&orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=bubble.bubble&orion.sum.query=true&orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.FeatureTextID&orion.sum.order=az%3Aaz&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="878">
- <dictionary id="879"/>
- <name>SiteAdvisor Product Versions</name>
- <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="880">
- <dictionary id="881"/>
- <name>ePO DB Table Space Usage</name>
- <description>Displays the space used by each table in the ePO database. Values are updated when the PA: Get Index and Space Statistics server task is run.</description>
- <target>PATableSizeView</target>
- <table-uri>query:table?orion.table.columns=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB&orion.table.order=az&orion.table.order.by=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=summary.topn&orion.sum.group.by=PATableSizeView.TabName&orion.sum.order=desc&orion.sum.aggregation=sum&orion.sum.aggregation.column=PATableSizeView.ReservedMB&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="882">
- <dictionary id="883"/>
- <name>Agent Handler Status</name>
- <description>Agent handler communication status within the last hour.</description>
- <target>EPOAgentHandlers</target>
- <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&orion.table.order=az&orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=Not+Communicating&orion.sum.query=true&bool.green.text=Communicating&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="884">
- <dictionary id="885"/>
- <name>VSE Versions</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="886">
- <dictionary id="887"/>
- <name>PoV: Last Month Detections per Product</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="888">
- <dictionary id="889"/>
- <name>PoV: Last 3 Months Detections Trend for TIE</name>
- <description>Last 3 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="890">
- <dictionary id="891"/>
- <name>PoV: Last 3 Months Detections Trend for Virus Scan</name>
- <description>Last 3 Month Detections Trend for Virus Scan</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="892">
- <dictionary id="893"/>
- <name>PoV: Last 3 Months Detections Trend for ENS</name>
- <description>Last 3 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="894">
- <dictionary id="895"/>
- <name>PoV: Last 3 Months Detections Trend for HIPS</name>
- <description>Last 3 Month Detections Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="896">
- <dictionary id="897"/>
- <name>PoV: Last 1 Months Detections Trend for HIPS</name>
- <description>Last 1 Month Detection Trend for HIPS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="898">
- <dictionary id="899"/>
- <name>PoV: Last 1 Month Detections Trend for TIE</name>
- <description>Last 1 Month Detections Trend for TIE</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="900">
- <dictionary id="901"/>
- <name>PoV: Last 1 Month Detections Trend for ENS</name>
- <description>Last 1 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="902">
- <dictionary id="903"/>
- <name>PoV: Last 3 Month Detections per Product</name>
- <description>Displays a pie chart of detections within the last 3 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="904">
- <dictionary id="905"/>
- <name>PoV: Last Day Detections per Product</name>
- <description>Displays a pie chart of detections within the last 1 day organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="906">
- <dictionary id="907"/>
- <name>PoV: Last Month Detections per Product (imported)</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEvents.AnalyzerName&orion.query.type=pie.pie&pie.count.title=Events&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="908">
- <dictionary id="909"/>
- <name>PoV: Last Month Detections per Product by Severity-bar</name>
- <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOEvents.AnalyzerName%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="910">
- <dictionary id="911"/>
- <name>TIE: Last 1 Week Rule Names and Action Taken</name>
- <description></description>
- <target>JTIClientEventInfoView</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&orion.table.order=za&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatActionTaken&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="912">
- <dictionary id="913"/>
- <name>PoV: Last 3 Months Detections Trend for Virus Scan (imported)</name>
- <description>Last 3 Month Detections Trend for Virus Scan</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="914">
- <dictionary id="915"/>
- <name>PoV: Last 3 Months Detections Trend for ENS (imported)</name>
- <description>Last 3 Month Detections Trend for ENS</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="916">
- <dictionary id="917"/>
- <name>OBM: Detected Threats 4 to 8 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="918">
- <dictionary id="919"/>
- <name>OBM: Detected Threats 8 to 12 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="920">
- <dictionary id="921"/>
- <name>OBM: Infected Systems over the past 4 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="922">
- <dictionary id="923"/>
- <name>OBM: Infected Systems over the past 4 to 8 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="924">
- <dictionary id="925"/>
- <name>OBM: Infected Systems over the past 8 to 12 hours</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=false</summary-uri>
- </query>
- <query id="926">
- <dictionary id="927"/>
- <name>VSE Versions Summary (imported)</name>
- <description>Displays a pie chart of installed VSE versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="928">
- <dictionary id="929"/>
