API tools faq
paste
Advertisement
dev247

McAfee ePO 5.9.1 - Report Queries

dev247
Jul 13th, 2018
1,684
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 720.70 KB | None | 0 0
raw download clone embed print report
  1. <list id="1">
  2.   <query id="2">
  3.     <dictionary id="3"/>
  4.     <name>Effective permissions for users</name>
  5.     <description>Shows all permissions for each user</description>
  6.     <target>EntitlementView</target>
  7.     <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&amp;orion.table.order=az&amp;orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
  8.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ne+EntitlementView.RoleUri+%22%25%25NOEPOROLES%25%25%22+%29+%29</condition-uri>
  9.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EntitlementView.PrincipalName%3AEntitlementView.RoleUri&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  10.   </query>
  11.   <query id="4">
  12.     <dictionary id="5"/>
  13.     <name>Permission set details</name>
  14.     <description>Shows the permissions associated with each permission set</description>
  15.     <target>EntitlementView</target>
  16.     <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&amp;orion.table.order=az&amp;orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
  17.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  18.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EntitlementView.GroupName%3AEntitlementView.RoleUri&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  19.   </query>
  20.   <query id="6">
  21.     <dictionary id="7"/>
  22.     <name>Permission set membership</name>
  23.     <description>Shows the permission sets associated with each principal</description>
  24.     <target>EntitlementView</target>
  25.     <table-uri>query:table?orion.table.columns=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri&amp;orion.table.order=az&amp;orion.table.order.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName%3AEntitlementView.RoleUri</table-uri>
  26.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  27.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=EntitlementView.PrincipalName%3AEntitlementView.GroupName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=EntitlementView.GroupName&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  28.   </query>
  29.   <query id="8">
  30.     <dictionary id="9"/>
  31.     <name>Policy Assignment Change History by User (30 days)</name>
  32.     <description>Displays a report grouped by user of all policy assignments in the last 30 days as recorded in the Audit log.</description>
  33.     <target>OrionAuditLog</target>
  34.     <table-uri>query:table?orion.table.columns=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.Message&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.Message</table-uri>
  35.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Assign+policy%22+%29+%28+eq+OrionAuditLog.CmdName+%22Remove+policy+assignment%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+policy+assignment+rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+Policy+Assignment+Rule+Priority%22+%29+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%28+ne+OrionAuditLog.UserName+%22system%22+%29+%29+%29</condition-uri>
  36.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=OrionAuditLog.UserName&amp;orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  37.   </query>
  38.   <query id="10">
  39.     <dictionary id="11"/>
  40.     <name>Today&apos;s Detections per Product</name>
  41.     <description>Displays a pie chart of detections within the last 24 hours organized by detecting product.</description>
  42.     <target>EPOEvents</target>
  43.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  44.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  45.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  46.   </query>
  47.   <query id="12">
  48.     <dictionary id="13"/>
  49.     <name>Systems per Top-Level Group</name>
  50.     <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
  51.     <target>EPOLeafNode</target>
  52.     <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
  53.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  54.     <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&amp;bool.red.text=nonCompliant&amp;orion.sum.query=true&amp;bool.green.text=compliant&amp;orion.query.type=bar.bar&amp;bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&amp;bar.count.title=EPOLeafNode&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  55.   </query>
  56.   <query id="14">
  57.     <dictionary id="15"/>
  58.     <name>Duplicate Systems Names</name>
  59.     <description>Lists all system names that appear in multiple System Tree locations.</description>
  60.     <target>EPOLeafNode</target>
  61.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
  62.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
  63.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  64.   </query>
  65.   <query id="16">
  66.     <dictionary id="17"/>
  67.     <name>McAfee Agent Compliance Summary</name>
  68.     <description>Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.</description>
  69.     <target>EPOLeafNode</target>
  70.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSPlatform%3AEPOProdPropsView_EPOAGENT.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSPlatform%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
  71.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOLeafNode.LastUpdate+86400000++%29+%29</condition-uri>
  72.     <summary-uri>query:summary?bool.red.text=nonCompliant&amp;orion.sum.query=true&amp;bool.green.text=compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%224.8%22+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  73.   </query>
  74.   <query id="18">
  75.     <dictionary id="19"/>
  76.     <name>McAfee Agent Compliance History</name>
  77.     <description>Displays the percentage of systems (over time) in your environment which are compliant. Uses the &quot;McAfee Agent Compliance Summary&quot; query to determine compliance. The &quot;Generate Records for McAfee Compliance History Reporting&quot; server task is used to record the daily compliance percentage.</description>
  78.     <target>EpoComplianceHistory</target>
  79.     <table-uri>query:table?orion.table.columns=EpoComplianceHistory.ChartName%3AEpoComplianceHistory.TheTimestamp%3AEpoComplianceHistory.CountCompliant%3AEpoComplianceHistory.CountNonCompliant%3AEpoComplianceHistory.CountComputers%3AEpoComplianceHistory.PercentCompliant%3AEpoComplianceHistory.PercentNonCompliant&amp;orion.table.order=az&amp;orion.table.order.by=EpoComplianceHistory.ChartName%3AEpoComplianceHistory.TheTimestamp%3AEpoComplianceHistory.CountCompliant%3AEpoComplianceHistory.CountNonCompliant%3AEpoComplianceHistory.CountComputers%3AEpoComplianceHistory.PercentCompliant%3AEpoComplianceHistory.PercentNonCompliant</table-uri>
  80.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EpoComplianceHistory.TheTimestamp+31536000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+EpoComplianceHistory.ChartName+%22McAfee+Agent+Compliance+Summary%22+%29+%29</condition-uri>
  81.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EpoComplianceHistory&amp;orion.query.type=line.line&amp;line.title=EpoComplianceHistory.TheTimestamp&amp;orion.sum.group.by=EpoComplianceHistory.TheTimestamp&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=newest&amp;orion.sum.aggregation=avg&amp;orion.sum.aggregation.column=EpoComplianceHistory.PercentCompliant</summary-uri>
  82.   </query>
  83.   <query id="20">
  84.     <dictionary id="21"/>
  85.     <name>Multi-Server McAfee Agent Compliance Summary</name>
  86.     <description>Displays a Boolean pie chart of systems across all the registered servers which are compliant or noncompliant by version of McAfee Agent.</description>
  87.     <target>EpoRollup_Computers</target>
  88.     <table-uri>query:table?orion.table.columns=OrionRegisteredServers.Name%3AEpoRollup_Computers.NodeName%3AEpoRollup_Computers.FullPath%3AEPORollup_ProductPropertiesEPOAGENT.productversion&amp;orion.table.order=az&amp;orion.table.order.by=OrionRegisteredServers.Name%3AEpoRollup_Computers.NodeName%3AEpoRollup_Computers.FullPath%3AEPORollup_ProductPropertiesEPOAGENT.productversion</table-uri>
  89.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EpoRollup_Computers.LastUpdate+1209600000++%29+%29</condition-uri>
  90.     <summary-uri>query:summary?bool.red.text=nonCompliant&amp;orion.sum.query=true&amp;bool.green.text=compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+version_ge+EPORollup_ProductPropertiesEPOAGENT.productversion+%224.8%22+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  91.   </query>
  92.   <query id="22">
  93.     <dictionary id="23"/>
  94.     <name>Multi-Server McAfee Agent Compliance History</name>
  95.     <description>Displays the percentage of systems (over time) across all registered server which are compliant.</description>
  96.     <target>EpoRollup_ComplianceHistory</target>
  97.     <table-uri>query:table?orion.table.columns=OrionRegisteredServers.Name%3AEpoRollup_ComplianceHistory.TheTimestamp%3AEpoRollup_ComplianceHistory.CountComputers%3AEpoRollup_ComplianceHistory.CountCompliant%3AEpoRollup_ComplianceHistory.PercentCompliant%3AEpoRollup_ComplianceHistory.CountNonCompliant&amp;orion.table.order=az&amp;orion.table.order.by=OrionRegisteredServers.Name%3AEpoRollup_ComplianceHistory.TheTimestamp%3AEpoRollup_ComplianceHistory.CountComputers%3AEpoRollup_ComplianceHistory.CountCompliant%3AEpoRollup_ComplianceHistory.PercentCompliant%3AEpoRollup_ComplianceHistory.CountNonCompliant%3AEpoRollup_ComplianceHistory.PercentNonCompliant</table-uri>
  98.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EpoRollup_ComplianceHistory.TheTimestamp+31536000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+EpoRollup_ComplianceHistory.ChartName+%22McAfee+Agent+Compliance+Summary%22+%29+%29</condition-uri>
  99.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EpoRollup_ComplianceHistory&amp;orion.query.type=line.line&amp;line.title=EpoRollup_ComplianceHistory.TheTimestamp&amp;orion.sum.group.by=EpoRollup_ComplianceHistory.TheTimestamp&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=avg&amp;orion.sum.aggregation.column=EpoRollup_ComplianceHistory.PercentCompliant</summary-uri>
  100.   </query>
  101.   <query id="24">
  102.     <dictionary id="25"/>
  103.     <name>Repository Replication Trend for 2 Months</name>
  104.     <description>Shows a multi-line chart with the total number of successful and unsuccessful replications per week for the last 2 months.</description>
  105.     <target>OrionAuditLog</target>
  106.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
  107.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+OrionAuditLog.EndTime+5184000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+OrionAuditLog.CmdName+%22Repository+Replication%22+%29+%29</condition-uri>
  108.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=OrionAuditLog.Success%3AOrionAuditLog.EndTime&amp;orion.sum.order=az%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aweek&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  109.   </query>
  110.   <query id="26">
  111.     <dictionary id="27"/>
  112.     <name>Failed Login Attempts in Last 30 Days</name>
  113.     <description>Displays a list grouped by user of all failed login attempts in the last 30 days.</description>
  114.     <target>OrionAuditLog</target>
  115.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message</table-uri>
  116.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+OrionAuditLog.CmdName+%22Logon+attempt%22+%29+%28+eq+OrionAuditLog.Success+f+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
  117.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=OrionAuditLog.UserName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=OrionAuditLog.UserName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  118.   </query>
  119.   <query id="28">
  120.     <dictionary id="29"/>
  121.     <name>Failed User Actions in ePO Console within Last 30 Days</name>
  122.     <description>Displays a table of all failed actions within the last 30 days from the Audit Log.</description>
  123.     <target>OrionAuditLog</target>
  124.     <table-uri>query:table?orion.table.columns=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Message&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.StartTime%3AOrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Message</table-uri>
  125.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+OrionAuditLog.Success+f+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
  126.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  127.   </query>
  128.   <query id="30">
  129.     <dictionary id="31"/>
  130.     <name>Successful Login Attempts in Last 30 Days</name>
  131.     <description>Displays a list grouped by user of all successful login attempts in the last 30 days.</description>
  132.     <target>OrionAuditLog</target>
  133.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.StartTime%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success</table-uri>
  134.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%28+eq+OrionAuditLog.CmdName+%22Logon+attempt%22+%29+%28+eq+OrionAuditLog.Success+t+%29+%29+%29</condition-uri>
  135.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=OrionAuditLog.UserName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=OrionAuditLog.UserName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  136.   </query>
  137.   <query id="32">
  138.     <dictionary id="33"/>
  139.     <name>Server Configurations by User (30 days)</name>
  140.     <description>Displays a report grouped by user of all server configuration actions in the last 30 days as recorded in the Audit log.</description>
  141.     <target>OrionAuditLog</target>
  142.     <table-uri>query:table?orion.table.columns=OrionAuditLog.CmdName%3AOrionAuditLog.UserName%3AOrionAuditLog.Success%3AOrionAuditLog.Message%3AOrionAuditLog.StartTime&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.CmdName%3AOrionAuditLog.UserName%3AOrionAuditLog.Success%3AOrionAuditLog.Message%3AOrionAuditLog.StartTime</table-uri>
  143.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Add+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+License+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Backup+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Password%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Registered+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Create+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Download+Keystore+File%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+Agent+Handler+Assignment+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+event+filtering+settings%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Agent+Handler+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Public+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Agent+Handler+Rule%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Modify+server+ports%22+%29+%28+eq+OrionAuditLog.CmdName+%22New+Server%22+%29+%28+eq+OrionAuditLog.CmdName+%22Restore+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Set+master+key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Update+Server+Certificate%22+%29+%29+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%29+%29</condition-uri>
  144.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  145.   </query>
  146.   <query id="34">
  147.     <dictionary id="35"/>
  148.     <name>Software Configurations by user (30 days)</name>
  149.     <description>Displays a report grouped by user of all software configuration actions in the last 30 days as recorded in the Audit Log.</description>
  150.     <target>OrionAuditLog</target>
  151.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
  152.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Upload+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Uninstall+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Install+Extension%22+%29+%28+eq+OrionAuditLog.CmdName+%22Check-in+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Repository+Pull%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Edit+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Repository+Replication%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+credentials%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+repository%22+%29+%28+eq+OrionAuditLog.CmdName+%22Check+in+software+package%22+%29+%28+eq+OrionAuditLog.CmdName+%22Delete+Software+Package%22+%29+%29+%28+newerThan+OrionAuditLog.EndTime+2592000000++%29+%29+%29</condition-uri>
  153.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  154.   </query>
  155.   <query id="36">
  156.     <dictionary id="37"/>
  157.     <name>Configuration Changes by User (30 days)</name>
  158.     <description>Displays a report grouped by user of all actions considered configuration changes in the last 30 days as recorded in the Audit log.</description>
  159.     <target>OrionAuditLog</target>
  160.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime</table-uri>
  161.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionAuditLog.CmdName+%22Backup+Keystore%22+%29+%28+eq+OrionAuditLog.CmdName+%22Export+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Import+Key%22+%29+%28+eq+OrionAuditLog.CmdName+%22Add+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22Duplicate+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Permission+Set%22+%29+%28+eq+OrionAuditLog.CmdName+%22New+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Update+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Password%22+%29+%28+eq+OrionAuditLog.CmdName+%22Remove+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Change+Permission+Sets+for+User%22+%29+%28+eq+OrionAuditLog.CmdName+%22Purge+Audit+Log%22+%29+%28+eq+OrionAuditLog.CmdName+%22Purge+Threat+Event+Log%22+%29+%29+%28+newerThan+OrionAuditLog.StartTime+2592000000++%29+%29+%29</condition-uri>
  162.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=OrionAuditLog.UserName&amp;orion.sum.group.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  163.   </query>
  164.   <query id="38">
  165.     <dictionary id="39"/>
  166.     <name>Malware Detection History</name>
  167.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  168.     <target>EPOEvents</target>
  169.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  170.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  171.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  172.   </query>
  173.   <query id="40">
  174.     <dictionary id="41"/>
  175.     <name>Applied Policies for McAfee Agent</name>
  176.     <description>Displays a group summary table of all applied policies for McAfee agent grouped by category.</description>
  177.     <target>EPOAssignedPolicy</target>
  178.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags</table-uri>
  179.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOAssignedPolicy.FeatureTextID+%22EPOAGENTMETA%22+%29+%29</condition-uri>
  180.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.CategoryTextID&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  181.   </query>
  182.   <query id="42">
  183.     <dictionary id="43"/>
  184.     <name>Applied Policies by Policy Name</name>
  185.     <description>Displays a list of all applied policies and the number of times each policy has been applied.</description>
  186.     <target>EPOAssignedPolicy</target>
  187.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID%3AEPOAssignedPolicy.EditFlags</table-uri>
  188.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  189.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  190.   </query>
  191.   <query id="44">
  192.     <dictionary id="45"/>
  193.     <name>Systems with High Sequence Errors</name>
  194.     <description>Lists the systems with high sequence error counts.  This could indicate a duplicate agent GUID problem.</description>
  195.     <target>EPOLeafNode</target>
  196.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
  197.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
  198.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  199.   </query>
  200.   <query id="46">
  201.     <dictionary id="47"/>
  202.     <name>Systems with no Recent Sequence Errors</name>
  203.     <description>Lists the systems with sequence errors older than 1 week.  These systems probably do not have duplicate agent GUIDs and can have their error count reset.</description>
  204.     <target>EPOLeafNode</target>
  205.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName</table-uri>
  206.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.SequenceErrorCountLastUpdate+604800000++%29+%28+gt+EPOLeafNode.SequenceErrorCount+0++%29+%29+%29</condition-uri>
  207.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  208.   </query>
  209.   <query id="48">
  210.     <dictionary id="49"/>
  211.     <name>Unmanaged Systems</name>
  212.     <description>List all unmanaged systems.</description>
  213.     <target>EPOLeafNode</target>
  214.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.LastUpdate</table-uri>
  215.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
  216.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  217.   </query>
  218.   <query id="50">
  219.     <dictionary id="51"/>
  220.     <name>Software Manager Failed Installs</name>
  221.     <description>Lists all Software Manager failed installs.</description>
  222.     <target>OrionTaskLogTask</target>
  223.     <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource%3AOrionTaskLogTask.Duration&amp;orion.table.order=az&amp;orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource%3AOrionTaskLogTask.Duration</table-uri>
  224.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+OrionTaskLogTask.Status+1++%29+%28+eq+OrionTaskLogTask.Status+-1++%29+%29+%28+startsWith+OrionTaskLogTask.Name+%22Check+In+Components%22+%29+%28+eq+OrionTaskLogTask.TaskSource+%22softwareTaskSource%22+%29+%29+%29</condition-uri>
  225.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  226.   </query>
  227.   <query id="52">
  228.     <dictionary id="53"/>
  229.     <name>Policy Assignment Broken Inheritance</name>
  230.     <description>Lists all points of broken inheritance for policy assignments other than My Organization. </description>
  231.     <target>EPOBrokenInherintanceView</target>
  232.     <table-uri>query:table?orion.table.columns=EPOBrokenInherintanceView.nodetype2%3AEPOBrokenInherintanceView.nodetextpath%3AEPOBrokenInherintanceView.policyobjectid%3AEPOBrokenInherintanceView.editflags%3AEPOBrokenInherintanceView.PolicyDesc&amp;orion.table.order=az&amp;orion.table.order.by=EPOBrokenInherintanceView.nodetype2%3AEPOBrokenInherintanceView.nodetextpath%3AEPOBrokenInherintanceView.policyobjectid%3AEPOBrokenInherintanceView.editflags%3AEPOBrokenInherintanceView.PolicyDesc</table-uri>
  233.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  234.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBrokenInherintanceView.FeatureTextID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  235.   </query>
  236.   <query id="54">
  237.     <dictionary id="55"/>
  238.     <name>Applied Client Tasks</name>
  239.     <description>List all applied client tasks grouped by product.</description>
  240.     <target>EPOTaskAppliedTasks</target>
  241.     <table-uri>query:table?orion.table.columns=EPOTaskAppliedTasks.ProductCode%3AEPOTaskAppliedTasks.Name%3AEPOTaskAppliedTasks.ServerId%3AEPOTaskAppliedTasks.NodeTxtPath%3AEPOTaskAppliedTasks.TagAssigned%3AEPOTaskAppliedTasks.Description&amp;orion.table.order=az&amp;orion.table.order.by=EPOTaskAppliedTasks.ProductCode%3AEPOTaskAppliedTasks.Name%3AEPOTaskAppliedTasks.ServerId%3AEPOTaskAppliedTasks.NodeTxtPath%3AEPOTaskAppliedTasks.TagAssigned%3AEPOTaskAppliedTasks.Description</table-uri>
  242.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=</condition-uri>
  243.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOTaskAppliedTasks.ProductCode&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  244.   </query>
  245.   <query id="56">
  246.     <dictionary id="57"/>
  247.     <name>Client Task Assignment Broken Inheritance</name>
  248.     <description>Lists all points in the tree where client task assignment inheritance has been broken, grouped by task name.</description>
  249.     <target>EPOTaskBrokenInheritAssignments</target>
  250.     <table-uri>query:table?orion.table.columns=EPOTaskBrokenInheritAssignments.Name%3AEPOTaskBrokenInheritAssignments.TaskTypeId%3AEPOTaskBrokenInheritAssignments.ProductCode%3AEPOTaskBrokenInheritAssignments.NodeType%3AEPOTaskBrokenInheritAssignments.NodeTxtPath%3AEPOTaskBrokenInheritAssignments.InhRootTxtPath%3AEPOTaskBrokenInheritAssignments.ServerId&amp;orion.table.order=az&amp;orion.table.order.by=EPOTaskBrokenInheritAssignments.Name%3AEPOTaskBrokenInheritAssignments.TaskTypeId%3AEPOTaskBrokenInheritAssignments.ProductCode%3AEPOTaskBrokenInheritAssignments.NodeType%3AEPOTaskBrokenInheritAssignments.NodeTxtPath%3AEPOTaskBrokenInheritAssignments.InhRootTxtPath%3AEPOTaskBrokenInheritAssignments.ServerId</table-uri>
  251.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  252.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOTaskBrokenInheritAssignments.Name&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  253.   </query>
  254.   <query id="58">
  255.     <dictionary id="59"/>
  256.     <name>Agent Versions Summary</name>
  257.     <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  258.     <target>EPOLeafNode</target>
  259.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  260.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  261.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  262.   </query>
  263.   <query id="60">
  264.     <dictionary id="61"/>
  265.     <name>Agent Communication Summary</name>
  266.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  267.     <target>EPOLeafNode</target>
  268.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  269.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  270.     <summary-uri>query:summary?bool.red.text=agent.comm.nonCompliant&amp;orion.sum.query=true&amp;bool.green.text=agent.comm.compliant&amp;orion.query.type=pie.bool&amp;bool.show.criteria=false&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+86400000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  271.   </query>
  272.   <query id="62">
  273.     <dictionary id="63"/>
  274.     <name>Managed Nodes Having Point Product Policy Enforcement Failures</name>
  275.     <description>Displays a single group bar chart showing all managed nodes where policy enforcement is failing for at least one of the point products.</description>
  276.     <target>EPOProductEvents</target>
  277.     <table-uri>query:table?orion.table.columns=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID</table-uri>
  278.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+MAEnforcementStatusView.pestatus+0++%29+%28+eq+EPOProductEvents.TVDEventID+2422++%29+%29+%29</condition-uri>
  279.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=year&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  280.   </query>
  281.   <query id="64">
  282.     <dictionary id="65"/>
  283.     <name>Managed Nodes Having Point Product Property Collection Failures</name>
  284.     <description>Displays a single group bar chart showing all managed nodes where property collection is failing for at least one of the point products.</description>
  285.     <target>EPOProductEvents</target>
  286.     <table-uri>query:table?orion.table.columns=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.HostName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.TVDEventID%3AEPOProductEvents.Error%3AEPOProductEvents.InitiatorID</table-uri>
  287.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+MAEnforcementStatusView.pcstatus+0++%29+%28+eq+EPOProductEvents.TVDEventID+2427++%29+%29+%29</condition-uri>
  288.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=year&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  289.   </query>
  290.   <query id="66">
  291.     <dictionary id="67"/>
  292.     <name>Repository Usage Based On DAT and Engine Pulling</name>
  293.     <description>Displays the amount of DAT and Engine pulling per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.</description>
  294.     <target>EPOProductEvents</target>
  295.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  296.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%28+eq+EPOProductEvents.Type+%22Engine%22+%29+%29+%29</condition-uri>
  297.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.Type&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  298.   </query>
  299.   <query id="68">
  300.     <dictionary id="69"/>
  301.     <name>Repositories and Percentage Utilization</name>
  302.     <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.</description>
  303.     <target>EPOProductEvents</target>
  304.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  305.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
  306.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  307.   </query>
  308.   <query id="70">
  309.     <dictionary id="71"/>
  310.     <name>Endpoint Security Web Control: Compliance Status</name>
  311.     <description>This is the Web Control Compliance Status Report.</description>
  312.     <target>WP_CustomProps</target>
  313.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AWP_CustomProps.WPbComplianceStatus%3AWP_CustomProps.WPComplianceStatus%3AWP_CustomProps.WPAdditionalComplianceStatus%3AEPOProdPropsView_WEBCONTROL.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AWP_CustomProps.WPbComplianceStatus%3AWP_CustomProps.WPComplianceStatus%3AWP_CustomProps.WPAdditionalComplianceStatus%3AEPOProdPropsView_WEBCONTROL.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  314.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  315.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+WP_CustomProps.WPbComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  316.   </query>
  317.   <query id="72">
  318.     <dictionary id="73"/>
  319.     <name>Endpoint Security Web Control: Web Content Categories that Caused the Most Infections in the Last 7 Days</name>
  320.     <description>This report lists the Web Content Categories with the most infections in the last 7 days</description>