- <name>VSE Engine Versions Summary (imported)</name>
- <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="930">
- <dictionary id="931"/>
- <name>DAT Versions Summary (imported)</name>
- <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=za&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="932">
- <dictionary id="933"/>
- <name>Agent Versions Summary (imported)</name>
- <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&orion.query.type=pie.pie&pie.count.title=Computers&show.percentage=false&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="934">
- <dictionary id="935"/>
- <name>VirusScan Patch Versions (imported)</name>
- <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="936">
- <dictionary id="937"/>
- <name>Systems per Top-Level Group (imported)</name>
- <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&orion.table.order=az&orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&bool.red.text=Non-Compliant&orion.sum.query=true&bool.green.text=Compliant&orion.query.type=bar.bar&bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&bar.count.title=EPOLeafNode&orion.sum.group.by=EPOBranchNode.L1ParentID&orion.sum.order=desc&orion.sum.limit.count=20&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="938">
- <dictionary id="939"/>
- <name>SiteAdvisor Product Versions (imported)</name>
- <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="940">
- <dictionary id="941"/>
- <name>Agent Communication Summary</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="942">
- <dictionary id="943"/>
- <name>Composite Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="944">
- <dictionary id="945"/>
- <name>DAT Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.SiteName&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="946">
- <dictionary id="947"/>
- <name>Install Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="948">
- <dictionary id="949"/>
- <name>Invalid Repositories</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.HostName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="950">
- <dictionary id="951"/>
- <name>Patch Utilization</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22HotFix%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="952">
- <dictionary id="953"/>
- <name>Update Errors</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%28+ne+EPOProductEvents.Error+0++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.Error&orion.sum.order=az%3Aaz&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="954">
- <dictionary id="955"/>
- <name>Threat Events in the Last Week</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="956">
- <dictionary id="957"/>
- <name>Top 10 endpoints - Threat Events Last 24h</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.AnalyzerHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="958">
- <dictionary id="959"/>
- <name>Malware Detections</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="960">
- <dictionary id="961"/>
- <name>Top 10 Users with the Most Detections Last 24h</name>
- <description>Top 10 user with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="962">
- <dictionary id="963"/>
- <name>Convictions by Technology</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="964">
- <dictionary id="965"/>
- <name>Last Month ENS Detections</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="966">
- <dictionary id="967"/>
- <name>Application Containment Results</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="968">
- <dictionary id="969"/>
- <name>Endpoint Detection Events by Analyzer Type</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="970">
- <dictionary id="971"/>
- <name>Threat detection by OS (Last 7 days)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="972">
- <dictionary id="973"/>
- <name>Malware Detection History (imported)</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="974">
- <dictionary id="975"/>
- <name>Agent + Protection</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+7776000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?horizontal=true&orion.sum.query=true&orion.query.type=bar.stackedbar&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion%3AEPOProdPropsView_THREATPREVENTION.productversion&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="976">
- <dictionary id="977"/>
- <name>Agent Communication Summary (imported)</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="978">
- <dictionary id="979"/>
- <name>DAT versions (last 1 month)</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&orion.table.order=az&orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOLeafNode.ManagedState+1++%29+%28+newerThan+EPOLeafNode.LastUpdate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="980">
- <dictionary id="981"/>
- <name>Failed DAT Updates (last week)</name>
- <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+258++%29+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOProductEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=hour&orion.sum.order=oldest&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="982">
- <dictionary id="983"/>
- <name>Distributed Repository Status</name>
- <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
- <target>EPORepositoryStatus</target>
- <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&orion.table.order=az&orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=failure&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&bool.green.text=success&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="984">
- <dictionary id="985"/>
- <name>Server Task Errors (last month)</name>
- <description></description>