  321.     <target>WP_EventInfo</target>
  322.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AEPOEvents.ThreatEventID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AEPOEvents.SourceUserName%3AWP_EventInfo.ActionID&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  323.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  324.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=WP_EventInfo.ContentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  325.   </query>
  326.   <query id="74">
  327.     <dictionary id="75"/>
  328.     <name>Endpoint Security Web Control: Hotfixes Installed</name>
  329.     <description>Displays the hotfixes installed for Web Control.</description>
  330.     <target>WP_CustomProps</target>
  331.     <table-uri>query:table?orion.table.columns=WP_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=WP_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
  332.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+WP_CustomProps.Hotfixes+%29+%29</condition-uri>
  333.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=WP_CustomProps.Hotfixes&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  334.   </query>
  335.   <query id="76">
  336.     <dictionary id="77"/>
  337.     <name>Endpoint Security Web Control: Visits by Rating</name>
  338.     <description>Pie chart depicting number of visits over the last 30 days, grouped by site rating.</description>
  339.     <target>WP_EventInfo</target>
  340.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  341.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  342.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=WP_EventInfo.RatingID&amp;orion.query.type=pie.pie&amp;orion.sum.group.by=WP_EventInfo.RatingID&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  343.   </query>
  344.   <query id="78">
  345.     <dictionary id="79"/>
  346.     <name>Endpoint Security Web Control: Visits by Content</name>
  347.     <description>Pie chart depicting number of visits over the last 30 days, grouped by site content.</description>
  348.     <target>WP_EventInfo</target>
  349.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  350.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  351.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=WP_EventInfo.ContentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  352.   </query>
  353.   <query id="80">
  354.     <dictionary id="81"/>
  355.     <name>Endpoint Security Web Control: Downloads by Rating</name>
  356.     <description>Pie chart depicting number of downloads over the last 30 days, grouped by file rating.</description>
  357.     <target>WP_EventInfo</target>
  358.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  359.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%29+%29</condition-uri>
  360.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=WP_EventInfo.RatingID&amp;orion.query.type=pie.pie&amp;orion.sum.group.by=WP_EventInfo.RatingID&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  361.   </query>
  362.   <query id="82">
  363.     <dictionary id="83"/>
  364.     <name>Endpoint Security Web Control: Top 100 Visited Red Sites</name>
  365.     <description>Top 100 red sites visited over the last 30 days.</description>
  366.     <target>WP_EventInfo</target>
  367.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  368.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  369.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  370.   </query>
  371.   <query id="84">
  372.     <dictionary id="85"/>
  373.     <name>Endpoint Security Web Control: Top 100 Visited Yellow Sites</name>
  374.     <description>Top 100 yellow sites visited over the last 30 days.</description>
  375.     <target>WP_EventInfo</target>
  376.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  377.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  378.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  379.   </query>
  380.   <query id="86">
  381.     <dictionary id="87"/>
  382.     <name>Endpoint Security Web Control: Top 100 Visited Unrated Sites</name>
  383.     <description>Top 100 unrated sites visited over the last 30 days.</description>
  384.     <target>WP_EventInfo</target>
  385.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  386.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+6++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  387.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  388.   </query>
  389.   <query id="88">
  390.     <dictionary id="89"/>
  391.     <name>Product Deployment in the Last 24 Hours</name>
  392.     <description>Displays a Boolean pie chart of all product deployments in the last 24 hours. Successful deployments are shown in green.</description>
  393.     <target>EPOProductEvents</target>
  394.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  395.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOProductEvents.TVDEventID+2411++%29+%28+eq+EPOProductEvents.TVDEventID+2412++%29+%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  396.     <summary-uri>query:summary?bool.red.text=failedDeployments&amp;orion.sum.query=true&amp;bool.green.text=deployments&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPOProductEvents.TVDEventID+2411++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  397.   </query>
  398.   <query id="90">
  399.     <dictionary id="91"/>
  400.     <name>Agent Uninstalls Attempted in the Last 7 Days</name>
  401.     <description>Displays a single line chart grouped by day of all Agent uninstall client events in the last 7 days.</description>
  402.     <target>EPOProductEvents</target>
  403.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.UserName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.UserName%3AEPOLeafNode.NodeName%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.DetectedUTC</table-uri>
  404.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+EPOProductEvents.TVDEventID+2413++%29+%29</condition-uri>
  405.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  406.   </query>
  407.   <query id="92">
  408.     <dictionary id="93"/>
  409.     <name>Failed Product Deployment in the Last 24 Hours</name>
  410.     <description>Displays a bar chart grouped by hour all the failed product deployments in the last 24 hours.</description>
  411.     <target>EPOProductEvents</target>
  412.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  413.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+2412++%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  414.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  415.   </query>
  416.   <query id="94">
  417.     <dictionary id="95"/>
  418.     <name>Failed Product Updates in the Last 24 Hours</name>
  419.     <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
  420.     <target>EPOProductEvents</target>
  421.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  422.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+2402++%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  423.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  424.   </query>
  425.   <query id="96">
  426.     <dictionary id="97"/>
  427.     <name>Product Updates in the Last 24 Hours</name>
  428.     <description>Displays a Boolean pie chart of all product updates in the last 24 hours. Successful updates are shown in green.</description>
  429.     <target>EPOProductEvents</target>
  430.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  431.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOProductEvents.TVDEventID+2401++%29+%28+eq+EPOProductEvents.TVDEventID+2402++%29+%29+%28+newerThan+EPOProductEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  432.     <summary-uri>query:summary?bool.red.text=failedUpdates&amp;orion.sum.query=true&amp;bool.green.text=updates&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPOProductEvents.TVDEventID+2401++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  433.   </query>
  434.   <query id="98">
  435.     <dictionary id="99"/>
  436.     <name>Distributed Repository Status</name>
  437.     <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
  438.     <target>EPORepositoryStatus</target>
  439.     <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&amp;orion.table.order=az&amp;orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
  440.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
  441.     <summary-uri>query:summary?bool.red.text=failure&amp;orion.query.type=pie.bool&amp;bool.green.text=success&amp;bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  442.   </query>
  443.   <query id="100">
  444.     <dictionary id="101"/>
  445.     <name>New Agents Added to ePO per Week</name>
  446.     <description>Great query during a rollout or tracking the number of new agents showing up in ePO on daily, weekly or monthly basis.</description>
  447.     <target>OrionAuditLog</target>
  448.     <table-uri>query:table?orion.table.columns=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message&amp;orion.table.order=az&amp;orion.table.order.by=OrionAuditLog.UserName%3AOrionAuditLog.CmdName%3AOrionAuditLog.Success%3AOrionAuditLog.StartTime%3AOrionAuditLog.Message</table-uri>
  449.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+OrionAuditLog.EndTime+%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+OrionAuditLog.CmdName+%22New+system%22+%29+%29</condition-uri>
  450.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=OrionAuditLog.EndTime&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  451.   </query>
  452.   <query id="102">
  453.     <dictionary id="103"/>
  454.     <name>Most Numerous Threat Event Descriptions</name>
  455.     <description>Shows the most numerous threat events found.</description>
  456.     <target>EPOEvents</target>
  457.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  458.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  459.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=30&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  460.   </query>
  461.   <query id="104">
  462.     <dictionary id="105"/>
  463.     <name>Threat Events by System Tree Group</name>
  464.     <description>This is a breakdown of threat events by where they reside in the system tree. The goal is to show an admin what groups are being hit with malware more than others are. This can help pinpoint where an organization needs to improve their security strategy.</description>
  465.     <target>EPOEvents</target>
  466.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  467.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29</condition-uri>
  468.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  469.   </query>
  470.   <query id="106">
  471.     <dictionary id="107"/>
  472.     <name>Threat Event Descriptions in the Last 24 Hours</name>
  473.     <description>Groups, totals, and charts the number of different threat events that occurred in the last 24 hours.</description>
  474.     <target>EPOEvents</target>
  475.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  476.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  477.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  478.   </query>
  479.   <query id="108">
  480.     <dictionary id="109"/>
  481.     <name>Threat Events in the Last 2 Weeks</name>
  482.     <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
  483.     <target>EPOEvents</target>
  484.     <table-uri>query:table?orion.table.columns=EPOEvents.ReceivedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ReceivedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  485.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.ReceivedUTC+1209600000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29</condition-uri>
  486.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.ReceivedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  487.   </query>
  488.   <query id="110">
  489.     <dictionary id="111"/>
  490.     <name>Product Update Successes and Failures Trend for the last 2 Months</name>
  491.     <description>Shows multi-line chart of the total number of product updates successes and failures on a weekly basis for the last 2 months.</description>
  492.     <target>EPOProductEvents</target>
  493.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  494.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOProductEvents.DetectedUTC+5184000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOProductEvents.TVDEventID+2402++2401++%29+%29</condition-uri>
  495.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.DetectedUTC&amp;orion.sum.order=az%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aweek&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  496.   </query>
  497.   <query id="112">
  498.     <dictionary id="113"/>
  499.     <name>Inactive Agents</name>
  500.     <description>McAfee Agents that have not communicated with the McAfee ePO server in the last 30 days.</description>
  501.     <target>EPOLeafNode</target>
  502.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
  503.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
  504.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  505.   </query>
  506.   <query id="114">
  507.     <dictionary id="115"/>
  508.     <name>Systems per Agent Handler</name>
  509.     <description>Displays a pie chart of managed systems each slice representing an Agent Handler.</description>
  510.     <target>EPOLeafNode</target>
  511.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
  512.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
  513.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=&amp;orion.sum.group.by=EPOAgentHandlers.DNSName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  514.   </query>
  515.   <query id="116">
  516.     <dictionary id="117"/>
  517.     <name>Agent Handler Status</name>
  518.     <description>Agent handler communication status within the last hour.</description>
  519.     <target>EPOAgentHandlers</target>
  520.     <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
  521.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  522.     <summary-uri>query:summary?bool.red.text=nonCompliant&amp;orion.sum.query=true&amp;bool.green.text=compliant&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  523.   </query>
  524.   <query id="118">
  525.     <dictionary id="119"/>
  526.     <name>Endpoint Security Web Control: Top 100 Blocked Red Sites</name>
  527.     <description>Top 100 red sites that were blocked over the last 30 days.</description>
  528.     <target>WP_EventInfo</target>
  529.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  530.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  531.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  532.   </query>
  533.   <query id="120">
  534.     <dictionary id="121"/>
  535.     <name>Endpoint Security Web Control: Top 100 Warned-Continued Sites</name>
  536.     <description>Top 100 sites that were warned-continued over the last 30 days.</description>
  537.     <target>WP_EventInfo</target>
  538.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  539.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  540.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  541.   </query>
  542.   <query id="122">
  543.     <dictionary id="123"/>
  544.     <name>Endpoint Security Web Control: Top 100 Blocked Sites</name>
  545.     <description>Top 100 sites that were blocked over the last 30 days.</description>
  546.     <target>WP_EventInfo</target>
  547.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  548.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  549.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  550.   </query>
  551.   <query id="124">
  552.     <dictionary id="125"/>
  553.     <name>Endpoint Security Web Control: Visit Log</name>
  554.     <description>Detailed event log of site navigation activity over the last 30 days.</description>
  555.     <target>WP_EventInfo</target>
  556.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  557.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  558.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  559.   </query>
  560.   <query id="126">
  561.     <dictionary id="127"/>
  562.     <name>Endpoint Security Web Control: Downloads by Action</name>
  563.     <description>Bar chart depicting number of downloads over the last 30 days, grouped by policy-based action.</description>
  564.     <target>WP_EventInfo</target>
  565.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count</table-uri>
  566.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  567.     <summary-uri>query:summary?bar.title=WP_EventInfo.ActionID&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=WP_EventInfo.ActionID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  568.   </query>
  569.   <query id="128">
  570.     <dictionary id="129"/>
  571.     <name>Endpoint Security: Installation Status Report</name>
  572.     <description>This is a stacked bar chart of multiple modules and their installation status</description>
  573.     <target>EndpointInstallationStatus_View</target>
  574.     <table-uri>query:table?orion.table.columns=EndpointInstallationStatus_View.ProductVersion%3AEndpointInstallationStatus_View.FamilyDispName%3AEPOLeafNode.os%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6&amp;orion.table.order=az&amp;orion.table.order.by=EndpointInstallationStatus_View.ProductVersion%3AEndpointInstallationStatus_View.FamilyDispName%3AEPOLeafNode.os%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6</table-uri>
  575.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  576.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EndpointInstallationStatus_View.FamilyDispName%3AEndpointInstallationStatus_View.ProductVersion&amp;orion.sum.order=asc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  577.   </query>
  578.   <query id="130">
  579.     <dictionary id="131"/>
  580.     <name>Endpoint Security: Threats Detected in the Last 24 Hours</name>
  581.     <description>The number of threat events in the last twenty-four hours.</description>
  582.     <target>EPOEvents</target>
  583.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
  584.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  585.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  586.   </query>
  587.   <query id="132">
  588.     <dictionary id="133"/>
  589.     <name>Endpoint Security: Threats Detected in the Last 7 Days</name>
  590.     <description>The number of threat events in the last seven days.</description>
  591.     <target>EPOEvents</target>
  592.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
  593.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  594.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  595.   </query>
  596.   <query id="134">
  597.     <dictionary id="135"/>
  598.     <name>Endpoint Security: Summary of Threats Detected in the Last 24 Hours</name>
  599.     <description>Summary of threats that have been detected in the last 24 hours.</description>
  600.     <target>EPOEvents</target>
  601.     <table-uri>query:table?orion.table.columns=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV6%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.DetectedUTC%3AEPOEvents.TargetProcessName%3AEPOEvents.AnalyzerDetectionMethod%3AEPExtendedEvent.AMCoreContentVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
  602.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  603.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.ThreatName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=az&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  604.   </query>
  605.   <query id="136">
  606.     <dictionary id="137"/>
  607.     <name>Endpoint Security: Summary of Threats Detected in the Last 7 Days</name>
  608.     <description>Summary of threats that have been detected in the last seven days.</description>
  609.     <target>EPOEvents</target>
  610.     <table-uri>query:table?orion.table.columns=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV6%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.DetectedUTC%3AEPOEvents.TargetProcessName%3AEPOEvents.AnalyzerDetectionMethod%3AEPExtendedEvent.AMCoreContentVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPExtendedEvent.AMCoreContentVersion</table-uri>
  611.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  612.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.ThreatName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=az&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  613.   </query>
  614.   <query id="138">
  615.     <dictionary id="139"/>
  616.     <name>Endpoint Security: Primary Vectors of Attack in the Last 7 Days</name>
  617.     <description>This report lists the Primary Vectors of Attack in the last 7 days.</description>
  618.     <target>EPExtendedEvent</target>
  619.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
  620.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  621.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPExtendedEvent.AttackVectorType&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  622.   </query>
  623.   <query id="140">
  624.     <dictionary id="141"/>
  625.     <name>Endpoint Security: Top Infected Users in the Last 7 Days</name>
  626.     <description>This report lists the Top Infected Users in the Last 7 Days</description>
  627.     <target>EPExtendedEvent</target>
  628.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOComputerProperties.ComputerName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOComputerProperties.ComputerName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
  629.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  630.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  631.   </query>
  632.   <query id="142">
  633.     <dictionary id="143"/>
  634.     <name>Endpoint Security: Top Threats in the Last 48 Hours</name>
  635.     <description>This report lists the Top Threats in the Last 48 Hours</description>
  636.     <target>EPExtendedEvent</target>
  637.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=az&amp;amp%3Borion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPExtendedEvent.AttackVectorType%3AEPOEvents.AnalyzerDetectionMethod&amp;amp%3Borion.table.order=az</table-uri>
  638.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%29&amp;orion.condition.sexp=%28+where+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29</condition-uri>
  639.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.DetectedUTC&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=5&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Ahour&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  640.   </query>
  641.   <query id="144">
  642.     <dictionary id="145"/>
  643.     <name>Endpoint Security: Duration before Detection on Endpoints in the Last 2 Weeks</name>
  644.     <description>This report lists the Duration before Detection on Endpoints in the Last 2 Weeks</description>
  645.     <target>EPExtendedEvent</target>
  646.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPExtendedEvent.SourceModifyTime%3AEPExtendedEvent.DurationBeforeDetection%3AEPOEvents.ThreatName%3AEPOEvents.ThreatSeverity%3AEPExtendedEvent.ThreatImpact%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPExtendedEvent.DurationBeforeDetection%3AEPOEvents.ThreatName%3AEPOEvents.ThreatSeverity%3AEPExtendedEvent.ThreatImpact%3AEPOLeafNode.NodeName%3AEPOEvents.SourceUserName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerName</table-uri>
  647.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  648.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPExtendedEvent.DurationBeforeDetection&amp;orion.sum.order=az&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  649.   </query>
  650.   <query id="146">
  651.     <dictionary id="147"/>
  652.     <name>Endpoint Security: Top 10 Attacking Systems in the Last 7 Days</name>
  653.     <description>This report lists the top 10 attacking systems in the last 7 days</description>
  654.     <target>EPExtendedEvent</target>
  655.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetIPV6%3AEPExtendedEvent.TargetDeviceDisplayName%3AEPOEvents.TargetMAC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceIPV6%3AEPExtendedEvent.SourceDeviceDisplayName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetIPV6%3AEPExtendedEvent.TargetDeviceDisplayName%3AEPOEvents.TargetMAC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceIPV6%3AEPExtendedEvent.SourceDeviceDisplayName</table-uri>
  656.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%28+not_isBlank+EPOEvents.ThreatType+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  657.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.SourceIPV6&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  658.   </query>
  659.   <query id="148">
  660.     <dictionary id="149"/>
  661.     <name>Endpoint Security: Currently Enabled Technology</name>
  662.     <description>This report lists the technologies that are currently enabled on each system</description>
  663.     <target>AM_EndpointTechnologyStatus_View</target>
  664.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOComputerProperties.ComputerName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOComputerProperties.ComputerName</table-uri>
  665.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  666.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=AM_EndpointTechnologyStatus_View.TechnologyType%3AAM_EndpointTechnologyStatus_View.Enabled&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  667.   </query>
  668.   <query id="150">
  669.     <dictionary id="151"/>
  670.     <name>Endpoint Security: Self Protection Compliance Status</name>
  671.     <description>This is the Self Protection Compliance Status Report.</description>
  672.     <target>GS_CustomProps</target>
  673.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AGS_CustomProps.SPbComplianceStatus%3AGS_CustomProps.SPComplianceStatus%3AGS_CustomProps.SPAdditionalComplianceStatus%3AEPOProdPropsView_ENDPOINTSECURITYPLATFORM.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AGS_CustomProps.SPbComplianceStatus%3AGS_CustomProps.SPComplianceStatus%3AGS_CustomProps.SPAdditionalComplianceStatus%3AEPOProdPropsView_ENDPOINTSECURITYPLATFORM.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  674.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  675.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+GS_CustomProps.SPbComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  676.   </query>
  677.   <query id="152">
  678.     <dictionary id="153"/>
  679.     <name>Endpoint Security: Policy Compliance by Computer Name</name>
  680.     <description>Displays two lists of computers which do and do not have the latest policies applied.</description>
  681.     <target>EPOAssignedPolicy</target>
  682.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID</table-uri>
  683.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_GS_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_FW_META_FW%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_WP_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1050%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1060%22+%29+%29+%29</condition-uri>
  684.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.NodeName&amp;orion.sum.order=az%3Aaz&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  685.   </query>
  686.   <query id="154">
  687.     <dictionary id="155"/>
  688.     <name>Endpoint Security: Policy Compliance by Policy Name</name>
  689.     <description>Displays a boolean pie chart showing which policies have and have not been updated on the clients.</description>
  690.     <target>EPOAssignedPolicy</target>
  691.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.FeatureTextID%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.upToDate%3AEPOAssignedPolicy.Origin%3AEPOAssignedPolicy.PolicyDesc%3AEPOAssignedPolicy.UserName%3AEPOAssignedPolicy.EditFlags%3AEPOAssignedPolicy.ServerID</table-uri>
  692.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_GS_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_FW_META_FW%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_WP_1000%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1050%22+%29+%28+eq+EPOAssignedPolicy.FeatureTextID+%22ENDP_AM_1060%22+%29+%29+%29</condition-uri>
  693.     <summary-uri>query:summary?bool.red.text=oldpolicyapplied&amp;orion.sum.query=true&amp;bool.green.text=latestpolicyapplied&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPOAssignedPolicy.upToDate+t+%29+%29&amp;show.percentage=true&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=EPOAssignedPolicy.NodeName&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  694.   </query>
  695.   <query id="156">
  696.     <dictionary id="157"/>
  697.     <name>Endpoint Security Platform: Hotfixes Installed</name>
  698.     <description>Displays the hotfixes installed for Endpoint Security Platform.</description>
  699.     <target>GS_CustomProps</target>
  700.     <table-uri>query:table?orion.table.columns=GS_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=GS_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
  701.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+GS_CustomProps.Hotfixes+%29+%29</condition-uri>
  702.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=GS_CustomProps.Hotfixes&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  703.   </query>
  704.   <query id="158">
  705.     <dictionary id="159"/>
  706.     <name>Endpoint Security Firewall: Intrusion events in the last 24 hours</name>
  707.     <description>The number of intrusion events in the last twenty-four hours.</description>
  708.     <target>EPOEvents</target>
  709.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
  710.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.ThreatEventID+35001++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&amp;orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
  711.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  712.   </query>
  713.   <query id="160">
  714.     <dictionary id="161"/>
  715.     <name>Endpoint Security Firewall: Events in the last 24 hours</name>
  716.     <description>The number of firewall events in the last twenty-four hours.</description>
  717.     <target>EPOEvents</target>
  718.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
  719.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+in+EPOEvents.ThreatEventID+35000++35001++35002++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&amp;orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
  720.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  721.   </query>
  722.   <query id="162">
  723.     <dictionary id="163"/>
  724.     <name>Endpoint Security Firewall: Events from McAfee GTI in the last 6 months</name>
  725.     <description>Endpoint Security Firewall: Displays events generated by system within McAfee GTI in the last 6 months.</description>
  726.     <target>EPExtendedEvent</target>
  727.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
  728.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPExtendedEvent.AnalyzerGTIQuery+t+%29+%28+eq+EPExtendedEvent.BladeName+%22IDS_BLADE_NAME_FW%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29</condition-uri>
  729.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  730.   </query>
  731.   <query id="164">
  732.     <dictionary id="165"/>
  733.     <name>Endpoint Security Firewall: Traffic block events in the last 24 hours</name>
  734.     <description>The number of traffic block events in the last twenty-four hours.</description>
  735.     <target>EPOEvents</target>
  736.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.ThreatName%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate</table-uri>
  737.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.ThreatEventID+35002++%29+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Firewall%22+%29+%29+%29&amp;orion.required.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29</condition-uri>
  738.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  739.   </query>
  740.   <query id="166">
  741.     <dictionary id="167"/>
  742.     <name>Endpoint Security Firewall: Status</name>
  743.     <description>Endpoint Security Firewall Status</description>
  744.     <target>FW_CustomProps</target>
  745.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AFW_CustomProps.FWStatus%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.FWMode&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AFW_CustomProps.FWStatus%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.FWMode</table-uri>
  746.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  747.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=FW_CustomProps.FWStatus&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  748.   </query>
  749.   <query id="168">
  750.     <dictionary id="169"/>
  751.     <name>Endpoint Security Firewall: Compliance Status</name>
  752.     <description>Displays where Firewall protection is enabled or disabled on managed systems.</description>
  753.     <target>FW_CustomProps</target>
  754.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.ComplianceReason%3AFW_CustomProps.AdditionalComplianceReason%3AEPOProdPropsView_FIREWALL.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AFW_CustomProps.ComplianceStatus%3AFW_CustomProps.ComplianceReason%3AFW_CustomProps.AdditionalComplianceReason%3AEPOProdPropsView_FIREWALL.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  755.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  756.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+FW_CustomProps.ComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  757.   </query>
  758.   <query id="170">
  759.     <dictionary id="171"/>
  760.     <name>Endpoint Security Firewall: Count of Firewall Client Rules</name>
  761.     <description>Displays the number of Firewall client rules created over time.</description>
  762.     <target>FW_Rule</target>
  763.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_Rule.name%3AFW_Rule.enabled%3AFW_Rule.direction%3AFW_Rule.transportProtocol&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_Rule.name%3AFW_Rule.enabled%3AFW_Rule.direction%3AFW_Rule.transportProtocol</table-uri>
  764.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+FW_Rule.lastModified+%29+%29&amp;orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
  765.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=FW_Rule.lastModified&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  766.   </query>
  767.   <query id="172">
  768.     <dictionary id="173"/>
  769.     <name>Endpoint Security Firewall: Client Rules By Process/Port Range</name>
  770.     <description>Displays firewall client rules listed by process and port range.</description>
  771.     <target>FW_Rule</target>
  772.     <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_Rule.name%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeSignername&amp;orion.table.order=az&amp;orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_Rule.name%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeSignername</table-uri>
  773.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
  774.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=FW_Rule.name%3AFW_Rule.localServiceList&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  775.   </query>
  776.   <query id="174">
  777.     <dictionary id="175"/>
  778.     <name>Endpoint Security Firewall: Client Rules By Process/User</name>
  779.     <description>Displays firewall client rules listed by process and user.</description>
  780.     <target>FW_Rule</target>
  781.     <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion&amp;orion.table.order=az&amp;orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion</table-uri>
  782.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
  783.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.UserName%3AFW_ClientRuleExecutableView.ExeName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  784.   </query>
  785.   <query id="176">
  786.     <dictionary id="177"/>
  787.     <name>Endpoint Security Firewall: Client Rules By Process</name>
  788.     <description>Displays firewall client rules listed by process.</description>
  789.     <target>FW_Rule</target>
  790.     <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeName&amp;orion.table.order=az&amp;orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion%3AFW_ClientRuleExecutableView.ExeName</table-uri>
  791.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
  792.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=FW_ClientRuleExecutableView.ExeName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  793.   </query>
  794.   <query id="178">
  795.     <dictionary id="179"/>
  796.     <name>Endpoint Security Firewall: Client Rules By Protocol/System Name</name>
  797.     <description>Displays firewall client rules listed by protocol and system name.</description>
  798.     <target>FW_Rule</target>
  799.     <table-uri>query:table?orion.table.columns=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion&amp;orion.table.order=az&amp;orion.table.order.by=FW_Rule.enabled%3AFW_Rule.action%3AFW_Rule.direction%3AFW_ClientRuleExecutableView.ExeName%3AFW_ClientRuleExecutableView.ExeFilename%3AFW_ClientRuleExecutableView.ExeFingerprint%3AFW_ClientRuleExecutableView.ExeSignername%3AFW_Rule.transportProtocol%3AFW_Rule.localServiceList%3AFW_Rule.remoteServiceList%3AFW_Rule.trafficLogged%3AFW_Rule.intrusion</table-uri>
  800.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+ge+FW_Rule.leafNodeId+1++%29+%29</condition-uri>
  801.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=FW_Rule.transportProtocol%3AEPOComputerProperties.ComputerName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  802.   </query>
  803.   <query id="180">
  804.     <dictionary id="181"/>
  805.     <name>Endpoint Security Firewall: Errors</name>
  806.     <description>Displays managed systems where the Firewall feature is enabled by policy but didn&apos;t start successfully.</description>
  807.     <target>FW_CustomProps</target>
  808.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_CustomProps.FWStatus%3AFW_CustomProps.FWFault%3AFW_CustomProps.ProductVer&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AFW_CustomProps.FWStatus%3AFW_CustomProps.FWFault%3AFW_CustomProps.ProductVer</table-uri>
  809.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+FW_CustomProps.FWStatus+1++%29+%29</condition-uri>
  810.     <summary-uri>query:summary?bool.red.text=Query.FWDisabled&amp;orion.sum.query=true&amp;bool.green.text=Query.FWEnabled&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+FW_CustomProps.FWFault+0++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  811.   </query>
  812.   <query id="182">
  813.     <dictionary id="183"/>
  814.     <name>Endpoint Security Firewall: Hotfixes Installed</name>
  815.     <description>Displays the hotfixes installed for Firewall.</description>
  816.     <target>FW_CustomProps</target>
  817.     <table-uri>query:table?orion.table.columns=FW_CustomProps.Hotfix%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=FW_CustomProps.Hotfix%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
  818.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+FW_CustomProps.Hotfix+%29+%29</condition-uri>
  819.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=FW_CustomProps.Hotfix&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  820.   </query>
  821.   <query id="184">
  822.     <dictionary id="185"/>
  823.     <name>Endpoint Security Web Control: Top 100 Sites on Block List</name>
  824.     <description>Top 100 sites blocked because of Block List policy over the last 30 days.</description>
  825.     <target>WP_EventInfo</target>
  826.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  827.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+3++%29+%28+eq+WP_EventInfo.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  828.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  829.   </query>
  830.   <query id="186">
  831.     <dictionary id="187"/>
  832.     <name>Endpoint Security Web Control: Top 100 Sites on Allow List</name>
  833.     <description>Top 100 sites allowed because of Allow List policy over the last 30 days.</description>
  834.     <target>WP_EventInfo</target>
  835.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  836.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  837.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  838.   </query>
  839.   <query id="188">
  840.     <dictionary id="189"/>
  841.     <name>Endpoint Security Web Control: Top 100 Red Sites on Allow List</name>
  842.     <description>Top 100 red sites allowed because of Allow List policy over the last 30 days.</description>
  843.     <target>WP_EventInfo</target>
  844.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  845.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%29+%28+eq+WP_EventInfo.ReasonID+2++%29+%28+eq+WP_EventInfo.ListID+2++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  846.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  847.   </query>
  848.   <query id="190">
  849.     <dictionary id="191"/>
  850.     <name>Endpoint Security Web Control: Download Log</name>
  851.     <description>Detailed event log of download activity over the last 30 days.</description>
  852.     <target>WP_EventInfo</target>
  853.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  854.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  855.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  856.   </query>
  857.   <query id="192">
  858.     <dictionary id="193"/>
  859.     <name>Endpoint Security Web Control: Top Sites Grouped by Content</name>
  860.     <description>Top sites grouped by content over the last 30 days.</description>
  861.     <target>WP_EventInfo</target>
  862.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  863.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  864.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=WP_EventInfo.ContentID&amp;orion.sum.group.by=WP_EventInfo.ContentID%3AWP_EventInfo.DomainName&amp;orion.sum.order=az%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  865.   </query>
  866.   <query id="194">
  867.     <dictionary id="195"/>
  868.     <name>Endpoint Security Web Control: Top 100 Warned-Cancelled Sites</name>
  869.     <description>Top 100 sites that were warned-cancelled over the last 30 days.</description>
  870.     <target>WP_EventInfo</target>
  871.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  872.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.ActionID+3++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  873.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  874.   </query>
  875.   <query id="196">
  876.     <dictionary id="197"/>
  877.     <name>Endpoint Security Web Control: Visits by Action</name>
  878.     <description>Bar chart depicting number of visits over the last 30 days, grouped by policy-based action.</description>
  879.     <target>WP_EventInfo</target>
  880.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  881.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  882.     <summary-uri>query:summary?bar.title=WP_EventInfo.ActionID&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=WP_EventInfo.ActionID&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  883.   </query>
  884.   <query id="198">
  885.     <dictionary id="199"/>
  886.     <name>Endpoint Security Web Control: Top 100 Red Downloads</name>
  887.     <description>Top 100 red downloads over the last 30 days.</description>
  888.     <target>WP_EventInfo</target>
  889.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  890.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+3++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  891.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  892.   </query>
  893.   <query id="200">
  894.     <dictionary id="201"/>
  895.     <name>Endpoint Security Web Control: Top 100 Yellow Downloads</name>
  896.     <description>Top 100 yellow downloads over the last 30 days.</description>
  897.     <target>WP_EventInfo</target>
  898.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  899.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+2++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  900.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  901.   </query>
  902.   <query id="202">
  903.     <dictionary id="203"/>
  904.     <name>Endpoint Security Web Control: Top 100 Unrated Downloads</name>
  905.     <description>Top 100 unrated downloads over the last 30 days.</description>
  906.     <target>WP_EventInfo</target>
  907.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName%3AWP_EventInfo.Count&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  908.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatEventID+18601++%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+WP_EventInfo.RatingID+6++%29+%28+or+%28+eq+WP_EventInfo.ActionID+1++%29+%28+eq+WP_EventInfo.ActionID+2++%29+%28+eq+WP_EventInfo.ActionID+6++%29+%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  909.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=WP_EventInfo.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=WP_EventInfo.DomainName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  910.   </query>
  911.   <query id="204">
  912.     <dictionary id="205"/>
  913.     <name>Endpoint Security Web Control: Visits by Action Grouped by Content</name>
  914.     <description>Bar chart depicting number of visits to each content category over the last 30 days, grouped by policy-based action.</description>
  915.     <target>WP_EventInfo</target>
  916.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AWP_EventInfo.RatingID%3AWP_EventInfo.ContentID%3AWP_EventInfo.DomainName%3AWP_EventInfo.ActionID%3AWP_EventInfo.ReasonID%3AWP_EventInfo.ListID%3AWP_EventInfo.URL%3AEPOLeafNode.NodeName</table-uri>
  917.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+eq+EPOEvents.ThreatEventID+18600++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  918.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=WP_EventInfo.ActionID&amp;orion.sum.group.by=WP_EventInfo.ActionID%3AWP_EventInfo.ContentID&amp;orion.sum.order=az%3Aaz&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=WP_EventInfo.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  919.   </query>
  920.   <query id="206">
  921.     <dictionary id="207"/>
  922.     <name>Endpoint Security Threat Prevention: Applications with the Most Exploits in the Last 7 Days</name>
  923.     <description>This report lists the Applications with the Most Exploits in the Last 7 Days</description>
  924.     <target>EPExtendedEvent</target>
  925.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOLeafNode.NodeName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEventFilterDesc.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.ThreatName%3AEPOEvents.TargetUserName%3AEPOLeafNode.NodeName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.ThreatActionTaken</table-uri>
  926.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+in+EPOEvents.ThreatEventID+18051++18052++18053++18054++18055++18056++%29+%29+%29</condition-uri>
  927.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetProcessName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=5&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  928.   </query>
  929.   <query id="208">
  930.     <dictionary id="209"/>
  931.     <name>Endpoint Security Threat Prevention: Duration of Completed Full Scans in the Last 7 Days</name>
  932.     <description>This report lists the Duration of Completed Full Scans in the last 7 days</description>
  933.     <target>AM_CustomProps</target>
  934.     <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullAverageScanDuration</table-uri>
  935.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+AM_CustomProps.ODSLastFullScanDate+604800000++%29+%29</condition-uri>
  936.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=AM_CustomProps.ODSFullAverageScanDuration&amp;orion.sum.order=az&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  937.   </query>
  938.   <query id="210">
  939.     <dictionary id="211"/>
  940.     <name>Endpoint Security Threat Prevention: Duration of Completed Quick Scans in the Last 7 Days</name>
  941.     <description>This report lists the Duration of Completed Quick Scans in the last 7 days</description>
  942.     <target>AM_CustomProps</target>
  943.     <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickAverageScanDuration</table-uri>
  944.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+AM_CustomProps.ODSLastQuickScanDate+604800000++%29+%29</condition-uri>
  945.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=AM_CustomProps.ODSQuickAverageScanDuration&amp;orion.sum.order=az&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  946.   </query>
  947.   <query id="212">
  948.     <dictionary id="213"/>
  949.     <name>Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last 7 Days</name>
  950.     <description>This report lists the number of systems that have not completed a Full Scan in the last 7 days but within the last month</description>
  951.     <target>AM_CustomProps</target>
  952.     <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName</table-uri>
  953.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+AM_CustomProps.ODSLastFullScanDate+604800000++%29+%28+newerThan+AM_CustomProps.ODSLastFullScanDate+2592000000++%29+%29+%29</condition-uri>
  954.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=AM_CustomProps.ODSLastFullScanDate&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  955.   </query>
  956.   <query id="214">
  957.     <dictionary id="215"/>
  958.     <name>MCP: Endpoint Install Success/Failed events in last month</name>
  959.     <description>This query displays computers which successfully installed the MCP Endpoint or failed installing the MCP Endpoint in the last month</description>
  960.     <target>EPOProductEvents</target>
  961.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.DetectedUTC%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.HostName%3AEPOProductEvents.Error&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.Type%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version%3AEPOProductEvents.HostName%3AEPOProductEvents.Error</table-uri>
  962.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+in+EPOProductEvents.TVDEventID+2412++2411++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%28+eq+EPOProductEvents.ProductCode+%22MCPAGENT1000%22+%29+%28+newerThan+EPOProductEvents.DetectedUTC+2592000000++%29+%29+%29</condition-uri>
  963.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.Error&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  964.   </query>
  965.   <query id="216">
  966.     <dictionary id="217"/>
  967.     <name>Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last Month</name>
  968.     <description>This report lists the number of systems that have not completed a Full Scan in the last month</description>
  969.     <target>AM_CustomProps</target>
  970.     <table-uri>query:table?orion.table.columns=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=AM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration%3AEPOLeafNode.NodeName</table-uri>
  971.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+olderThan+AM_CustomProps.ODSLastFullScanDate+2592000000++%29+%28+isBlank+AM_CustomProps.ODSLastFullScanDate+%29+%29+%29</condition-uri>
  972.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=AM_CustomProps.ODSLastFullScanDate&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  973.   </query>
  974.   <query id="218">
  975.     <dictionary id="219"/>
  976.     <name>Endpoint Security Threat Prevention: Access Protection Compliance Status</name>
  977.     <description>This is the Access Protection Compliance Status Report.</description>
  978.     <target>AM_CustomProps</target>
  979.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.APbComplianceStatus%3AAM_CustomProps.APComplianceStatus%3AAM_CustomProps.APAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.APbComplianceStatus%3AAM_CustomProps.APComplianceStatus%3AAM_CustomProps.APAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  980.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%28+startsWith+EPOComputerProperties.OSType+%22Linux%22+%29+%29+%29</condition-uri>
  981.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+AM_CustomProps.APbComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  982.   </query>
  983.   <query id="220">
  984.     <dictionary id="221"/>
  985.     <name>Endpoint Security Threat Prevention: AMCore Content Compliance Status</name>
  986.     <description>This is the AMCore Content Compliance Status Report.</description>
  987.     <target>AM_CustomProps</target>
  988.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.AVCMGRbComplianceStatus%3AAM_CustomProps.AVCMGRComplianceStatus%3AAM_CustomProps.AVCMGRAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.AVCMGRbComplianceStatus%3AAM_CustomProps.AVCMGRComplianceStatus%3AAM_CustomProps.AVCMGRAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  989.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%29</condition-uri>
  990.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+AM_CustomProps.AVCMGRbComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  991.   </query>
  992.   <query id="222">
  993.     <dictionary id="223"/>
  994.     <name>Endpoint Security Threat Prevention: Exploit Prevention Compliance Status</name>
  995.     <description>This is the Exploit Prevention Compliance Status Report.</description>
  996.     <target>AM_CustomProps</target>
  997.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.BObComplianceStatus%3AAM_CustomProps.BOComplianceStatus%3AAM_CustomProps.BOAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.BObComplianceStatus%3AAM_CustomProps.BOComplianceStatus%3AAM_CustomProps.BOAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  998.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+startsWith+EPOComputerProperties.OSType+%22Windows%22+%29+%29</condition-uri>
  999.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+AM_CustomProps.BObComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1000.   </query>
  1001.   <query id="224">
  1002.     <dictionary id="225"/>
  1003.     <name>Endpoint Security Threat Prevention: On-Access Scan Compliance Status</name>
  1004.     <description>This is the On-Access Scan Compliance Status Report.</description>
  1005.     <target>AM_CustomProps</target>
  1006.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.OASbComplianceStatus%3AAM_CustomProps.OASComplianceStatus%3AAM_CustomProps.OASAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.OASbComplianceStatus%3AAM_CustomProps.OASComplianceStatus%3AAM_CustomProps.OASAdditionalComplianceStatus%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  1007.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1008.     <summary-uri>query:summary?bool.red.text=noncompliantkey&amp;orion.sum.query=true&amp;bool.green.text=compliantkey&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+AM_CustomProps.OASbComplianceStatus+1++%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1009.   </query>
  1010.   <query id="226">
  1011.     <dictionary id="227"/>
  1012.     <name>Endpoint Security Threat Prevention: Content Status</name>
  1013.     <description>This is the Content Status Report for Threat Prevention.</description>
  1014.     <target>AM_CustomProps</target>
  1015.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ManifestVersion%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ManifestVersion%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  1016.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1017.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.ManifestVersion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1018.   </query>
  1019.   <query id="228">
  1020.     <dictionary id="229"/>
  1021.     <name>Endpoint Security Threat Prevention: Exploit Prevention Content Status</name>
  1022.     <description>This is the Content Status Report for the Exploit Prevention feature.</description>
  1023.     <target>AM_CustomProps</target>
  1024.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ExploitPreventionContentVersion%3AAM_CustomProps.ExploitPreventionContentCreated%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOComputerProperties.IPV6%3AAM_CustomProps.ExploitPreventionContentVersion%3AAM_CustomProps.ExploitPreventionContentCreated%3AEPOProdPropsView_THREATPREVENTION.productversion%3AEPOLeafNode.LastUpdate</table-uri>
  1025.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1026.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.ExploitPreventionContentVersion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1027.   </query>
  1028.   <query id="230">
  1029.     <dictionary id="231"/>
  1030.     <name>Endpoint Security Threat Prevention: Detection Response Summary</name>
  1031.     <description>Displays the number of threats on which an action was taken (cleaned, deleted) versus the number of threats on which no action was taken, in the last three months.</description>
  1032.     <target>EPOEvents</target>
  1033.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatHandled%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatHandled%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1034.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+eq+EPExtendedEvent.BladeName+%22IDS_BLADE_NAME_SPB%22+%29+%29+%29</condition-uri>
  1035.     <summary-uri>query:summary?bool.red.text=nothandledid&amp;orion.sum.query=true&amp;bool.green.text=handledid&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPOEvents.ThreatHandled+%221%22+%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1036.   </query>
  1037.   <query id="232">
  1038.     <dictionary id="233"/>
  1039.     <name>Endpoint Security Threat Prevention: Threats Detected Over the Previous 2 Quarters</name>
  1040.     <description>Displays the threats detected over the previous two quarters. No cookies.</description>
  1041.     <target>EPOEvents</target>
  1042.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1043.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15724800000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1044.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.count.title=EPOEvents&amp;groupedbar.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=quarter&amp;orion.sum.order=oldest%3Adesc&amp;orion.sum.limit.count=2&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1045.   </query>
  1046.   <query id="234">
  1047.     <dictionary id="235"/>
  1048.     <name>Endpoint Security Threat Prevention: Top 10 Computers with the Most Detections</name>
  1049.     <description>Displays the top ten computers with the most detections in the last three months.</description>
  1050.     <target>EPOEvents</target>
  1051.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1052.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1053.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOLeafNode.NodeName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOLeafNode.NodeName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1054.   </query>
  1055.   <query id="236">
  1056.     <dictionary id="237"/>
  1057.     <name>Endpoint Security Threat Prevention: Top 10 Detected Threats</name>
  1058.     <description>Displays the top ten detected threats in the last three months.</description>
  1059.     <target>EPOEvents</target>
  1060.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1061.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1062.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.ThreatName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1063.   </query>
  1064.   <query id="238">
  1065.     <dictionary id="239"/>
  1066.     <name>Endpoint Security Threat Prevention: Top 10 Access Protection Rules Broken</name>
  1067.     <description>Displays the top ten most frequently broken access protection rules in the last three months.</description>
  1068.     <target>EPOEvents</target>
  1069.     <table-uri>query:table?orion.table.columns=EPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.SourceIPV6&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerIPV6%3AEPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.SourceIPV6</table-uri>
  1070.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatEventID+1092++%29+%28+eq+EPOEvents.ThreatEventID+1095++%29+%29+%29+%29</condition-uri>
  1071.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1072.   </query>
  1073.   <query id="240">
  1074.     <dictionary id="241"/>
  1075.     <name>Endpoint Security Threat Prevention: Threat Count by Severity</name>