- <target>OrionTaskLogTask</target>
- <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&orion.table.order=az&orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=OrionTaskLogTask.Status&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="986">
- <dictionary id="987"/>
- <name>Malware Detection History (imported 2)</name>
- <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&line.count.title=EPOEvents&orion.query.type=line.line&line.title=EPOEvents.DetectedUTC&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="988">
- <dictionary id="989"/>
- <name>Top 10 endpoints - Threat Events (last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="990">
- <dictionary id="991"/>
- <name>Threats detected by the cloud (no signatures) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="992">
- <dictionary id="993"/>
- <name>Threat Events NOT handled (last 1 week) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.ThreatHandled&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="994">
- <dictionary id="995"/>
- <name>Top 10 users - Threat Events (last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="996">
- <dictionary id="997"/>
- <name>Threats detected by Local Threat Intelligence (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=week&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="998">
- <dictionary id="999"/>
- <name>Top Blocked Sites by Users</name>
- <description>SiteAdvisor Enterprise: Top 100 sites that were blocked over the last 30 days.</description>
- <target>SAEEvent</target>
- <table-uri>query:table?orion.table.columns=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName%3ASAEEvent.Count&orion.table.order=az&orion.table.order.by=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+SAEEvent.EventTypeID+18600++%29+%28+newerThan+SAEEvent.DetectedUTC+2592000000++%29+%28+eq+SAEEvent.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=SAEEvent.DomainName&orion.query.type=summary.topn&orion.sum.group.by=SAEEvent.UserID&orion.sum.order=desc&orion.sum.limit.count=100&orion.sum.aggregation=sum&orion.sum.aggregation.column=SAEEvent.Count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1000">
- <dictionary id="1001"/>
- <name>Threat detection by OS (Last 7 days) (imported 2)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.groupedbar&orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&orion.sum.order=desc%3Adesc&orion.sum.limit.count=100%3A100&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1002">
- <dictionary id="1003"/>
- <name>Threats for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1004">
- <dictionary id="1005"/>
- <name>Threats for 1 Week (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1006">
- <dictionary id="1007"/>
- <name>Threat Events in the Last Week (imported)</name>
- <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=line.line&orion.sum.group.by=EPOEvents.DetectedUTC&orion.sum.time.cols=true&orion.sum.time.unit=day&orion.sum.order=oldest&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1008">
- <dictionary id="1009"/>
- <name>Top 10 endpoints - Threat Events Last 24h (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=EPOEvents.AnalyzerHostName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1010">
- <dictionary id="1011"/>
- <name>Malware Detections (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&orion.sum.order=desc%3Adesc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1012">
- <dictionary id="1013"/>
- <name>Top 10 Users with the Most Detections Last 24h (imported)</name>
- <description>Top 10 user with the most detections in the last three months.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&topn.title=EPOEvents.TargetUserName&topn.count.title=EPOEvents&orion.query.type=summary.topn&orion.sum.group.by=EPOEvents.TargetUserName&orion.sum.order=desc&orion.sum.limit.count=10&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1014">
- <dictionary id="1015"/>
- <name>Convictions by Technology (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerName&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1016">
- <dictionary id="1017"/>
- <name>Last Month ENS Detections (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1018">
- <dictionary id="1019"/>
- <name>Application Containment Results (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1020">
- <dictionary id="1021"/>
- <name>Endpoint Detection Events by Analyzer Type (imported)</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1022">
- <dictionary id="1023"/>
- <name>Threats for 1 Month</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1024">
- <dictionary id="1025"/>
- <name>Threats/Host for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1026">
- <dictionary id="1027"/>
- <name>Threats/Host for 1 Week</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1028">
- <dictionary id="1029"/>
- <name>Threats/Host for 1 Month (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1030">
- <dictionary id="1031"/>
- <name>Threats/File for 1 Day (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1032">
- <dictionary id="1033"/>
- <name>Threats/File for 1 Week (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1034">
- <dictionary id="1035"/>
- <name>Threats/File for 1 Month (imported)</name>
- <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&orion.table.order=az&orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&orion.sum.order=az%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1036">
- <dictionary id="1037"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 categories chart</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Category_Query_Chart</target>