  1076.     <description>Slice count is the number of events. Slices are the different event severities. All in the last three months.</description>
  1077.     <target>EPOEvents</target>
  1078.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1079.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1080.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.ThreatSeverity&amp;orion.query.type=pie.pie&amp;pie.count.title=EPOEvents&amp;orion.sum.group.by=EPOEvents.ThreatSeverity&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1081.   </query>
  1082.   <query id="242">
  1083.     <dictionary id="243"/>
  1084.     <name>Endpoint Security Threat Prevention: Top 10 Users with the Most Detections</name>
  1085.     <description>Top 10 user with the most detections in the last three months.</description>
  1086.     <target>EPOEvents</target>
  1087.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1088.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1089.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1090.   </query>
  1091.   <query id="244">
  1092.     <dictionary id="245"/>
  1093.     <name>Endpoint Security Threat Prevention: Top 10 Threats Per Threat Category</name>
  1094.     <description>Displays the top ten threats per threat category over the last three months. Grouped by threat category, then threat name.</description>
  1095.     <target>EPOEvents</target>
  1096.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  1097.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1098.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=EPOEvents.ThreatType&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.show.other=false&amp;orion.sum.limit.count=%3A10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1099.   </query>
  1100.   <query id="246">
  1101.     <dictionary id="247"/>
  1102.     <name>Endpoint Security Threat Prevention: Top 10 Threat Sources</name>
  1103.     <description>Displays the top ten computers which are the source of a threat in the last three months.</description>
  1104.     <target>EPOEvents</target>
  1105.     <table-uri>query:table?orion.table.columns=EPOEvents.SourceHostName%3AEPOEvents.SourceIPV6%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.SourceHostName%3AEPOEvents.SourceIPV6%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion</table-uri>
  1106.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.SourceHostName+%22_%22+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%29+%29</condition-uri>
  1107.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.SourceHostName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.SourceHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1108.   </query>
  1109.   <query id="248">
  1110.     <dictionary id="249"/>
  1111.     <name>Endpoint Security Threat Prevention: Top 10 Exploits Prevented</name>
  1112.     <description>Displays the top ten exploits prevented in the last three months.</description>
  1113.     <target>EPOEvents</target>
  1114.     <table-uri>query:table?orion.table.columns=EPOEvents.TargetProcessName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetProcessName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion</table-uri>
  1115.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+or+%28+eq+EPOEvents.ThreatEventID+18051++%29+%28+eq+EPOEvents.ThreatEventID+18052++%29+%28+eq+EPOEvents.ThreatEventID+18053++%29+%28+eq+EPOEvents.ThreatEventID+18054++%29+%28+eq+EPOEvents.ThreatEventID+18055++%29+%28+eq+EPOEvents.ThreatEventID+18056++%29+%29+%29+%29</condition-uri>
  1116.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.SourceProcessName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetProcessName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1117.   </query>
  1118.   <query id="250">
  1119.     <dictionary id="251"/>
  1120.     <name>Endpoint Security Threat Prevention: Hotfixes Installed</name>
  1121.     <description>Displays the hotfixes installed for Threat Prevention.</description>
  1122.     <target>AM_CustomProps</target>
  1123.     <table-uri>query:table?orion.table.columns=AM_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=AM_CustomProps.Hotfixes%3AEPOComputerProperties.ComputerName%3AEPOComputerProperties.UserName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.LastUpdate</table-uri>
  1124.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+AM_CustomProps.Hotfixes+%29+%29</condition-uri>
  1125.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=AM_CustomProps.Hotfixes&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1126.   </query>
  1127.   <query id="252">
  1128.     <dictionary id="253"/>
  1129.     <name>Endpoint Security Threat Prevention: On-Access Scan McAfee GTI Sensitivity Level</name>
  1130.     <description>This reports displays the McAfee GTI sensitivity level for On-Access Scans.</description>
  1131.     <target>AM_CustomProps</target>
  1132.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.OASGTILevel&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.OASGTILevel</table-uri>
  1133.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1134.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.OASGTILevel&amp;orion.sum.order=asc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1135.   </query>
  1136.   <query id="254">
  1137.     <dictionary id="255"/>
  1138.     <name>Endpoint Security Threat Prevention: On-Demand Full Scan McAfee GTI Sensitivity Level</name>
  1139.     <description>This reports displays the McAfee GTI sensitivity level for On-Demand Full Scans.</description>
  1140.     <target>AM_CustomProps</target>
  1141.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullScanGTILevel%3AAM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSFullScanGTILevel%3AAM_CustomProps.ODSLastFullScanDate%3AAM_CustomProps.ODSFullAverageScanDuration</table-uri>
  1142.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1143.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.ODSFullScanGTILevel&amp;orion.sum.order=asc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1144.   </query>
  1145.   <query id="256">
  1146.     <dictionary id="257"/>
  1147.     <name>Endpoint Security Threat Prevention: On-Demand Quick Scan McAfee GTI Sensitivity Level</name>
  1148.     <description>This reports displays the McAfee GTI sensitivity level for On-Demand Quick Scans.</description>
  1149.     <target>AM_CustomProps</target>
  1150.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickScanGTILevel%3AAM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSQuickScanGTILevel%3AAM_CustomProps.ODSLastQuickScanDate%3AAM_CustomProps.ODSQuickAverageScanDuration</table-uri>
  1151.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1152.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.ODSQuickScanGTILevel&amp;orion.sum.order=asc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1153.   </query>
  1154.   <query id="258">
  1155.     <dictionary id="259"/>
  1156.     <name>Endpoint Security Threat Prevention: Right-Click Scan McAfee GTI Sensitivity Level</name>
  1157.     <description>This reports displays the McAfee GTI sensitivity level for Right-Click Scans.</description>
  1158.     <target>AM_CustomProps</target>
  1159.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AAM_CustomProps.ODSRightClickScanGTILevel&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AAM_CustomProps.ODSRightClickScanGTILevel</table-uri>
  1160.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1161.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=AM_CustomProps.ODSRightClickScanGTILevel&amp;orion.sum.order=asc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1162.   </query>
  1163.   <query id="260">
  1164.     <dictionary id="261"/>
  1165.     <name>Endpoint Security Threat Prevention: False Positive Mitigation Events</name>
  1166.     <description>False Positive Mitigation Events for the last 30 days</description>
  1167.     <target>EPOEvents</target>
  1168.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPExtendedEvent.BladeName%3AEPExtendedEvent.TargetName%3AEPExtendedEvent.TargetPath%3AEPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.ThreatActionTaken&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPExtendedEvent.BladeName%3AEPExtendedEvent.TargetName%3AEPExtendedEvent.TargetPath%3AEPOEvents.ThreatName%3AEPOEvents.ThreatType%3AEPOEvents.ThreatActionTaken</table-uri>
  1169.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+EPOEvents.ThreatEventID+34928++%29+%29</condition-uri>
  1170.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1171.   </query>
  1172.   <query id="262">
  1173.     <dictionary id="263"/>
  1174.     <name>Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days</name>
  1175.     <description>Adaptive Threat Protection Block Events for Last 30 Days</description>
  1176.     <target>JTIClientEventInfoView</target>
  1177.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1178.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++%29+%29</condition-uri>
  1179.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1180.   </query>
  1181.   <query id="264">
  1182.     <dictionary id="265"/>
  1183.     <name>Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days</name>
  1184.     <description>Adaptive Threat Protection Allow Events for Last 30 Days</description>
  1185.     <target>JTIClientEventInfoView</target>
  1186.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1187.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35105++%29+%29</condition-uri>
  1188.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1189.   </query>
  1190.   <query id="266">
  1191.     <dictionary id="267"/>
  1192.     <name>Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days</name>
  1193.     <description>Adaptive Threat Protection Clean Events for Last 30 Days</description>
  1194.     <target>JTIClientEventInfoView</target>
  1195.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1196.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35107++%29+%29</condition-uri>
  1197.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1198.   </query>
  1199.   <query id="268">
  1200.     <dictionary id="269"/>
  1201.     <name>Endpoint Security Adaptive Threat Protection: Events by System (Top 10)</name>
  1202.     <description>Adaptive Threat Protection Events by System (Top 10)</description>
  1203.     <target>JTIClientEventInfoView</target>
  1204.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName</table-uri>
  1205.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++35105++35107++35112++%29+%29</condition-uri>
  1206.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=EPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc%3Adesc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1207.   </query>
  1208.   <query id="270">
  1209.     <dictionary id="271"/>
  1210.     <name>Endpoint Security Adaptive Threat Protection: Block Events by Event Type</name>
  1211.     <description>Adaptive Threat Protection Block Events by Event Type</description>
  1212.     <target>JTIClientEventInfoView</target>
  1213.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1214.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.blocked%22+%29+%28+in+EPOEvents.ThreatEventID+35104++%29+%29+%29</condition-uri>
  1215.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1216.   </query>
  1217.   <query id="272">
  1218.     <dictionary id="273"/>
  1219.     <name>Endpoint Security Adaptive Threat Protection: Allow Events by Event Type</name>
  1220.     <description>Adaptive Threat Protection Allow Events by Event Type</description>
  1221.     <target>JTIClientEventInfoView</target>
  1222.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1223.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+in+EPOEvents.ThreatEventID+35105++%29+%29+%29</condition-uri>
  1224.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1225.   </query>
  1226.   <query id="274">
  1227.     <dictionary id="275"/>
  1228.     <name>Endpoint Security Adaptive Threat Protection: Clean Events by Event Type</name>
  1229.     <description>Adaptive Threat Protection Clean Events by Event Type</description>
  1230.     <target>JTIClientEventInfoView</target>
  1231.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1232.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.repaired%22+%29+%28+in+EPOEvents.ThreatEventID+35107++%29+%29+%29</condition-uri>
  1233.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1234.   </query>
  1235.   <query id="276">
  1236.     <dictionary id="277"/>
  1237.     <name>Endpoint Security Adaptive Threat Protection: Events by File (Top 10)</name>
  1238.     <description>Adaptive Threat Protection Events by File (Top 10)</description>
  1239.     <target>JTIClientEventInfoView</target>
  1240.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name</table-uri>
  1241.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++35105++35107++35112++%29+%29</condition-uri>
  1242.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1243.   </query>
  1244.   <query id="278">
  1245.     <dictionary id="279"/>
  1246.     <name>Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days</name>
  1247.     <description>Adaptive Threat Protection Observation Block Events for Last 30 Days</description>
  1248.     <target>JTIClientEventInfoView</target>
  1249.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1250.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++%29+%29</condition-uri>
  1251.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1252.   </query>
  1253.   <query id="280">
  1254.     <dictionary id="281"/>
  1255.     <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days</name>
  1256.     <description>Adaptive Threat Protection Observation Allow Events for Last 30 Days</description>
  1257.     <target>JTIClientEventInfoView</target>
  1258.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1259.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35103++%29+%29</condition-uri>
  1260.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1261.   </query>
  1262.   <query id="282">
  1263.     <dictionary id="283"/>
  1264.     <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days</name>
  1265.     <description>Adaptive Threat Protection Observation Clean Events for Last 30 Days</description>
  1266.     <target>JTIClientEventInfoView</target>
  1267.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetHostName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1268.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35106++%29+%29</condition-uri>
  1269.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1270.   </query>
  1271.   <query id="284">
  1272.     <dictionary id="285"/>
  1273.     <name>Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10)</name>
  1274.     <description>Adaptive Threat Protection Observation Events by System (Top 10)</description>
  1275.     <target>JTIClientEventInfoView</target>
  1276.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AJTIClientEventInfoView.CertName</table-uri>
  1277.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++35103++35106++35111++%29+%29</condition-uri>
  1278.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=EPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc%3Adesc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1279.   </query>
  1280.   <query id="286">
  1281.     <dictionary id="287"/>
  1282.     <name>Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type</name>
  1283.     <description>Adaptive Threat Protection Observation Block Events by Event Type</description>
  1284.     <target>JTIClientEventInfoView</target>
  1285.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1286.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.would.blocked%22+%29+%28+in+EPOEvents.ThreatEventID+35102++%29+%29+%29</condition-uri>
  1287.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1288.   </query>
  1289.   <query id="288">
  1290.     <dictionary id="289"/>
  1291.     <name>TIE Server Appliances per Platform Version</name>
  1292.     <description>Find TIE appliances split by TIE platform version.</description>
  1293.     <target>EPOLeafNode</target>
  1294.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  1295.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
  1296.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOComputerProperties.OSOEMID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1297.   </query>
  1298.   <query id="290">
  1299.     <dictionary id="291"/>
  1300.     <name>TIE Server Appliances per Agent Version</name>
  1301.     <description>Find TIE appliances split by agent version.</description>
  1302.     <target>EPOLeafNode</target>
  1303.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  1304.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
  1305.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1306.   </query>
  1307.   <query id="292">
  1308.     <dictionary id="293"/>
  1309.     <name>TIE Server Appliances per Broker Version</name>
  1310.     <description>Find TIE appliances split by DXL broker version.</description>
  1311.     <target>EPOLeafNode</target>
  1312.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  1313.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%28+version_ge+EPOProdPropsView_DXLBROKER.productversion+%221%22+%29+%29+%29</condition-uri>
  1314.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_DXLBROKER.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1315.   </query>
  1316.   <query id="294">
  1317.     <dictionary id="295"/>
  1318.     <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type</name>
  1319.     <description>Adaptive Threat Protection Observation Allow Events by Event Type</description>
  1320.     <target>JTIClientEventInfoView</target>
  1321.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1322.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+in+EPOEvents.ThreatEventID+35103++%29+%29+%29</condition-uri>
  1323.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1324.   </query>
  1325.   <query id="296">
  1326.     <dictionary id="297"/>
  1327.     <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type</name>
  1328.     <description>Adaptive Threat Protection Observation Clean Events by Event Type</description>
  1329.     <target>JTIClientEventInfoView</target>
  1330.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  1331.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.ThreatActionTaken+%22jticlient.would.repaired%22+%29+%28+in+EPOEvents.ThreatEventID+35106++%29+%29+%29</condition-uri>
  1332.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatCategory&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1333.   </query>
  1334.   <query id="298">
  1335.     <dictionary id="299"/>
  1336.     <name>Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10)</name>
  1337.     <description>Adaptive Threat Protection Observation Events by File (Top 10)</description>
  1338.     <target>JTIClientEventInfoView</target>
  1339.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AJTIClientRulesView.Name</table-uri>
  1340.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++35103++35106++35111++%29+%29</condition-uri>
  1341.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1342.   </query>
  1343.   <query id="300">
  1344.     <dictionary id="301"/>
  1345.     <name>Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10)</name>
  1346.     <description>Adaptive Threat Protection Block Events by Rule (Top 10)</description>
  1347.     <target>JTIClientEventInfoView</target>
  1348.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1349.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35104++%29+%29</condition-uri>
  1350.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1351.   </query>
  1352.   <query id="302">
  1353.     <dictionary id="303"/>
  1354.     <name>Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10)</name>
  1355.     <description>Adaptive Threat Protection Observation Block Events by Rule (Top 10)</description>
  1356.     <target>JTIClientEventInfoView</target>
  1357.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1358.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35102++%29+%29</condition-uri>
  1359.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1360.   </query>
  1361.   <query id="304">
  1362.     <dictionary id="305"/>
  1363.     <name>Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10)</name>
  1364.     <description>Adaptive Threat Protection Allow Events by Rule (Top 10)</description>
  1365.     <target>JTIClientEventInfoView</target>
  1366.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1367.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35105++%29+%29</condition-uri>
  1368.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1369.   </query>
  1370.   <query id="306">
  1371.     <dictionary id="307"/>
  1372.     <name>Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10)</name>
  1373.     <description>Adaptive Threat Protection Observation Allow Events by Rule (Top 10)</description>
  1374.     <target>JTIClientEventInfoView</target>
  1375.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1376.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35103++%29+%29</condition-uri>
  1377.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1378.   </query>
  1379.   <query id="308">
  1380.     <dictionary id="309"/>
  1381.     <name>Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10)</name>
  1382.     <description>Adaptive Threat Protection Clean Events by Rule (Top 10)</description>
  1383.     <target>JTIClientEventInfoView</target>
  1384.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1385.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35107++%29+%29</condition-uri>
  1386.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1387.   </query>
  1388.   <query id="310">
  1389.     <dictionary id="311"/>
  1390.     <name>Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10)</name>
  1391.     <description>Adaptive Threat Protection Observation Clean Events by Rule (Top 10)</description>
  1392.     <target>JTIClientEventInfoView</target>
  1393.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AJTIClientRulesView.Name%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AEPOLeafNode.NodeName</table-uri>
  1394.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+in+EPOEvents.ThreatEventID+35106++%29+%29</condition-uri>
  1395.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatCategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1396.   </query>
  1397.   <query id="312">
  1398.     <dictionary id="313"/>
  1399.     <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours</name>
  1400.     <description>Adaptive Threat Protection Observation Real Protect Detection Events in Last 24 Hours</description>
  1401.     <target>EPOEvents</target>
  1402.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
  1403.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
  1404.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1405.   </query>
  1406.   <query id="314">
  1407.     <dictionary id="315"/>
  1408.     <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days</name>
  1409.     <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last 7 Days</description>
  1410.     <target>EPOEvents</target>
  1411.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
  1412.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
  1413.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1414.   </query>
  1415.   <query id="316">
  1416.     <dictionary id="317"/>
  1417.     <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days</name>
  1418.     <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last 30 Days</description>
  1419.     <target>EPOEvents</target>
  1420.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
  1421.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+2592000000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
  1422.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1423.   </query>
  1424.   <query id="318">
  1425.     <dictionary id="319"/>
  1426.     <name>Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter</name>
  1427.     <description>Adaptive Threat Protection Observation Real Protect Detection Events for Last Quarter</description>
  1428.     <target>EPOEvents</target>
  1429.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOLeafNode.NodeName%3AEPOEvents.TargetUserName%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetIPV4%3AEPOEvents.TargetUserName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod</table-uri>
  1430.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+newerThan+EPOEvents.DetectedUTC+7862400000+%29++%28+or+%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Client%22+%29++%28+eq+EPOEvents.AnalyzerDetectionMethod+%22Real+Protect+Cloud%22+%29++%29++%29++%29</condition-uri>
  1431.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.ThreatActionTaken%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1432.   </query>
  1433.   <query id="320">
  1434.     <dictionary id="321"/>
  1435.     <name>TIE Server New Certificates by GTI Reputation in Last Week</name>
  1436.     <description>Find all certificates created in the last week and aggregate by reputation.</description>
  1437.     <target>TieServerSchema.certificate_rep_summary</target>
  1438.     <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
  1439.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_rep_summary.provider_id+2++%29+%28+newerThan+certificate_rep_summary.new_date+604800000++%29+%29+%29</condition-uri>
  1440.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=certificate_rep_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1441.   </query>
  1442.   <query id="322">
  1443.     <dictionary id="323"/>
  1444.     <name>TIE Server Malicious or Unidentified Certificates by GTI Reputation in Last Month</name>
  1445.     <description>Find all Malicious or Unidentified Certificates by GTI Reputation in Last Month.</description>
  1446.     <target>TieServerSchema.certificate_rep_summary</target>
  1447.     <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
  1448.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+certificate_rep_summary.new_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+or+%28+eq+certificate_rep_summary.trust_level+1++%29+%28+eq+certificate_rep_summary.trust_level+30++%29+%28+eq+certificate_rep_summary.trust_level+15++%29+%28+eq+certificate_rep_summary.trust_level+50++%29+%28+eq+certificate_rep_summary.trust_level+0++%29+%29+%29</condition-uri>
  1449.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=certificate_rep_summary.new_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1450.   </query>
  1451.   <query id="324">
  1452.     <dictionary id="325"/>
  1453.     <name>Endpoint Security Adaptive Threat Protection: Content Status</name>
  1454.     <description>Adaptive Threat Protection Content Status</description>
  1455.     <target>ATP_CustomProps</target>
  1456.     <table-uri>query:table?orion.table.columns=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus&amp;orion.table.order=az&amp;orion.table.order.by=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus</table-uri>
  1457.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1458.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=ATP_CustomProps.JTIContentVersion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1459.   </query>
  1460.   <query id="326">
  1461.     <dictionary id="327"/>
  1462.     <name>Endpoint Security Adaptive Threat Protection: Extra.DAT Signatures</name>
  1463.     <description>Adaptive Threat Protection Extra.DAT Signature Names</description>
  1464.     <target>ATP_CustomProps</target>
  1465.     <table-uri>query:table?orion.table.columns=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus%3AATP_CustomProps.szExtraDATNames&amp;orion.table.order=az&amp;orion.table.order.by=ATP_CustomProps.CommStatus%3AATP_CustomProps.UnsupportedOS%3AATP_CustomProps.RPContentVersion%3AATP_CustomProps.RPContentDate%3AATP_CustomProps.RPEngineVersion%3AATP_CustomProps.RPEngineDate%3AATP_CustomProps.JTIContentVersion%3AATP_CustomProps.containedApplications%3AATP_CustomProps.Hotfixes%3AATP_CustomProps.Patch%3AATP_CustomProps.LicenseStatus%3AATP_CustomProps.szExtraDATNames</table-uri>
  1466.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1467.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=ATP_CustomProps.szExtraDATNames&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1468.   </query>
  1469.   <query id="328">
  1470.     <dictionary id="329"/>
  1471.     <name>DLP: Number of Operational events per day</name>
  1472.     <description>This report summarizes number of operational events per day</description>
  1473.     <target>udlpQuerySchema.UDLP_Operationals</target>
  1474.     <table-uri>query:table?orion.table.columns=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID</table-uri>
  1475.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_Operationals.InsertionTime+2419200000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1476.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=UDLP_Operationals.InsertionTime&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1477.   </query>
  1478.   <query id="330">
  1479.     <dictionary id="331"/>
  1480.     <name>TIE Server Certificates by Enterprise Reputation</name>
  1481.     <description>Find all certificates and aggregate by enterprise reputation.</description>
  1482.     <target>TieServerSchema.certificate_trust_level_count_summary</target>
  1483.     <table-uri>query:table?orion.table.columns=certificate_trust_level_count_summary.count%3Acertificate_trust_level_count_summary.provider_id%3Acertificate_trust_level_count_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=certificate_trust_level_count_summary.count%3Acertificate_trust_level_count_summary.provider_id%3Acertificate_trust_level_count_summary.trust_level</table-uri>
  1484.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_trust_level_count_summary.provider_id+4++%29+%28+gt+certificate_trust_level_count_summary.count+0++%29+%29+%29</condition-uri>
  1485.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=certificate_trust_level_count_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=certificate_trust_level_count_summary.count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1486.   </query>
  1487.   <query id="332">
  1488.     <dictionary id="333"/>
  1489.     <name>TIE Server Certificates with Changed GTI Reputation in Last Week</name>
  1490.     <description>Find all certificates where the GTI reputation changed in the last week.</description>
  1491.     <target>TieServerSchema.certificate_rep_summary</target>
  1492.     <table-uri>query:table?orion.table.columns=certificate.subject%3Acertificate_rep_summary.provider_id%3Acertificate_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=certificate.subject%3Acertificate_rep_summary.trust_level</table-uri>
  1493.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+certificate_rep_summary.provider_id+2++%29+%28+newerThan+certificate_rep_summary.update_date+604800000++%29+%29+%29</condition-uri>
  1494.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=certificate_rep_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1495.   </query>
  1496.   <query id="334">
  1497.     <dictionary id="335"/>
  1498.     <name>TIE Server Top 10 Systems with New Certificates in Last Week</name>
  1499.     <description>Find top 10 systems with new certificates in the last week.</description>
  1500.     <target>TieServerSchema.agent_new_certificate_summary</target>
  1501.     <table-uri>query:table?orion.table.columns=agent_new_certificate_summary.agent%3Aagent_new_certificate_summary.count%3Aagent_new_certificate_summary.date&amp;orion.table.order=az&amp;orion.table.order.by=agent_new_certificate_summary.agent%3Aagent_new_certificate_summary.count%3Aagent_new_certificate_summary.date</table-uri>
  1502.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+agent_new_certificate_summary.date+604800000++%29+%29</condition-uri>
  1503.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=agent_new_certificate_summary.agent&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=agent_new_certificate_summary.count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1504.   </query>
  1505.   <query id="336">
  1506.     <dictionary id="337"/>
  1507.     <name>TIE Server New Files by GTI Reputation in Last Week</name>
  1508.     <description>Find all files created in the last week and aggregate by reputation.</description>
  1509.     <target>TieServerSchema.file_rep_summary</target>
  1510.     <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
  1511.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_rep_summary.provider_id+1++%29+%28+newerThan+file_rep_summary.new_date+604800000++%29+%29+%29</condition-uri>
  1512.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=file_rep_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1513.   </query>
  1514.   <query id="338">
  1515.     <dictionary id="339"/>
  1516.     <name>TIE Server Malicious or Unidentified Files by GTI Reputation in Last Month</name>
  1517.     <description>Find all Malicious or Unidentified Files by GTI Reputation in Last Month.</description>
  1518.     <target>TieServerSchema.file_rep_summary</target>
  1519.     <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
  1520.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_summary.new_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_summary.trust_level+1++%29+%28+eq+file_rep_summary.trust_level+30++%29+%28+eq+file_rep_summary.trust_level+15++%29+%28+eq+file_rep_summary.trust_level+50++%29+%28+eq+file_rep_summary.trust_level+0++%29+%29+%28+eq+file_rep_summary.provider_id+1++%29+%29+%29</condition-uri>
  1521.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=file_rep_summary.new_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1522.   </query>
  1523.   <query id="340">
  1524.     <dictionary id="341"/>
  1525.     <name>TIE Server Files by Enterprise Reputation</name>
  1526.     <description>Find all files and aggregate by enterprise reputation.</description>
  1527.     <target>TieServerSchema.file_trust_level_count_summary</target>
  1528.     <table-uri>query:table?orion.table.columns=file_trust_level_count_summary.count%3Afile_trust_level_count_summary.provider_id%3Afile_trust_level_count_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=file_trust_level_count_summary.count%3Afile_trust_level_count_summary.provider_id%3Afile_trust_level_count_summary.trust_level</table-uri>
  1529.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_trust_level_count_summary.provider_id+3++%29+%28+gt+file_trust_level_count_summary.count+0++%29+%29+%29</condition-uri>
  1530.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=file_trust_level_count_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=file_trust_level_count_summary.count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1531.   </query>
  1532.   <query id="342">
  1533.     <dictionary id="343"/>
  1534.     <name>TIE Server Files with Changed GTI Reputation in Last Week</name>
  1535.     <description>Find all files where the GTI reputation changed in the last week.</description>
  1536.     <target>TieServerSchema.file_rep_summary</target>
  1537.     <table-uri>query:table?orion.table.columns=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.provider_id%3Afile_rep_summary.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=file_name.name%3Afile.company_name%3Afile.product_name%3Afile.version%3Afile_rep_summary.trust_level</table-uri>
  1538.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+file_rep_summary.provider_id+1++%29+%28+newerThan+file_rep_summary.update_date+604800000++%29+%29+%29</condition-uri>
  1539.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=file_rep_summary.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1540.   </query>
  1541.   <query id="344">
  1542.     <dictionary id="345"/>
  1543.     <name>TIE Server Top 10 Systems with New Files in Last Week</name>
  1544.     <description>Find top 10 systems with new files in the last week.</description>
  1545.     <target>TieServerSchema.agent_new_file_summary</target>
  1546.     <table-uri>query:table?orion.table.columns=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count&amp;orion.table.order=az&amp;orion.table.order.by=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count</table-uri>
  1547.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+newerThan+agent_new_file_summary.date+604800000++%29+%29</condition-uri>
  1548.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=agent_new_file_summary.agent&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=agent_new_file_summary.count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1549.   </query>
  1550.   <query id="346">
  1551.     <dictionary id="347"/>
  1552.     <name>TIE Server Cleanup Trending Summary</name>
  1553.     <description>Show cleanup trending summary.</description>
  1554.     <target>TieServerSchema.cleanup_trending_summary</target>
  1555.     <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&amp;orion.table.order=desc&amp;orion.table.order.by=cleanup_trending_summary.date</table-uri>
  1556.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1557.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  1558.   </query>
  1559.   <query id="348">
  1560.     <dictionary id="349"/>
  1561.     <name>TIE Server Cleanup Criteria Effectiveness</name>
  1562.     <description>Display the number of executions that delete items versus those that don&apos;t delete items.</description>
  1563.     <target>TieServerSchema.cleanup_trending_summary</target>
  1564.     <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&amp;orion.table.order=desc&amp;orion.table.order.by=cleanup_trending_summary.date</table-uri>
  1565.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+cleanup_trending_summary.cleanup_executed+1++%29+%29</condition-uri>
  1566.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  1567.   </query>
  1568.   <query id="350">
  1569.     <dictionary id="351"/>
  1570.     <name>TIE Server Cleanup Executions Deleting Items</name>
  1571.     <description>Summarize how many cleanup executions deleted items.</description>
  1572.     <target>TieServerSchema.cleanup_trending_summary</target>
  1573.     <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&amp;orion.table.order=desc&amp;orion.table.order.by=cleanup_trending_summary.date</table-uri>
  1574.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  1575.     <summary-uri>query:summary?bool.red.text=tieserver.query.cleanUpExecutions.non-compliant&amp;orion.sum.query=true&amp;bool.green.text=tieserver.query.cleanUpExecutions.compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+eq+cleanup_trending_summary.cleanup_executed+1++%29+%28+gt+cleanup_trending_summary.deleted_subjects+0++%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1576.   </query>
  1577.   <query id="352">
  1578.     <dictionary id="353"/>
  1579.     <name>TIE Server Cleanup Items Deleted By Week</name>
  1580.     <description>Summary of the number of items deleted by week during cleanup executions.</description>
  1581.     <target>TieServerSchema.cleanup_trending_summary</target>
  1582.     <table-uri>query:table?orion.table.columns=cleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&amp;orion.table.order=desc&amp;orion.table.order.by=cleanup_trending_summary.date</table-uri>
  1583.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+cleanup_trending_summary.date+%29+%29&amp;orion.condition.sexp=</condition-uri>
  1584.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=cleanup_trending_summary.date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=cleanup_trending_summary.deleted_subjects&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1585.   </query>
  1586.   <query id="354">
  1587.     <dictionary id="355"/>
  1588.     <name>TIE Server Database Size</name>
  1589.     <description>Shows database size in last month.</description>
  1590.     <target>TieServerSchema.cleanup_trending_summary</target>
  1591.     <table-uri>query:table?orion.table.columns=cleanup_trending_summary.id%3Acleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects&amp;orion.table.order=az&amp;orion.table.order.by=cleanup_trending_summary.id%3Acleanup_trending_summary.date%3Acleanup_trending_summary.db_current_size%3Acleanup_trending_summary.db_threshold_size%3Acleanup_trending_summary.cleanup_executed%3Acleanup_trending_summary.deleted_subjects</table-uri>
  1592.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+cleanup_trending_summary.date+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1593.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=cleanup_trending_summary.date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=avg&amp;orion.sum.aggregation.column=cleanup_trending_summary.db_current_size</summary-uri>
  1594.   </query>
  1595.   <query id="356">
  1596.     <dictionary id="357"/>
  1597.     <name>TIE Server New Files</name>
  1598.     <description>Find new files in last month.</description>
  1599.     <target>TieServerSchema.fileJoined</target>
  1600.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.last_access_date</table-uri>
  1601.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1602.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1603.   </query>
  1604.   <query id="358">
  1605.     <dictionary id="359"/>
  1606.     <name>TIE Server Used Malicious Files</name>
  1607.     <description>Find malicious files by composite reputation from last month.</description>
  1608.     <target>TieServerSchema.fileJoined</target>
  1609.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1610.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+fileJoined.composite_reputation+1++%29+%29</condition-uri>
  1611.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1612.   </query>
  1613.   <query id="360">
  1614.     <dictionary id="361"/>
  1615.     <name>TIE Server Most Recently Used Malicious Files</name>
  1616.     <description>Find most recent malicious files from last month.</description>
  1617.     <target>TieServerSchema.fileJoined</target>
  1618.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1619.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+1++%29+%29+%29</condition-uri>
  1620.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=16&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1621.   </query>
  1622.   <query id="362">
  1623.     <dictionary id="363"/>
  1624.     <name>TIE Server Most Prevalent Malicious Files Created</name>
  1625.     <description>Find most prevalent malicious files created from last month.</description>
  1626.     <target>TieServerSchema.fileJoined</target>
  1627.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1628.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+1++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%29+%29</condition-uri>
  1629.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=16&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1630.   </query>
  1631.   <query id="364">
  1632.     <dictionary id="365"/>
  1633.     <name>TIE Server Most Used Suspicious Files</name>
  1634.     <description>Find suspicious most used files from last month.</description>
  1635.     <target>TieServerSchema.fileJoined</target>
  1636.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1637.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+or+%28+eq+fileJoined.composite_reputation+15++%29+%28+eq+fileJoined.composite_reputation+30++%29+%29+%29</condition-uri>
  1638.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1639.   </query>
  1640.   <query id="366">
  1641.     <dictionary id="367"/>
  1642.     <name>TIE Server Most Recently Used Suspicious Files</name>
  1643.     <description>Find most recently used suspicious files from last month.</description>
  1644.     <target>TieServerSchema.fileJoined</target>
  1645.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1646.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+or+%28+eq+fileJoined.composite_reputation+30++%29+%28+eq+fileJoined.composite_reputation+15++%29+%29+%29+%29</condition-uri>
  1647.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1648.   </query>
  1649.   <query id="368">
  1650.     <dictionary id="369"/>
  1651.     <name>TIE Server Most Prevalent Suspicious Files Created</name>
  1652.     <description>Find most prevalent suspicious files created from last month.</description>
  1653.     <target>TieServerSchema.fileJoined</target>
  1654.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1655.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+or+%28+eq+fileJoined.composite_reputation+30++%29+%28+eq+fileJoined.composite_reputation+15++%29+%29+%29+%29</condition-uri>
  1656.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1657.   </query>
  1658.   <query id="370">
  1659.     <dictionary id="371"/>
  1660.     <name>TIE Server Most Used Monitored Files</name>
  1661.     <description>Find monitored files most used from last month.</description>
  1662.     <target>TieServerSchema.fileJoined</target>
  1663.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1664.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+fileJoined.composite_reputation+50++%29+%29</condition-uri>
  1665.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1666.   </query>
  1667.   <query id="372">
  1668.     <dictionary id="373"/>
  1669.     <name>TIE Server Most Recently Used Monitored Files</name>
  1670.     <description>Find most recently used monitored files from last month.</description>
  1671.     <target>TieServerSchema.fileJoined</target>
  1672.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1673.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%29+%29</condition-uri>
  1674.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=16&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1675.   </query>
  1676.   <query id="374">
  1677.     <dictionary id="375"/>
  1678.     <name>TIE Server Most Prevalent Monitored Files Created</name>
  1679.     <description>Find most prevalent monitored files created from last month.</description>
  1680.     <target>TieServerSchema.fileJoined</target>
  1681.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  1682.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%29+%29</condition-uri>
  1683.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=16&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1684.   </query>
  1685.   <query id="376">
  1686.     <dictionary id="377"/>
  1687.     <name>ATD Submissions</name>
  1688.     <description>Find ATD sample submissions during last month.</description>
  1689.     <target>TieServerSchema.fileJoined</target>
  1690.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1691.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_atd.refresh_date+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1692.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=file_rep_atd.refresh_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1693.   </query>
  1694.   <query id="378">
  1695.     <dictionary id="379"/>
  1696.     <name>ATD Reputations</name>
  1697.     <description>Find ATD submissions split by reputation.</description>
  1698.     <target>TieServerSchema.fileJoined</target>
  1699.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1700.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
  1701.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=file_rep_atd.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1702.   </query>
  1703.   <query id="380">
  1704.     <dictionary id="381"/>
  1705.     <name>New ATD Submissions</name>
  1706.     <description>Find new ATD submissions in last month.</description>
  1707.     <target>TieServerSchema.fileJoined</target>
  1708.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1709.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
  1710.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1711.   </query>
  1712.   <query id="382">
  1713.     <dictionary id="383"/>
  1714.     <name>Recently Used ATD Submissions</name>
  1715.     <description>Find used ATD submissions from last month.</description>
  1716.     <target>TieServerSchema.fileJoined</target>
  1717.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1718.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_atd.trust_level+%29+%29</condition-uri>
  1719.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.last_access_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1720.   </query>
  1721.   <query id="384">
  1722.     <dictionary id="385"/>
  1723.     <name>Most Prevalent ATD Submissions</name>
  1724.     <description>Find most prevalent ATD submissions.</description>
  1725.     <target>TieServerSchema.fileJoined</target>
  1726.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Aassociated_certificate_rep_enterprise.trust_level%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Aassociated_certificate_rep_enterprise.trust_level%3Afile_rep_atd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1727.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_atd.trust_level+%29+%28+newerThan+file_rep_atd.refresh_date+7776000000++%29+%29+%29</condition-uri>
  1728.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1729.   </query>
  1730.   <query id="386">
  1731.     <dictionary id="387"/>
  1732.     <name>CTD Submissions</name>
  1733.     <description>Find CTD sample submissions during last month.</description>
  1734.     <target>TieServerSchema.fileJoined</target>
  1735.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1736.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_ctd.refresh_date+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  1737.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=file_rep_ctd.refresh_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1738.   </query>
  1739.   <query id="388">
  1740.     <dictionary id="389"/>
  1741.     <name>TIE Server Connectivity</name>
  1742.     <description>Find TIE appliances split by DXL connectivity.</description>
  1743.     <target>EPOLeafNode</target>
  1744.     <table-uri>query:table?orion.table.order=az&amp;orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  1745.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
  1746.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=DXLClientCustomProps.IsConnected&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1747.   </query>
  1748.   <query id="390">
  1749.     <dictionary id="391"/>
  1750.     <name>TIE Server Appliances per Server Version</name>
  1751.     <description>Find TIE appliances split by TIE server version.</description>
  1752.     <target>EPOLeafNode</target>
  1753.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3ADXLClientCustomProps.IsConnected%3ADXLClientCustomProps.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  1754.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+containsTag+EPOLeafNode.AppliedTags+%22TIESERVER%22+%29+%29</condition-uri>
  1755.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_TIE.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1756.   </query>
  1757.   <query id="392">
  1758.     <dictionary id="393"/>
  1759.     <name>CTD Reputations</name>
  1760.     <description>Find CTD submissions split by reputation.</description>
  1761.     <target>TieServerSchema.fileJoined</target>
  1762.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1763.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
  1764.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=file_rep_ctd.trust_level&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1765.   </query>
  1766.   <query id="394">
  1767.     <dictionary id="395"/>
  1768.     <name>New CTD Submissions</name>
  1769.     <description>Find new CTD submissions in last month.</description>
  1770.     <target>TieServerSchema.fileJoined</target>
  1771.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1772.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
  1773.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1774.   </query>
  1775.   <query id="396">
  1776.     <dictionary id="397"/>
  1777.     <name>Recently Used CTD Submissions</name>
  1778.     <description>Find used CTD submissions from last month.</description>
  1779.     <target>TieServerSchema.fileJoined</target>
  1780.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.localrep_latest%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.localrep_latest%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1781.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+not_isBlank+file_rep_ctd.trust_level+%29+%29</condition-uri>
  1782.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.last_access_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1783.   </query>
  1784.   <query id="398">
  1785.     <dictionary id="399"/>
  1786.     <name>Most Prevalent CTD Submissions</name>
  1787.     <description>Find most prevalent CTD submissions.</description>
  1788.     <target>TieServerSchema.fileJoined</target>
  1789.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_ctd.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1790.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_ctd.trust_level+%29+%28+newerThan+file_rep_ctd.refresh_date+7776000000++%29+%29+%29</condition-uri>
  1791.     <summary-uri>query:summary?orion.sum.query=false&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=valueOf&amp;orion.sum.aggregation.column=fileJoined.ent_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  1792.   </query>
  1793.   <query id="400">
  1794.     <dictionary id="401"/>
  1795.     <name>TIE Server GTI Refresh</name>
  1796.     <description>Find refreshed files in last month.</description>
  1797.     <target>TieServerSchema.fileJoined</target>
  1798.     <table-uri>query:table?orion.table.order=asc&amp;orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_gti.refresh_date%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order.by=fileJoined.last_access_date</table-uri>
  1799.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_gti.trust_level+%29+%28+ne+file_rep_gti.trust_level+0++%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+file_rep_gti.refresh_date+86400000++%29+%29</condition-uri>
  1800.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=file_rep_gti.refresh_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1801.   </query>
  1802.   <query id="402">
  1803.     <dictionary id="403"/>
  1804.     <name>TIE Server New Overrides</name>
  1805.     <description>Find new overrides in last month.</description>
  1806.     <target>TieServerSchema.fileJoined</target>
  1807.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1808.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+file_rep_enterprise.refresh_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_enterprise.trust_level+%29+%28+ne+file_rep_enterprise.trust_level+0++%29+%29+%29</condition-uri>
  1809.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=file_rep_enterprise.refresh_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1810.   </query>
  1811.   <query id="404">
  1812.     <dictionary id="405"/>
  1813.     <name>TIE Server Recently Used Overrides</name>
  1814.     <description>Find used overridden files from last month.</description>
  1815.     <target>TieServerSchema.fileJoined</target>
  1816.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1817.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.last_access_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+file_rep_enterprise.trust_level+%29+%28+ne+file_rep_enterprise.trust_level+0++%29+%29+%29</condition-uri>
  1818.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.last_access_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1819.   </query>
  1820.   <query id="406">
  1821.     <dictionary id="407"/>
  1822.     <name>Redundant Trusted Overrides</name>
  1823.     <description>Find trusted file overrides having similar GTI reputation.</description>
  1824.     <target>TieServerSchema.fileJoined</target>
  1825.     <table-uri>query:table?orion.table.order=asc&amp;orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order.by=fileJoined.last_access_date</table-uri>
  1826.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_gti.trust_level+100++%29+%28+eq+file_rep_gti.trust_level+99++%29+%28+eq+file_rep_gti.trust_level+85++%29+%28+eq+file_rep_gti.trust_level+70++%29+%29+%28+or+%28+eq+file_rep_enterprise.trust_level+100++%29+%28+eq+file_rep_enterprise.trust_level+99++%29+%28+eq+file_rep_enterprise.trust_level+85++%29+%28+eq+file_rep_enterprise.trust_level+70++%29+%29+%29+%29&amp;orion.requied.sexp=</condition-uri>
  1827.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=fileJoined.composite_reputation&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1828.   </query>
  1829.   <query id="408">
  1830.     <dictionary id="409"/>
  1831.     <name>Redundant Suspicious Overrides</name>
  1832.     <description>Find suspicious file overrides having similar GTI reputation.</description>
  1833.     <target>TieServerSchema.fileJoined</target>
  1834.     <table-uri>query:table?orion.table.order=asc&amp;orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order.by=fileJoined.last_access_date</table-uri>
  1835.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_gti.trust_level+1++%29+%28+eq+file_rep_gti.trust_level+15++%29+%28+eq+file_rep_gti.trust_level+30++%29+%29+%28+or+%28+eq+file_rep_enterprise.trust_level+1++%29+%28+eq+file_rep_enterprise.trust_level+15++%29+%28+eq+file_rep_enterprise.trust_level+30++%29+%29+%29+%29&amp;orion.requied.sexp=</condition-uri>
  1836.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=fileJoined.composite_reputation&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1837.   </query>
  1838.   <query id="410">
  1839.     <dictionary id="411"/>
  1840.     <name>Conflicting Suspicious Overrides</name>
  1841.     <description>Find suspicious file overrides having conflicting GTI reputation.</description>
  1842.     <target>TieServerSchema.fileJoined</target>
  1843.     <table-uri>query:table?orion.table.order=az&amp;orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1844.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_enterprise.trust_level+1++%29+%28+eq+file_rep_enterprise.trust_level+15++%29+%28+eq+file_rep_enterprise.trust_level+30++%29+%29+%28+or+%28+eq+file_rep_gti.trust_level+100++%29+%28+eq+file_rep_gti.trust_level+99++%29+%28+eq+file_rep_gti.trust_level+85++%29+%28+eq+file_rep_gti.trust_level+70++%29+%29+%29+%29&amp;orion.requied.sexp=</condition-uri>
  1845.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=fileJoined.composite_reputation&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1846.   </query>
  1847.   <query id="412">
  1848.     <dictionary id="413"/>
  1849.     <name>Conflicting Trusted Overrides</name>
  1850.     <description>Find trusted file overrides having conflicting GTI reputation.</description>
  1851.     <target>TieServerSchema.fileJoined</target>
  1852.     <table-uri>query:table?orion.table.order=az&amp;orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  1853.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+file_rep_enterprise.trust_level+100++%29+%28+eq+file_rep_enterprise.trust_level+99++%29+%28+eq+file_rep_enterprise.trust_level+85++%29+%28+eq+file_rep_enterprise.trust_level+70++%29+%29+%28+or+%28+eq+file_rep_gti.trust_level+30++%29+%28+eq+file_rep_gti.trust_level+15++%29+%28+eq+file_rep_gti.trust_level+1++%29+%29+%29+%29&amp;orion.requied.sexp=</condition-uri>
  1854.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=fileJoined.composite_reputation&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1855.   </query>
  1856.   <query id="414">
  1857.     <dictionary id="415"/>
  1858.     <name>MWG7: URL Executive Summary for 24 hours</name>
  1859.     <description>Summary of legitimate vs. protected traffic through all registered MWG7 appliances broken down by scanning engine.</description>
  1860.     <target>MWSEventsView</target>
  1861.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1862.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.am.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.dlpfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.appcontrol.protected%22+%29+%29+%29+%29</condition-uri>
  1863.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1864.   </query>
  1865.   <query id="416">
  1866.     <dictionary id="417"/>
  1867.     <name>MWG7: URL Executive Summary for 1 month</name>
  1868.     <description>Summary of legitimate vs. protected traffic through all registered MWG7 appliances broken down by scanning engine.</description>
  1869.     <target>MWSEventsView</target>
  1870.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1871.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.am.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.dlpfilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.appcontrol.protected%22+%29+%29+%29+%29</condition-uri>
  1872.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1873.   </query>
  1874.   <query id="418">
  1875.     <dictionary id="419"/>
  1876.     <name>MWG7: Web reputation by hits for 24 hours</name>
  1877.     <description>Break-down of the scanned traffic and its web reputation score for all registered MWG7 appliances.</description>
  1878.     <target>MWSEventsView</target>
  1879.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1880.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
  1881.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1882.   </query>
  1883.   <query id="420">
  1884.     <dictionary id="421"/>
  1885.     <name>MWG7: Web reputation by hits for 1 month</name>
  1886.     <description>Break-down of the scanned traffic and its web reputation score for all registered MWG7 appliances.</description>
  1887.     <target>MWSEventsView</target>
  1888.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1889.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
  1890.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1891.   </query>
  1892.   <query id="422">
  1893.     <dictionary id="423"/>
  1894.     <name>EWS: E-Mail (Inbound) Security Summary for last 24 hours</name>
  1895.     <description>Summary of inbound e-mail security threats detected on all registered EWS appliances.</description>
  1896.     <target>MWSEventsView</target>
  1897.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1898.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%29+%29+%29</condition-uri>
  1899.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1900.   </query>
  1901.   <query id="424">
  1902.     <dictionary id="425"/>
  1903.     <name>EWS: E-Mail (Outbound) Security Summary for last 24 hours</name>
  1904.     <description>Summary of outbound e-mail security threats detected on all registered EWS appliances.</description>
  1905.     <target>MWSEventsView</target>
  1906.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1907.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%29+%29+%29</condition-uri>
  1908.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1909.   </query>
  1910.   <query id="426">
  1911.     <dictionary id="427"/>
  1912.     <name>EWS: E-Mail (Inbound) Security Summary for 1 month</name>
  1913.     <description>Summary of inbound e-mail security threats detected on all registered EWS appliances.</description>
  1914.     <target>MWSEventsView</target>
  1915.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1916.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%29+%29+%29</condition-uri>
  1917.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1918.   </query>
  1919.   <query id="428">
  1920.     <dictionary id="429"/>
  1921.     <name>EWS: E-Mail (Outbound) Security Summary for 1 month</name>
  1922.     <description>Summary of outbound e-mail security threats detected on all registered EWS appliances.</description>
  1923.     <target>MWSEventsView</target>
  1924.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1925.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%29+%29+%29</condition-uri>
  1926.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1927.   </query>
  1928.   <query id="430">
  1929.     <dictionary id="431"/>
  1930.     <name>EWS: E-Mail Hourly Volume</name>
  1931.     <description>Number of e-mails passed through all registered EWS appliances per hour.</description>
  1932.     <target>MWSEventsView</target>
  1933.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1934.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22email.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22email.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22email.protected%22+%29+%29+%29+%29</condition-uri>
  1935.     <summary-uri>query:summary?orion.sum.query=true&amp;line.title=MWSEventsView.DetectedUTC&amp;orion.query.type=line.line&amp;orion.sum.group.by=MWSEventsView.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1936.   </query>
  1937.   <query id="432">
  1938.     <dictionary id="433"/>
  1939.     <name>EWS: E-Mail Volume Trends for 1 Month</name>
  1940.     <description>Summary of inbound and outbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
  1941.     <target>MWSEventsView</target>
  1942.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1943.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22email.messages.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.messages.out%22+%29+%29+%29+%29</condition-uri>
  1944.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1945.   </query>
  1946.   <query id="434">
  1947.     <dictionary id="435"/>
  1948.     <name>EWS: Web Hourly Volume</name>
  1949.     <description>Number of web traffic requests passed through all registered EWS appliances per hour.</description>
  1950.     <target>MWSEventsView</target>
  1951.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1952.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22web.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22web.protected%22+%29+%29+%29+%29</condition-uri>
  1953.     <summary-uri>query:summary?orion.sum.query=true&amp;line.title=MWSEventsView.DetectedUTC&amp;orion.query.type=line.line&amp;orion.sum.group.by=MWSEventsView.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1954.   </query>
  1955.   <query id="436">
  1956.     <dictionary id="437"/>
  1957.     <name>EWS: E-Mail Traffic Flow (Inbound) for 1 Month</name>
  1958.     <description>Summary of monitored, legitimate and protected inbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
  1959.     <target>MWSEventsView</target>
  1960.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1961.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.monitored.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.in%22+%29+%29+%29+%29</condition-uri>
  1962.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1963.   </query>
  1964.   <query id="438">
  1965.     <dictionary id="439"/>
  1966.     <name>EWS: E-Mail Traffic Flow (Outbound) for 1 Month</name>
  1967.     <description>Summary of monitored, legitimate and protected outbound e-mail traffic through all registered EWS appliances on a weekly basis.</description>
  1968.     <target>MWSEventsView</target>
  1969.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1970.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.monitored.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.legitimate.out%22+%29+%29+%29+%29</condition-uri>
  1971.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1972.   </query>
  1973.   <query id="440">
  1974.     <dictionary id="441"/>
  1975.     <name>EWS: E-Mail Security Trends (Inbound) for 1 Month</name>
  1976.     <description>Summary of inbound e-mail security threats through all registered EWS appliances on a weekly basis.</description>
  1977.     <target>MWSEventsView</target>
  1978.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1979.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.virus.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.content.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.in%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.in%22+%29+%29+%29+%29</condition-uri>
  1980.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1981.   </query>
  1982.   <query id="442">
  1983.     <dictionary id="443"/>
  1984.     <name>EWS: E-Mail Security Trends (Outbound) for 1 Month</name>
  1985.     <description>Summary of outbound e-mail security threats through all registered EWS appliances on a weekly basis.</description>
  1986.     <target>MWSEventsView</target>
  1987.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1988.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.virus.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.content.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.dlp.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.pups.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.spam.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.sender_auth.protected.out%22+%29+%28eq+MWSEventsView.CounterName+%22email.other.protected.out%22+%29+%29+%29+%29</condition-uri>
  1989.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1990.   </query>
  1991.   <query id="444">
  1992.     <dictionary id="445"/>
  1993.     <name>EWS: E-Mail deferred queue for 24 hours</name>
  1994.     <description>Summary of deferred e-mail traffic through all registered EWS appliances.</description>
  1995.     <target>MWSEventsView</target>
  1996.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  1997.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22email.deferred.queue%22+%29+%29+%29+%29</condition-uri>
  1998.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  1999.   </query>
  2000.   <query id="446">
  2001.     <dictionary id="447"/>
  2002.     <name>EWS: Web Security Summary for 24 hours</name>
  2003.     <description>Summary of web traffic threats detected on all registered EWS appliances.</description>
  2004.     <target>MWSEventsView</target>
  2005.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2006.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.siteadvisor.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.im.protected%22+%29+%29+%29+%29</condition-uri>
  2007.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2008.   </query>
  2009.   <query id="448">
  2010.     <dictionary id="449"/>
  2011.     <name>EWS: Web Security Summary for 1 month</name>
  2012.     <description>Summary of web traffic threats detected on all registered EWS appliances.</description>
  2013.     <target>MWSEventsView</target>
  2014.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2015.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.siteadvisor.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.im.protected%22+%29+%29+%29+%29</condition-uri>
  2016.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2017.   </query>
  2018.   <query id="450">
  2019.     <dictionary id="451"/>
  2020.     <name>EWS: Web Traffic Summary for 24 hours</name>
  2021.     <description>Summary of monitored, legitimate and protected web traffic through all registered EWS appliances.</description>
  2022.     <target>MWSEventsView</target>
  2023.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2024.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.monitored%22+%29+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.protected%22+%29+%29+%29+%29</condition-uri>
  2025.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2026.   </query>
  2027.   <query id="452">
  2028.     <dictionary id="453"/>
  2029.     <name>EWS: Web Security Trend for 1 Month</name>
  2030.     <description>Summary of web security threats through all registered EWS appliances on a weekly basis.</description>
  2031.     <target>MWSEventsView</target>
  2032.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2033.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.virus.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.pups.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.content.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.url.protected%22+%29+%29+%29+%29</condition-uri>
  2034.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2035.   </query>
  2036.   <query id="454">
  2037.     <dictionary id="455"/>
  2038.     <name>EWS: SMTP (Inbound) 24 Hours</name>
  2039.     <description>Summary of the inbound SMTP traffic through all registered EWS appliances broken down by threat type.</description>
  2040.     <target>MWSEventsView</target>
  2041.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2042.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22smtp.content.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.dlp.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.legitimate.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.monitored.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.other.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.pups.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.virus.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.sender_auth.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22smtp.spam.protected.in%22+%29+%29+%29+%29</condition-uri>
  2043.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2044.   </query>
  2045.   <query id="456">
  2046.     <dictionary id="457"/>
  2047.     <name>EWS: POP3 24 Hours</name>
  2048.     <description>Summary of the POP3 traffic through all registered EWS appliances broken down by threat type.</description>
  2049.     <target>MWSEventsView</target>
  2050.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2051.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22pop3.legitimate.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.monitored.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.other.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.pups.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.virus.protected.in%22+%29+%28startsWith+MWSEventsView.CounterName+%22pop3.spam.protected.in%22+%29+%29+%29+%29</condition-uri>
  2052.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2053.   </query>
  2054.   <query id="458">
  2055.     <dictionary id="459"/>
  2056.     <name>EWS: HTTP 24 Hours</name>
  2057.     <description>Summary of the HTTP traffic through all registered EWS appliances broken down by threat type.</description>
  2058.     <target>MWSEventsView</target>
  2059.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2060.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22http.content.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.virus.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.siteadvisor.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.url.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22http.im.protected%22+%29+%29+%29+%29</condition-uri>
  2061.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2062.   </query>
  2063.   <query id="460">
  2064.     <dictionary id="461"/>
  2065.     <name>EWS: FTP 24 Hours</name>
  2066.     <description>Summary of the FTP traffic through all registered EWS appliances broken down by threat type.</description>
  2067.     <target>MWSEventsView</target>
  2068.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2069.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22ftp.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22ftp.virus.protected%22+%29+%29+%29+%29</condition-uri>
  2070.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2071.   </query>
  2072.   <query id="462">
  2073.     <dictionary id="463"/>
  2074.     <name>EWS: ICAP 24 Hours</name>
  2075.     <description>Summary of the ICAP traffic through all registered EWS appliances broken down by threat type.</description>
  2076.     <target>MWSEventsView</target>
  2077.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  2078.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+startsWith+MWSEventsView.ApplianceName+%22EWSA%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22icap.legitimate%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.monitored%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.pups.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.virus.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.siteadvisor.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.url.protected%22+%29+%28startsWith+MWSEventsView.CounterName+%22icap.im.protected%22+%29+%29+%29+%29</condition-uri>
  2079.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2080.   </query>
  2081.   <query id="464">
  2082.     <dictionary id="465"/>
  2083.     <name>High Risk Web Usage</name>
  2084.     <description></description>
  2085.     <target>mesaschema.csr_fct_web</target>
  2086.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_malware.malware_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2087.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_reputation.reputation_name+%22High+Risk%22+%29+%28+eq+csr_dim_reputation.reputation_name+%22Medium+Risk%22+%29+%29+%29</condition-uri>
  2088.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_reputation.reputation_name%3Acsr_fct_web.datetime_hour_round&amp;orion.sum.order=az%3Aoldest&amp;orion.sum.limit.count=10&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2089.   </query>
  2090.   <query id="466">
  2091.     <dictionary id="467"/>
  2092.     <name>Web Usage by Reputation</name>
  2093.     <description></description>
  2094.     <target>mesaschema.csr_fct_web</target>
  2095.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_malware.malware_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2096.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_reputation.reputation_name+%29+%29</condition-uri>
  2097.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_reputation.reputation_name%3Acsr_fct_web.datetime_hour_round&amp;orion.sum.order=az%3Aoldest&amp;orion.sum.limit.count=10&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2098.   </query>
  2099.   <query id="468">
  2100.     <dictionary id="469"/>
  2101.     <name>Web Malware Detected by Application</name>
  2102.     <description></description>
  2103.     <target>mesaschema.csr_fct_web</target>
  2104.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
  2105.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+mesa_known+csr_dim_site_request.application+%29+%29+%29</condition-uri>
  2106.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_malware.malware_name%3Acsr_dim_site_request.application&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2107.   </query>
  2108.   <query id="470">
  2109.     <dictionary id="471"/>
  2110.     <name>Web Malware Detected by Site</name>
  2111.     <description></description>
  2112.     <target>mesaschema.csr_fct_web</target>
  2113.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
  2114.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
  2115.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_malware.malware_name%3Acsr_fct_web.site_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2116.   </query>
  2117.   <query id="472">
  2118.     <dictionary id="473"/>
  2119.     <name>Top Web Client IP Addresses with Malware Detected</name>
  2120.     <description></description>
  2121.     <target>mesaschema.csr_fct_web</target>
  2122.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
  2123.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
  2124.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2125.   </query>
  2126.   <query id="474">
  2127.     <dictionary id="475"/>
  2128.     <name>Top Web Security Risk Categories</name>
  2129.     <description></description>
  2130.     <target>mesaschema.csr_fct_web</target>
  2131.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2132.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_category.category_name+%22Anonymizers%22+%29+%28+eq+csr_dim_category.category_name+%22Anonymizing+Utilities%22+%29+%28+eq+csr_dim_category.category_name+%22Browser+Exploits%22+%29+%28+eq+csr_dim_category.category_name+%22Malicious+Downloads%22+%29+%28+eq+csr_dim_category.category_name+%22Malicious+Sites%22+%29+%28+eq+csr_dim_category.category_name+%22P2P%2FFile+Sharing%22+%29+%28+eq+csr_dim_category.category_name+%22Parked+Domain%22+%29+%28+eq+csr_dim_category.category_name+%22Phishing%22+%29+%28+eq+csr_dim_category.category_name+%22Potential+Hacking%2FComputer+Crime%22+%29+%28+eq+csr_dim_category.category_name+%22PUPs%22+%29+%28+eq+csr_dim_category.category_name+%22Spam+URLs%22+%29+%28+eq+csr_dim_category.category_name+%22Spyware%2FAdware%2FKeyloggers%22+%29+%29+%29+%29</condition-uri>
  2133.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2134.   </query>
  2135.   <query id="476">
  2136.     <dictionary id="477"/>
  2137.     <name>Top Web Users with Malware Detected</name>
  2138.     <description></description>
  2139.     <target>mesaschema.csr_fct_web</target>
  2140.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
  2141.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_malware.malware_name+%29+%29</condition-uri>
  2142.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_user.user_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2143.   </query>
  2144.   <query id="478">
  2145.     <dictionary id="479"/>
  2146.     <name>Web Protection Coverage</name>
  2147.     <description></description>
  2148.     <target>mesaschema.csr_fct_web</target>
  2149.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_reason.reason_name%3Acsr_fct_web.hits%3Acsr_fct_web.bytes</table-uri>
  2150.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_reason.reason_name+%29+%29</condition-uri>
  2151.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_reason.reason_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2152.   </query>
  2153.   <query id="480">
  2154.     <dictionary id="481"/>
  2155.     <name>Top Web Applications</name>
  2156.     <description></description>
  2157.     <target>mesaschema.csr_fct_web</target>
  2158.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2159.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
  2160.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_site_request.application&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2161.   </query>
  2162.   <query id="482">
  2163.     <dictionary id="483"/>
  2164.     <name>Top Web Categories</name>
  2165.     <description></description>
  2166.     <target>mesaschema.csr_fct_web</target>
  2167.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2168.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
  2169.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2170.   </query>
  2171.   <query id="484">
  2172.     <dictionary id="485"/>
  2173.     <name>Top Web Client IP Addresses</name>
  2174.     <description></description>
  2175.     <target>mesaschema.csr_fct_web</target>
  2176.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2177.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2178.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2179.   </query>
  2180.   <query id="486">
  2181.     <dictionary id="487"/>
  2182.     <name>Top Web Client IP Addresses by Browse Time</name>
  2183.     <description></description>
  2184.     <target>mesaschema.csr_fct_web</target>
  2185.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2186.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2187.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.browse_time&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2188.   </query>
  2189.   <query id="488">
  2190.     <dictionary id="489"/>
  2191.     <name>Top Websites</name>
  2192.     <description></description>
  2193.     <target>mesaschema.csr_fct_web</target>
  2194.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2195.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2196.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_web.site_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2197.   </query>
  2198.   <query id="490">
  2199.     <dictionary id="491"/>
  2200.     <name>Top Web Users</name>
  2201.     <description></description>
  2202.     <target>mesaschema.csr_fct_web</target>
  2203.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2204.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_user.user_name+%29+%29</condition-uri>
  2205.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_user.user_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2206.   </query>
  2207.   <query id="492">
  2208.     <dictionary id="493"/>
  2209.     <name>Top Web Users by Browse Time</name>
  2210.     <description></description>
  2211.     <target>mesaschema.csr_fct_web</target>
  2212.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2213.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_user.user_name+%29+%29</condition-uri>
  2214.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_user.user_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.browse_time&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2215.   </query>
  2216.   <query id="494">
  2217.     <dictionary id="495"/>
  2218.     <name>Top Blocked Web Applications</name>
  2219.     <description></description>
  2220.     <target>mesaschema.csr_fct_web</target>
  2221.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2222.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_site_request.application+%29+%29+%29</condition-uri>
  2223.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_site_request.application&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2224.   </query>
  2225.   <query id="496">
  2226.     <dictionary id="497"/>
  2227.     <name>Top Blocked Web Categories</name>
  2228.     <description></description>
  2229.     <target>mesaschema.csr_fct_web</target>
  2230.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2231.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%29+%29</condition-uri>
  2232.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2233.   </query>
  2234.   <query id="498">
  2235.     <dictionary id="499"/>
  2236.     <name>Top Blocked Web Client IP Addresses</name>
  2237.     <description></description>
  2238.     <target>mesaschema.csr_fct_web</target>
  2239.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2240.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%29</condition-uri>
  2241.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2242.   </query>
  2243.   <query id="500">
  2244.     <dictionary id="501"/>
  2245.     <name>Top Blocked Web Malware</name>
  2246.     <description></description>
  2247.     <target>mesaschema.csr_fct_web</target>
  2248.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2249.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%29+%29</condition-uri>
  2250.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_malware.malware_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2251.   </query>
  2252.   <query id="502">
  2253.     <dictionary id="503"/>
  2254.     <name>Top Blocked Websites</name>
  2255.     <description></description>
  2256.     <target>mesaschema.csr_fct_web</target>
  2257.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2258.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%29</condition-uri>
  2259.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_web.site_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2260.   </query>
  2261.   <query id="504">
  2262.     <dictionary id="505"/>
  2263.     <name>Top Blocked Websites by Protection Area</name>
  2264.     <description></description>
  2265.     <target>mesaschema.csr_fct_web</target>
  2266.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2267.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_reason.reason_name+%29+%29+%29</condition-uri>
  2268.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_reason.reason_name%3Acsr_fct_web.site_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2269.   </query>
  2270.   <query id="506">
  2271.     <dictionary id="507"/>
  2272.     <name>Top Blocked Web Users</name>
  2273.     <description></description>
  2274.     <target>mesaschema.csr_fct_web</target>
  2275.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2276.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_user.user_name+%29+%29+%29</condition-uri>
  2277.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_user.user_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2278.   </query>
  2279.   <query id="508">
  2280.     <dictionary id="509"/>
  2281.     <name>Web Policy Enforcement Summary</name>
  2282.     <description></description>
  2283.     <target>mesaschema.csr_fct_web</target>
  2284.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
  2285.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2286.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_action.action_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2287.   </query>
  2288.   <query id="510">
  2289.     <dictionary id="511"/>
  2290.     <name>Web Bandwidth Consumption by Log Source</name>
  2291.     <description></description>
  2292.     <target>mesaschema.csr_fct_web</target>
  2293.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2294.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2295.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_log_source_name.log_source_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2296.   </query>
  2297.   <query id="512">
  2298.     <dictionary id="513"/>
  2299.     <name>Inbound Web Bandwidth Consumption</name>
  2300.     <description></description>
  2301.     <target>mesaschema.csr_fct_web</target>
  2302.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.bytes_from_server&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2303.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=</condition-uri>
  2304.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_web.datetime_hour_round&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes_from_server&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2305.   </query>
  2306.   <query id="514">
  2307.     <dictionary id="515"/>
  2308.     <name>Outbound Web Bandwidth Consumption</name>
  2309.     <description></description>
  2310.     <target>mesaschema.csr_fct_web</target>
  2311.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.bytes_from_server&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2312.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=</condition-uri>
  2313.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_web.datetime_hour_round&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes_from_client&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2314.   </query>
  2315.   <query id="516">
  2316.     <dictionary id="517"/>
  2317.     <name>Top Web Applications by Bandwidth Consumption</name>
  2318.     <description></description>
  2319.     <target>mesaschema.csr_fct_web</target>
  2320.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2321.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
  2322.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_site_request.application&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2323.   </query>
  2324.   <query id="518">
  2325.     <dictionary id="519"/>
  2326.     <name>Top Web Bandwidth Consumption Usage by IP Address and Site</name>
  2327.     <description></description>
  2328.     <target>mesaschema.csr_fct_web</target>
  2329.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_user.user_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2330.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2331.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2332.   </query>
  2333.   <query id="520">
  2334.     <dictionary id="521"/>
  2335.     <name>Top Web Bandwidth Consumption Usage by User and Site</name>
  2336.     <description></description>
  2337.     <target>mesaschema.csr_fct_web</target>
  2338.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_user.user_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2339.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2340.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_user.user_name%3Acsr_fct_web.site_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2341.   </query>
  2342.   <query id="522">
  2343.     <dictionary id="523"/>
  2344.     <name>Top Web Categories by Bandwidth Consumption</name>
  2345.     <description></description>
  2346.     <target>mesaschema.csr_fct_web</target>
  2347.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2348.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
  2349.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2350.   </query>
  2351.   <query id="524">
  2352.     <dictionary id="525"/>
  2353.     <name>Top Web Client IP Addresses by Application</name>
  2354.     <description></description>
  2355.     <target>mesaschema.csr_fct_web</target>
  2356.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2357.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
  2358.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_site_request.application%3Acsr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2359.   </query>
  2360.   <query id="526">
  2361.     <dictionary id="527"/>
  2362.     <name>Top Web Client IP Addresses by Category</name>
  2363.     <description></description>
  2364.     <target>mesaschema.csr_fct_web</target>
  2365.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2366.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
  2367.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2368.   </query>
  2369.   <query id="528">
  2370.     <dictionary id="529"/>
  2371.     <name>Top Web Users by Application</name>
  2372.     <description></description>
  2373.     <target>mesaschema.csr_fct_web</target>
  2374.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2375.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_site_request.application+%29+%29</condition-uri>
  2376.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_site_request.application%3Acsr_dim_user.user_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2377.   </query>
  2378.   <query id="530">
  2379.     <dictionary id="531"/>
  2380.     <name>Top Web Users by Category</name>
  2381.     <description></description>
  2382.     <target>mesaschema.csr_fct_web</target>
  2383.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_category.category_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2384.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_category.category_name+%29+%29</condition-uri>
  2385.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_category.category_name%3Acsr_dim_user.user_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2386.   </query>
  2387.   <query id="532">
  2388.     <dictionary id="533"/>
  2389.     <name>Web Browsing by Agent</name>
  2390.     <description></description>
  2391.     <target>mesaschema.csr_fct_exact_access</target>
  2392.     <table-uri>query:table?orion.table.columns=csr_fct_exact_access.datetime%3Acsr_dim_agent.agent_id_group_1%3Acsr_dim_agent.agent_id_string%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_exact_access.site_name%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_access.datetime%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_agent.agent_id_group_1%3Acsr_dim_agent.agent_id_string%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.url%3Acsr_fct_exact_access.bytes_from_client%3Acsr_fct_exact_access.bytes_from_server</table-uri>
  2393.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2394.     <summary-uri>query:summary?orion.query.type=bubble.bubble&amp;orion.sum.query=true&amp;orion.sum.group.by=csr_dim_agent.agent_id_group_2%3Acsr_dim_agent.agent_id_group_1&amp;orion.sum.order=az%3Aaz&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2395.   </query>
  2396.   <query id="534">
  2397.     <dictionary id="535"/>
  2398.     <name>Web Usage Trend</name>
  2399.     <description></description>
  2400.     <target>mesaschema.csr_fct_web</target>
  2401.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.browse_time&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2402.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=</condition-uri>
  2403.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_web.datetime_hour_round&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2404.   </query>
  2405.   <query id="536">
  2406.     <dictionary id="537"/>
  2407.     <name>Top Websites by Bandwidth Consumption</name>
  2408.     <description></description>
  2409.     <target>mesaschema.csr_fct_web</target>
  2410.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2411.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2412.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_web.site_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.bytes&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2413.   </query>
  2414.   <query id="538">
  2415.     <dictionary id="539"/>
  2416.     <name>Web Activity Detail</name>
  2417.     <description></description>
  2418.     <target>mesaschema.csr_fct_exact_access</target>
  2419.     <table-uri>query:table?orion.table.columns=csr_fct_exact_access.datetime%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_exact_access.site_name%3Acsr_dim_site_request.method%3Acsr_fct_exact_access.url%3Acsr_dim_site_request.content_type%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_exact_access.bytes&amp;orion.table.order=desc&amp;orion.table.order.by=csr_fct_exact_access.datetime</table-uri>
  2420.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2421.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  2422.   </query>
  2423.   <query id="540">
  2424.     <dictionary id="541"/>
  2425.     <name>Top Blocked Web Categories - On-premise</name>
  2426.     <description></description>
  2427.     <target>mesaschema.csr_fct_web</target>
  2428.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2429.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2430.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2431.   </query>
  2432.   <query id="542">
  2433.     <dictionary id="543"/>
  2434.     <name>Web Hybrid Usage Trend</name>
  2435.     <description></description>
  2436.     <target>mesaschema.csr_fct_web</target>
  2437.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_site_request.application%3Acsr_dim_category.category_name%3Acsr_fct_web.site_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.bytes%3Acsr_fct_web.hits</table-uri>
  2438.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_web.datetime_hour_round+%29+%29&amp;orion.condition.sexp=</condition-uri>
  2439.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_log_source_type.log_source_type%3Acsr_fct_web.datetime_hour_round&amp;orion.sum.order=az%3Aoldest&amp;orion.sum.limit.count=10&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2440.   </query>
  2441.   <query id="544">
  2442.     <dictionary id="545"/>
  2443.     <name>Top Blocked Web Categories - Cloud Service</name>
  2444.     <description></description>
  2445.     <target>mesaschema.csr_fct_web</target>
  2446.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2447.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_category.category_name+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2448.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_category.category_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2449.   </query>
  2450.   <query id="546">
  2451.     <dictionary id="547"/>
  2452.     <name>Top Blocked Web Malware - On-premise</name>
  2453.     <description></description>
  2454.     <target>mesaschema.csr_fct_web</target>
  2455.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2456.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2457.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_malware.malware_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2458.   </query>
  2459.   <query id="548">
  2460.     <dictionary id="549"/>
  2461.     <name>Web Hybrid Policy Enforcement Summary</name>
  2462.     <description></description>
  2463.     <target>mesaschema.csr_fct_web</target>
  2464.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_log_source_name.log_source_name%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits%3Acsr_fct_web.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.hits%3Acsr_fct_web.bytes%3Acsr_fct_web.bytes_from_server%3Acsr_fct_web.bytes_from_client%3Acsr_fct_web.browse_time%3Acsr_fct_web.datetime_hour_round</table-uri>
  2465.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2466.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=csr_dim_action.action_name%3Acsr_dim_log_source_type.log_source_type&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10%3A10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2467.   </query>
  2468.   <query id="550">
  2469.     <dictionary id="551"/>
  2470.     <name>Top Blocked Websites - Cloud Service</name>
  2471.     <description></description>
  2472.     <target>mesaschema.csr_fct_web</target>
  2473.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2474.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2475.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_web.site_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2476.   </query>
  2477.   <query id="552">
  2478.     <dictionary id="553"/>
  2479.     <name>Top Blocked Websites - On-premise</name>
  2480.     <description></description>
  2481.     <target>mesaschema.csr_fct_web</target>
  2482.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2483.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+ne+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2484.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_web.site_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2485.   </query>
  2486.   <query id="554">
  2487.     <dictionary id="555"/>
  2488.     <name>Top Blocked Web Malware - Cloud Service</name>
  2489.     <description></description>
  2490.     <target>mesaschema.csr_fct_web</target>
  2491.     <table-uri>query:table?orion.table.columns=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_fct_web.site_name%3Acsr_dim_category.category_name%3Acsr_dim_reputation.reputation_name%3Acsr_dim_reason.reason_name%3Acsr_dim_malware.malware_name%3Acsr_dim_site_request.application%3Acsr_fct_web.hits&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_web.datetime_hour_round%3Acsr_dim_action.action_name%3Acsr_dim_ipaddress.ipaddress%3Acsr_dim_user.user_name%3Acsr_dim_category.category_name%3Acsr_dim_site_request.application%3Acsr_fct_web.site_name%3Acsr_fct_web.browse_time%3Acsr_fct_web.hits</table-uri>
  2492.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_action.action_name+%22BLOCK%22+%29+%28+mesa_known+csr_dim_malware.malware_name+%29+%28+eq+csr_dim_log_source_type.log_source_type+%22McAfee+SaaS+Web+Protection+Service%22+%29+%29+%29</condition-uri>
  2493.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_malware.malware_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_web.hits&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2494.   </query>
  2495.   <query id="556">
  2496.     <dictionary id="557"/>
  2497.     <name>Top Attacks</name>
  2498.     <description></description>
  2499.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2500.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2501.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_name.attack_name+%29+%29</condition-uri>
  2502.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ips_attack_name.attack_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2503.   </query>
  2504.   <query id="558">
  2505.     <dictionary id="559"/>
  2506.     <name>Attack Summary by Result</name>
  2507.     <description></description>
  2508.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2509.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2510.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2511.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_action.result&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2512.   </query>
  2513.   <query id="560">
  2514.     <dictionary id="561"/>
  2515.     <name>Attack Summary by Severity</name>
  2516.     <description></description>
  2517.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2518.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2519.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2520.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_alert_severity.alert_severity&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2521.   </query>
  2522.   <query id="562">
  2523.     <dictionary id="563"/>
  2524.     <name>Attack Overview</name>
  2525.     <description></description>
  2526.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2527.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2528.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2529.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.sum.limit.count=100%3A10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2530.   </query>
  2531.   <query id="564">
  2532.     <dictionary id="565"/>
  2533.     <name>Attack Overview by Attack Category</name>
  2534.     <description></description>
  2535.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2536.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2537.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_category.attack_category+%29+%29</condition-uri>
  2538.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=csr_dim_ips_attack_category.attack_category%3Acsr_dim_ips_attack_category.attack_subcategory&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2539.   </query>
  2540.   <query id="566">
  2541.     <dictionary id="567"/>
  2542.     <name>Attack Overview by Sensor</name>
  2543.     <description></description>
  2544.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2545.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2546.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_ips_alerts.datetime+%29+%29&amp;orion.condition.sexp=</condition-uri>
  2547.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_ips_log_source_sensor.sensor_name%3Acsr_fct_exact_ips_alerts.datetime&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2548.   </query>
  2549.   <query id="568">
  2550.     <dictionary id="569"/>
  2551.     <name>Top Attacks by Source IP</name>
  2552.     <description></description>
  2553.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2554.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2555.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_src_ip.src_ipaddress+%29+%29</condition-uri>
  2556.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ips_src_ip.src_ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2557.   </query>
  2558.   <query id="570">
  2559.     <dictionary id="571"/>
  2560.     <name>Top Attacks by Destination IP</name>
  2561.     <description></description>
  2562.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2563.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2564.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_dest_ip.dest_ipaddress+%29+%29</condition-uri>
  2565.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_ips_dest_ip.dest_ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2566.   </query>
  2567.   <query id="572">
  2568.     <dictionary id="573"/>
  2569.     <name>Top Attacks by Attack Category</name>
  2570.     <description></description>
  2571.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2572.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2573.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_attack_category.attack_category+%29+%29</condition-uri>
  2574.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_attack_category.attack_category&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2575.   </query>
  2576.   <query id="574">
  2577.     <dictionary id="575"/>
  2578.     <name>Top Attacks by Application Category</name>
  2579.     <description></description>
  2580.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2581.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2582.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_application_category.application_category_long_name+%29+%29</condition-uri>
  2583.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_application_category.application_category_long_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2584.   </query>
  2585.   <query id="576">
  2586.     <dictionary id="577"/>
  2587.     <name>Top Attacks by Application</name>
  2588.     <description></description>
  2589.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2590.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2591.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_application_name.application_name+%29+%29</condition-uri>
  2592.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_application_name.application_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2593.   </query>
  2594.   <query id="578">
  2595.     <dictionary id="579"/>
  2596.     <name>Top Attack Source Countries</name>
  2597.     <description></description>
  2598.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2599.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2600.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_src_geo.src_geo_name+%29+%29</condition-uri>
  2601.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_src_geo.src_geo_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2602.   </query>
  2603.   <query id="580">
  2604.     <dictionary id="581"/>
  2605.     <name>Top Attack Destination Countries</name>
  2606.     <description></description>
  2607.     <target>mesaschema.csr_fct_exact_ips_alerts</target>
  2608.     <table-uri>query:table?orion.table.columns=csr_fct_exact_ips_alerts.datetime%3Acsr_dim_ips_alert_severity.alert_severity%3Acsr_dim_ips_attack_name.attack_name%3Acsr_fct_exact_ips_alerts.alert_count%3Acsr_dim_ips_conninfo.traffic_direction%3Acsr_dim_ips_action.result%3Acsr_dim_ips_src_geo.src_geo_name%3Acsr_dim_ips_src_ip.src_ipaddress%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_dim_ips_dest_geo.dest_geo_name%3Acsr_dim_ips_dest_ip.dest_ipaddress%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_dim_ips_application_name.application_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_ips_alerts.alert_count%3Acsr_fct_exact_ips_alerts.sensor_alert_uuid%3Acsr_fct_exact_ips_alerts.src_port%3Acsr_fct_exact_ips_alerts.dest_port%3Acsr_fct_exact_ips_alerts.datetime%3Acsr_fct_exact_ips_alerts.information</table-uri>
  2609.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_ips_dest_geo.dest_geo_name+%29+%29</condition-uri>
  2610.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_ips_dest_geo.dest_geo_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_ips_alerts.alert_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2611.   </query>
  2612.   <query id="582">
  2613.     <dictionary id="583"/>
  2614.     <name>Email Summary by Detections</name>
  2615.     <description></description>
  2616.     <target>mesaschema.csr_fct_summary_email</target>
  2617.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2618.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_scanner.scanner_desc+%29+%29</condition-uri>
  2619.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_scanner.scanner_desc&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2620.   </query>
  2621.   <query id="584">
  2622.     <dictionary id="585"/>
  2623.     <name>Email Summary by Direction</name>
  2624.     <description></description>
  2625.     <target>mesaschema.csr_fct_summary_email</target>
  2626.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2627.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.traffic_direction+%29+%29</condition-uri>
  2628.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_connection_info.traffic_direction&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2629.   </query>
  2630.   <query id="586">
  2631.     <dictionary id="587"/>
  2632.     <name>Email Summary by Protocol</name>
  2633.     <description></description>
  2634.     <target>mesaschema.csr_fct_summary_email</target>
  2635.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2636.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.protocol_name+%29+%29</condition-uri>
  2637.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_connection_info.protocol_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2638.   </query>
  2639.   <query id="588">
  2640.     <dictionary id="589"/>
  2641.     <name>Total Delivered Email Volume</name>
  2642.     <description></description>
  2643.     <target>mesaschema.csr_fct_summary_email</target>
  2644.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2645.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%29</condition-uri>
  2646.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_summary_email.datetime_hour_round&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2647.   </query>
  2648.   <query id="590">
  2649.     <dictionary id="591"/>
  2650.     <name>Total Dropped Email by Domain</name>
  2651.     <description></description>
  2652.     <target>mesaschema.csr_fct_summary_email</target>
  2653.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2654.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Accept+the+email+and+then+drop+it%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email+and+deny+the+connection+for+a+period+of+time%22+%29+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  2655.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2656.   </query>
  2657.   <query id="592">
  2658.     <dictionary id="593"/>
  2659.     <name>Total Delivered Email Volume by Bytes</name>
  2660.     <description></description>
  2661.     <target>mesaschema.csr_fct_exact_email_delivery</target>
  2662.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_delivery.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_delivery.bytes</table-uri>
  2663.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_delivery.datetime+%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%29</condition-uri>
  2664.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_delivery.datetime&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_exact_email_delivery.bytes&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2665.   </query>
  2666.   <query id="594">
  2667.     <dictionary id="595"/>
  2668.     <name>Total Delivered Email Volume by Domain and IP</name>
  2669.     <description></description>
  2670.     <target>mesaschema.csr_fct_summary_email</target>
  2671.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_connection_info.protocol_name%3Acsr_dim_email_connection_info.encryption_type_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2672.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  2673.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2674.   </query>
  2675.   <query id="596">
  2676.     <dictionary id="597"/>
  2677.     <name>Email Summary by Action</name>
  2678.     <description></description>
  2679.     <target>mesaschema.csr_fct_summary_email</target>
  2680.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2681.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_action.action_taken_desc+%29+%29</condition-uri>
  2682.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_action.action_taken_desc&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2683.   </query>
  2684.   <query id="598">
  2685.     <dictionary id="599"/>
  2686.     <name>Total Bounced Email by Domain</name>
  2687.     <description></description>
  2688.     <target>mesaschema.csr_fct_summary_email</target>
  2689.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2690.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_reason.reason_desc+%22The+undeliverable+email+has+been+bounced%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  2691.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2692.   </query>
  2693.   <query id="600">
  2694.     <dictionary id="601"/>
  2695.     <name>Total Dropped Email Volume</name>
  2696.     <description></description>
  2697.     <target>mesaschema.csr_fct_summary_email</target>
  2698.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2699.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&amp;orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Accept+the+email+and+then+drop+it%22+%29+%28+eq+csr_dim_email_action.action_taken_desc+%22Refuse+the+email+and+deny+the+connection+for+a+period+of+time%22+%29+%29+%29</condition-uri>
  2700.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_email_connection_info.traffic_direction%3Acsr_fct_summary_email.datetime_hour_round&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2701.   </query>
  2702.   <query id="602">
  2703.     <dictionary id="603"/>
  2704.     <name>Email Volume by Reason</name>
  2705.     <description></description>
  2706.     <target>mesaschema.csr_fct_summary_email</target>
  2707.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2708.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_summary_email.datetime_hour_round+%29+%29&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_reason.reason_desc+%29+%29</condition-uri>
  2709.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_email_reason.reason_desc%3Acsr_fct_summary_email.datetime_hour_round&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2710.   </query>
  2711.   <query id="604">
  2712.     <dictionary id="605"/>
  2713.     <name>Top Email Senders</name>
  2714.     <description></description>
  2715.     <target>mesaschema.csr_fct_summary_email</target>
  2716.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2717.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_scanner.scanner_desc+%29+%29</condition-uri>
  2718.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2719.   </query>
  2720.   <query id="606">
  2721.     <dictionary id="607"/>
  2722.     <name>Email Summary by Encryption Type</name>
  2723.     <description></description>
  2724.     <target>mesaschema.csr_fct_summary_email</target>
  2725.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2726.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_email_connection_info.encryption_type_desc+%29+%29</condition-uri>
  2727.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_connection_info.encryption_type_desc&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2728.   </query>
  2729.   <query id="608">
  2730.     <dictionary id="609"/>
  2731.     <name>Email Virus/Malware/Packers Volume</name>
  2732.     <description></description>
  2733.     <target>mesaschema.csr_fct_summary_email</target>
  2734.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2735.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+PuP%22+%29+%29+%29</condition-uri>
  2736.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_scanner.scanner_desc&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2737.   </query>
  2738.   <query id="610">
  2739.     <dictionary id="611"/>
  2740.     <name>Email Virus/Malware/Packers Volume by Domain and IP</name>
  2741.     <description></description>
  2742.     <target>mesaschema.csr_fct_summary_email</target>
  2743.     <table-uri>query:table?orion.table.columns=csr_fct_summary_email.datetime_hour_round%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_dim_email_scanner.scanner_desc%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_summary_email.event_count&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_summary_email.datetime_hour_round%3Acsr_fct_summary_email.event_count</table-uri>
  2744.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus+-+PuP%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+Packer%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus+-+PuP%22+%29+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  2745.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=csr_fct_summary_email.event_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2746.   </query>
  2747.   <query id="612">
  2748.     <dictionary id="613"/>
  2749.     <name>Top Email Virus Detections</name>
  2750.     <description></description>
  2751.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2752.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2753.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%29+%28+mesa_known+csr_dim_email_virus.virus_name+%29+%29+%29</condition-uri>
  2754.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_virus.virus_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2755.   </query>
  2756.   <query id="614">
  2757.     <dictionary id="615"/>
  2758.     <name>Top Content Filtered Email Senders</name>
  2759.     <description></description>
  2760.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2761.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2762.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Content+Filter%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Compliancy%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Format+Blocking%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Image+Analysis%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Denial+of+Service%22+%29+%29+%28+ne+csr_dim_email_action.action_taken_desc+%22Allow+the+email+through%22+%29+%29+%29</condition-uri>
  2763.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2764.   </query>
  2765.   <query id="616">
  2766.     <dictionary id="617"/>
  2767.     <name>Top Phishing Email Senders</name>
  2768.     <description></description>
  2769.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2770.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2771.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%29</condition-uri>
  2772.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2773.   </query>
  2774.   <query id="618">
  2775.     <dictionary id="619"/>
  2776.     <name>Top Internal Recipients of Blocked or Monitored Emails</name>
  2777.     <description></description>
  2778.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2779.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2780.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Inbound%22+%29+%28+mesa_known+csr_fct_exact_email_detection.recipients+%29+%29+%29</condition-uri>
  2781.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_exact_email_detection.recipients&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2782.   </query>
  2783.   <query id="620">
  2784.     <dictionary id="621"/>
  2785.     <name>Top External Recipients of Blocked or Monitored Emails</name>
  2786.     <description></description>
  2787.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2788.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2789.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Outbound%22+%29+%28+mesa_known+csr_fct_exact_email_detection.recipients+%29+%29+%29</condition-uri>
  2790.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_fct_exact_email_detection.recipients&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2791.   </query>
  2792.   <query id="622">
  2793.     <dictionary id="623"/>
  2794.     <name>Top Phishing Email Senders by Domain</name>
  2795.     <description></description>
  2796.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2797.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2798.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  2799.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2800.   </query>
  2801.   <query id="624">
  2802.     <dictionary id="625"/>
  2803.     <name>Email Phishing Volume</name>
  2804.     <description></description>
  2805.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2806.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2807.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_detection.datetime+%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%29</condition-uri>
  2808.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_exact_email_detection.datetime&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2809.   </query>
  2810.   <query id="626">
  2811.     <dictionary id="627"/>
  2812.     <name>Top Spam Email Senders</name>
  2813.     <description></description>
  2814.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2815.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2816.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%29</condition-uri>
  2817.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2818.   </query>
  2819.   <query id="628">
  2820.     <dictionary id="629"/>
  2821.     <name>Top DLP Filtered Email Senders</name>
  2822.     <description></description>
  2823.     <target>mesaschema.csr_fct_exact_email_detection</target>
  2824.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  2825.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Data+Loss+Prevention%22+%29+%28+ne+csr_dim_email_action.action_taken_desc+%22Allow+the+email+through%22+%29+%29+%29</condition-uri>
  2826.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2827.   </query>
  2828.   <query id="630">
  2829.     <dictionary id="631"/>
  2830.     <name>DLP: Agent Version</name>
  2831.     <description>This report summarizes the DLP client version installed on endpoint computers</description>
  2832.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  2833.     <table-uri>query:table?orion.table.columns=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.contentTrackingMode%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpWorkingFolder%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.lastEpoCommunication%3AUDLP_ComputerProperties.dlpOperationMode&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.contentTrackingMode%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpWorkingFolder%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.lastEpoCommunication</table-uri>
  2834.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2835.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=UDLP_ComputerProperties.dlpPluginVersion&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2836.   </query>
  2837.   <query id="632">
  2838.     <dictionary id="633"/>
  2839.     <name>DLP: Agent Status</name>
  2840.     <description>This report summarizes the DLP client status on endpoint computers</description>
  2841.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  2842.     <table-uri>query:table?orion.table.columns=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_ComputerProperties.computer_id%3AUDLP_EPOProductPropertiesView.AgentGUID%3AUDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPOProductPropertiesView.OSType%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion</table-uri>
  2843.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2844.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ComputerProperties.agentStatus&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2845.   </query>
  2846.   <query id="634">
  2847.     <dictionary id="635"/>
  2848.     <name>DLP: Agent Operation mode</name>
  2849.     <description>This report summarizes the DLP client operational mode on endpoint computers</description>
  2850.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  2851.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpOperationMode&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
  2852.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2853.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ComputerProperties.dlpOperationMode&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2854.   </query>
  2855.   <query id="636">
  2856.     <dictionary id="637"/>
  2857.     <name>DLP: Operational events per type</name>
  2858.     <description>This report summarizes the number of DLP operational events per type</description>
  2859.     <target>udlpQuerySchema.UDLP_Operationals</target>
  2860.     <table-uri>query:table?orion.table.columns=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_Operationals.EventRowID%3AUDLP_Operationals.EventType%3AUDLP_Operationals.EndpointTime%3AUDLP_Operationals.UTCTime%3AUDLP_Operationals.Online%3AUDLP_Operationals.Severity%3AUDLP_Operationals.InsertionTime%3AUDLP_Operationals.AgentVersion%3AUDLP_Operationals.Status%3AUDLP_Operationals.Resolution%3AUDLP_Operationals.Reviewer%3AUDLP_Operationals.OrigEventRowID</table-uri>
  2861.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2862.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_Operationals.EventType&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2863.   </query>
  2864.   <query id="638">
  2865.     <dictionary id="639"/>
  2866.     <name>DLP: Distribution of DLP products on endpoint computers</name>
  2867.     <description>This report summarizes the Distribution of DLP products on endpoint computers</description>
  2868.     <target>udlpQuerySchema.UDLP_ProductDistributionAllView</target>
  2869.     <table-uri>query:table?orion.table.columns=UDLP_ProductDistributionAllView.ProductCode%3AUDLP_ProductDistributionAllView.ProductVersion%3AUDLP_EPOProductPropertiesAllView.NodeName%3AUDLP_EPOProductPropertiesAllView.OSType&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_ProductDistributionAllView.ProductCode%3AUDLP_ProductDistributionAllView.ProductVersion%3AUDLP_EPOProductPropertiesAllView.NodeName%3AUDLP_EPOProductPropertiesAllView.OSType</table-uri>
  2870.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2871.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ProductDistributionAllView.ProductCode&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2872.   </query>
  2873.   <query id="640">
  2874.     <dictionary id="641"/>
  2875.     <name>DLP Discovery (Endpoint): Local Email Storage Scan Current Status</name>
  2876.     <description>This report summarizes the current status of Local Email Storage endpoint scans</description>
  2877.     <target>udlpQuerySchema.UDLP_UserEmailStorageDiscoveryView</target>
  2878.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserEmailStorageDiscoveryView.user_name%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScannedSoFar%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanStartDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanEndDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTotalMessages%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryElapsedTime%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTimeToComplete%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryIncidents%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserEmailStorageDiscoveryView.user_name%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScannedSoFar%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanStartDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryScanEndDate%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTotalMessages%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryElapsedTime%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryTimeToComplete%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryIncidents%3AUDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryErrors</table-uri>
  2879.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2880.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_UserEmailStorageDiscoveryView.emailStorageDiscoveryState&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2881.   </query>
  2882.   <query id="642">
  2883.     <dictionary id="643"/>
  2884.     <name>DLP Discovery (Endpoint): Local File System Scan Current Status</name>
  2885.     <description>This report summarizes the current status of Local File System endpoint scans</description>
  2886.     <target>udlpQuerySchema.UDLP_UserFileSystemDiscoveryView</target>
  2887.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserFileSystemDiscoveryView.user_name%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScannedSoFar%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanStartDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanEndDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTotalFiles%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryElapsedTime%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTimeToComplete%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryIncidents%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserFileSystemDiscoveryView.user_name%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScannedSoFar%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanStartDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryScanEndDate%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTotalFiles%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryElapsedTime%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryTimeToComplete%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryIncidents%3AUDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryErrors</table-uri>
  2888.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2889.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_UserFileSystemDiscoveryView.fileSystemDiscoveryState&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2890.   </query>
  2891.   <query id="644">
  2892.     <dictionary id="645"/>
  2893.     <name>DLP: Number of Incidents per day</name>
  2894.     <description>This report summarizes number of incidents per day</description>
  2895.     <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
  2896.     <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.TotalContentSize%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.TotalContentSize%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction</table-uri>
  2897.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  2898.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=UDLP_IncidentsQueriesView.LastUpdateTimestamp&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2899.   </query>
  2900.   <query id="646">
  2901.     <dictionary id="647"/>
  2902.     <name>DLP: Number of Incidents per severity</name>
  2903.     <description>This report summarizes number of incidents per severity</description>
  2904.     <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
  2905.     <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction</table-uri>
  2906.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  2907.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_IncidentsQueriesView.Severity&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2908.   </query>
  2909.   <query id="648">
  2910.     <dictionary id="649"/>
  2911.     <name>DLP: Number of Incidents per type</name>
  2912.     <description>This report summarizes number of incidents per type</description>
  2913.     <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
  2914.     <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentsQueriesView.JustificationText&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.EvidenceCount%3AUDLP_IncidentsQueriesView.TotalMatchCount%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentsQueriesView.JustificationText</table-uri>
  2915.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  2916.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_IncidentsQueriesView.IncidentType&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2917.   </query>
  2918.   <query id="650">
  2919.     <dictionary id="651"/>
  2920.     <name>DLP: Number of Incidents per rule set</name>
  2921.     <description>This report summarizes number of incidents per rule set</description>
  2922.     <target>udlpQuerySchema.UDLP_IncidentsQueriesView</target>
  2923.     <table-uri>query:table?orion.table.columns=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationTimezone%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentRuleEvidencesQueriesView.RuleSetName%3AUDLP_IncidentRuleEvidencesQueriesView.RuleName&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_IncidentsQueriesView.IncidentId%3AUDLP_IncidentsQueriesView.IncidentType%3AUDLP_IncidentsQueriesView.ViolationLocalTime%3AUDLP_IncidentsQueriesView.ViolationTimezone%3AUDLP_IncidentsQueriesView.ViolationUTCTime%3AUDLP_IncidentsQueriesView.Severity%3AUDLP_IncidentsQueriesView.Reviewer%3AUDLP_IncidentsQueriesView.ConnectivityState%3AUDLP_IncidentsQueriesView.ActualAction%3AUDLP_IncidentRuleEvidencesQueriesView.RuleSetName%3AUDLP_IncidentRuleEvidencesQueriesView.RuleName</table-uri>
  2924.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+UDLP_IncidentsQueriesView.LastUpdateTimestamp+2592000000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  2925.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_IncidentRuleEvidencesQueriesView.RuleSetName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2926.   </query>
  2927.   <query id="652">
  2928.     <dictionary id="653"/>
  2929.     <name>DLP Discovery (Endpoint): Local File System Scan Latest Status</name>
  2930.     <description>This report summarizes the latest status of Local File System endpoint scans</description>
  2931.     <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
  2932.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  2933.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2934.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2935.   </query>
  2936.   <query id="654">
  2937.     <dictionary id="655"/>
  2938.     <name>DLP Discovery (Endpoint): Local File System Scan Latest Sensitive Files</name>
  2939.     <description>This report summarizes the latest Local File System endpoint scans sensitive files</description>
  2940.     <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
  2941.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  2942.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2943.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2944.   </query>
  2945.   <query id="656">
  2946.     <dictionary id="657"/>
  2947.     <name>DLP Discovery (Endpoint): Local File System Scan Latest Errors</name>
  2948.     <description>This report summarizes the latest Local File System endpoint scans errors</description>
  2949.     <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView</target>
  2950.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  2951.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2952.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2953.   </query>
  2954.   <query id="658">
  2955.     <dictionary id="659"/>
  2956.     <name>DLP Discovery (Endpoint): Local File System Scan Latest Classifications</name>
  2957.     <description>This report summarizes the latest Local File System endpoint scans classifications</description>
  2958.     <target>udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryClassificationView</target>
  2959.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.NumberOfSensitiveFiles&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestFileSysDiscoveryClassificationView.NumberOfSensitiveFiles</table-uri>
  2960.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2961.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_EPD_LatestFileSysDiscoveryClassificationView.ClassificationName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestFileSysDiscoveryClassificationView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2962.   </query>
  2963.   <query id="660">
  2964.     <dictionary id="661"/>
  2965.     <name>DLP Discovery (Endpoint): Local Email Scan Latest Status</name>
  2966.     <description>This report summarizes the latest status of Local Email endpoint scans</description>
  2967.     <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
  2968.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  2969.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2970.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  2971.   </query>
  2972.   <query id="662">
  2973.     <dictionary id="663"/>
  2974.     <name>DLP: Policy distribution</name>
  2975.     <description>This report summarizes policy distribution</description>
  2976.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  2977.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
  2978.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  2979.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ComputerProperties.policyName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2980.   </query>
  2981.   <query id="664">
  2982.     <dictionary id="665"/>
  2983.     <name>DLP: Enforced Rule Sets per endpoint computers</name>
  2984.     <description>This report summarizes enforced Rule Sets per endpoint computer</description>
  2985.     <target>udlpQuerySchema.UDLP_ComputersToPoliciesView</target>
  2986.     <table-uri>query:table?orion.table.columns=UDLP_ComputersToPoliciesView.policyName%3AUDLP_ComputersToPoliciesView.computer_name%3AUDLP_ComputersToPoliciesView.ruleSetName&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_ComputersToPoliciesView.policyName%3AUDLP_ComputersToPoliciesView.computer_name%3AUDLP_ComputersToPoliciesView.ruleSetName</table-uri>
  2987.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  2988.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_ComputersToPoliciesView.ruleSetName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2989.   </query>
  2990.   <query id="666">
  2991.     <dictionary id="667"/>
  2992.     <name>DLP: Bypassed users</name>
  2993.     <description>This report lists Bypassed users</description>
  2994.     <target>udlpQuerySchema.UDLP_UserProperties</target>
  2995.     <table-uri>query:table?orion.table.columns=UDLP_UserProperties.user_name%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_UserProperties.user_name%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions</table-uri>
  2996.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UDLP_UserProperties.policyEnforcementMode+1++%29+%29</condition-uri>
  2997.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserProperties.user_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  2998.   </query>
  2999.   <query id="668">
  3000.     <dictionary id="669"/>
  3001.     <name>DLP Discovery (Endpoint): Local Email Scan Latest Sensitive Files</name>
  3002.     <description>This report summarizes the latest Local Email endpoint scans sensitive files</description>
  3003.     <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
  3004.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  3005.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  3006.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3007.   </query>
  3008.   <query id="670">
  3009.     <dictionary id="671"/>
  3010.     <name>DLP Discovery (Endpoint): Local Email Scan Latest Errors</name>
  3011.     <description>This report summarizes the latest Local Email endpoint scans errors</description>
  3012.     <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView</target>
  3013.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryStatus%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryStartDate%3AUDLP_EPD_IncidentDiscoverySummaryForMaReport.DiscoverySummaryEndDate%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfSensitiveFiles%3AUDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors</table-uri>
  3014.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  3015.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryView.DiscoverySummaryRangeOfErrors&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3016.   </query>
  3017.   <query id="672">
  3018.     <dictionary id="673"/>
  3019.     <name>DLP Discovery (Endpoint): Local Email Scan Latest Classifications</name>
  3020.     <description>This report summarizes the latest Local Email endpoint scans classifications</description>
  3021.     <target>udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryClassificationView</target>
  3022.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.NumberOfSensitiveFiles&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.MatchCount%3AUDLP_EPD_LatestEmailDiscoveryClassificationView.NumberOfSensitiveFiles</table-uri>
  3023.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3024.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_EPD_LatestEmailDiscoveryClassificationView.ClassificationName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=distinct&amp;orion.sum.aggregation.column=UDLP_EPD_LatestEmailDiscoveryClassificationView.computer_id&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3025.   </query>
  3026.   <query id="674">
  3027.     <dictionary id="675"/>
  3028.     <name>DLP: Undefined Device Classes (for Windows Devices)</name>
  3029.     <description>This report summarizes undefined device classes for windows devices only</description>
  3030.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  3031.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpOperationMode&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.undefinedDeviceClassesList%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
  3032.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+UDLP_ComputerProperties.undefinedDeviceClassesList+%29+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29+%29</condition-uri>
  3033.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=UDLP_ComputerProperties.undefinedDeviceClassesList&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3034.   </query>
  3035.   <query id="676">
  3036.     <dictionary id="677"/>
  3037.     <name>DLP: Policy revision distribution</name>
  3038.     <description>This report summarizes policy revision distribution</description>
  3039.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  3040.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyModificationDate%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode</table-uri>
  3041.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  3042.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=UDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.policyRevision&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3043.   </query>
  3044.   <query id="678">
  3045.     <dictionary id="679"/>
  3046.     <name>Threats detected by the cloud (no signatures) (imported)</name>
  3047.     <description></description>
  3048.     <target>EPOEvents</target>
  3049.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3050.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  3051.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3052.   </query>
  3053.   <query id="680">
  3054.     <dictionary id="681"/>
  3055.     <name>Threat Events NOT handled (last 1 week) (imported)</name>
  3056.     <description></description>
  3057.     <target>EPOEvents</target>
  3058.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3059.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  3060.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3061.   </query>
  3062.   <query id="682">
  3063.     <dictionary id="683"/>
  3064.     <name>Top 10 users - Threat Events (last 7 days) (imported)</name>
  3065.     <description></description>
  3066.     <target>EPOEvents</target>
  3067.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3068.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  3069.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3070.   </query>
  3071.   <query id="684">
  3072.     <dictionary id="685"/>
  3073.     <name>MWG 6.x: Blocked malware objects by engine for 24 hours</name>
  3074.     <description>Summary of blocked security threats broken down by scanning engine through all registered MWG 6.x appliances.</description>
  3075.     <target>MWSEventsView</target>
  3076.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3077.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.malware.mcafee.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.secure.protected%22+%29+%29+%29+%29</condition-uri>
  3078.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3079.   </query>
  3080.   <query id="686">
  3081.     <dictionary id="687"/>
  3082.     <name>MWG 6.x: Blocked malware objects by engine for 1 month</name>
  3083.     <description>Summary of blocked security threats broken down by scanning engine through all registered MWG 6.x appliances.</description>
  3084.     <target>MWSEventsView</target>
  3085.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3086.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.malware.mcafee.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.mediafilter.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.malware.secure.protected%22+%29+%29+%29+%29</condition-uri>
  3087.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3088.   </query>
  3089.   <query id="688">
  3090.     <dictionary id="689"/>
  3091.     <name>MWG 6.x: SSL certificate verification overview for 24 hours</name>
  3092.     <description>Summary of verification status for all secure certificates passed through all registered MWG 6.x appliances.</description>
  3093.     <target>MWSEventsView</target>
  3094.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3095.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
  3096.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3097.   </query>
  3098.   <query id="690">
  3099.     <dictionary id="691"/>
  3100.     <name>MWG 6.x: SSL certificate verification overview for 1 month</name>
  3101.     <description>Summary of verification status for all secure certificates passed through all registered MWG 6.x appliances.</description>
  3102.     <target>MWSEventsView</target>
  3103.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3104.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
  3105.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3106.   </query>
  3107.   <query id="692">
  3108.     <dictionary id="693"/>
  3109.     <name>MWG 6.x: Traffic volume (bytes) by protocol for 24 hours</name>
  3110.     <description>Volume of traffic through all registered MWG 6.x appliances broken down by scanned protocol.</description>
  3111.     <target>MWSEventsView</target>
  3112.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3113.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
  3114.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3115.   </query>
  3116.   <query id="694">
  3117.     <dictionary id="695"/>
  3118.     <name>MWG 6.x: Traffic volume (bytes) by protocol for 1 month</name>
  3119.     <description>Volume of traffic through all registered MWG 6.x appliances broken down by scanned protocol.</description>
  3120.     <target>MWSEventsView</target>
  3121.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3122.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
  3123.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3124.   </query>
  3125.   <query id="696">
  3126.     <dictionary id="697"/>
  3127.     <name>MWG 6.x: URL Executive Summary for 24 hours</name>
  3128.     <description>Summary of legitimate vs. protected traffic through all registered MWG 6.x appliances broken down by scanning engine.</description>
  3129.     <target>MWSEventsView</target>
  3130.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3131.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.av.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%29+%29+%29</condition-uri>
  3132.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3133.   </query>
  3134.   <query id="698">
  3135.     <dictionary id="699"/>
  3136.     <name>MWG 6.x: URL Executive Summary for 1 month</name>
  3137.     <description>Summary of legitimate vs. protected traffic through all registered MWG 6.x appliances broken down by scanning engine.</description>
  3138.     <target>MWSEventsView</target>
  3139.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3140.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28eq+MWSEventsView.CounterName+%22web.legitimate%22+%29+%28eq+MWSEventsView.CounterName+%22web.av.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.proactive.protected%22+%29+%28eq+MWSEventsView.CounterName+%22web.urlfilter.protected%22+%29+%29+%29+%29</condition-uri>
  3141.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3142.   </query>
  3143.   <query id="700">
  3144.     <dictionary id="701"/>
  3145.     <name>MWG 6.x: Web reputation by hits for 24 hours</name>
  3146.     <description>Break-down of the scanned traffic and its web reputation score for all registered MWG 6.x appliances.</description>
  3147.     <target>MWSEventsView</target>
  3148.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3149.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
  3150.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3151.   </query>
  3152.   <query id="702">
  3153.     <dictionary id="703"/>
  3154.     <name>MWG 6.x: Web reputation by hits for 1 month</name>
  3155.     <description>Break-down of the scanned traffic and its web reputation score for all registered MWG 6.x appliances.</description>
  3156.     <target>MWSEventsView</target>
  3157.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3158.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.reputation%22+%29+%29