- <table-uri>query:table?orion.table.columns=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total&orion.table.order=az&orion.table.order.by=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Category_Query_Chart.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=UA_Category_Query_Chart.Description&orion.sum.order=desc&orion.sum.limit.count=360&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1038">
- <dictionary id="1039"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 analyze table</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Analyse_Query</target>
- <table-uri>query:table?orion.table.columns=UA_Analyse_Query.Product%3AUA_Analyse_Query.Your_Environment%3AUA_Analyse_Query.Required_Update%3AUA_Analyse_Query.Endpoints&orion.table.order=asc&orion.table.order.by=UA_Analyse_Query.Product</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Analyse_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table&orion.sum.query=false</summary-uri>
- </query>
- <query id="1040">
- <dictionary id="1041"/>
- <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 plan table</name>
- <description>Expired or old data? Click on 'Analyze Environment' to refresh this query for All Endpoints</description>
- <target>UA_Plan_Query</target>
- <table-uri>query:table?orion.table.columns=UA_Plan_Query.Required_Actions%3AUA_Plan_Query.Restarts%3AUA_Plan_Query.Servers%3AUA_Plan_Query.Workstations%3AUA_Plan_Query.Total&orion.table.order=az&orion.table.order.by=UA_Plan_Query.Required_Actions</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Plan_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=table.table</summary-uri>
- </query>
- <query id="1042">
- <dictionary id="1043"/>
- <name>Systeme pro Agentensteuerung</name>
- <description>Zeigt ein Kreisdiagramm von verwalteten Systemen an, wobei jedes Segment fΓΌr eine Agentensteuerung steht.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=&orion.sum.group.by=EPOAgentHandlers.DNSName&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1044">
- <dictionary id="1045"/>
- <name>Inaktive Agenten</name>
- <description>Agenten vom Typ McAfee Agent, die in den letzten 30 Tagen nicht mit dem ePolicy Orchestrator-Server kommuniziert haben.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1046">
- <dictionary id="1047"/>
- <name>Agent Communication Summary (imported 2)</name>
- <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
- <summary-uri>query:summary?bool.red.text=Non+Compliant&orion.sum.query=true&bool.green.text=Compliant&bool.show.criteria=false&orion.query.type=pie.bool&bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&show.percentage=false&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1048">
- <dictionary id="1049"/>
- <name>Systeme in Lost & Found</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.Tags%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.IPHostName&orion.table.order=asc&orion.table.order.by=EPOLeafNode.LastUpdate</table-uri>
- <condition-uri>query:condition?orion.requied.sexp=&orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.topn&orion.sum.query=true&orion.sum.group.by=EPOLeafNode.NodeName&orion.sum.order=desc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1050">
- <dictionary id="1051"/>
- <name>OS overview</name>
- <description></description>
- <target>EPOLeafNode</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion&orion.table.order=az&orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=false&orion.sum.group.by=EPOComputerProperties.OSType&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1052">
- <dictionary id="1053"/>
- <name>Total Threat Events in EPO Database</name>
- <description></description>
- <target>EPOEvents</target>
- <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&orion.table.order=az&orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&pie.slice.title=EPOEventFilterDesc.Name&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=10&orion.show.other=true&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1054">
- <dictionary id="1055"/>
- <name>Total Client Events in EPO Database</name>
- <description></description>
- <target>EPOProductEvents</target>
- <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&orion.table.order=az&orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=pie.pie&show.percentage=true&orion.sum.group.by=EPOEventFilterDesc.Name&orion.sum.order=desc&orion.sum.limit.count=360&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1056">
- <dictionary id="1057"/>
- <name>Server Task Errors (last month) (imported)</name>
- <description></description>
- <target>OrionTaskLogTask</target>
- <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&orion.table.order=az&orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
- <summary-uri>query:summary?orion.sum.query=true&orion.query.type=bar.bar&orion.sum.group.by=OrionTaskLogTask.Status&orion.sum.order=desc&orion.sum.limit.count=200&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- <query id="1058">
- <dictionary id="1059"/>
- <name>Versions of Products - ALL (imported)</name>
- <description></description>
- <target>EPOSystemProductVersionInfo</target>
- <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&orion.table.order=az&orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
- <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
- <summary-uri>query:summary?orion.query.type=summary.multigroup&orion.sum.query=true&orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&orion.sum.order=desc%3Adesc&orion.sum.aggregation=count&orion.sum.aggregation.showTotal=true</summary-uri>
- </query>
- </list>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement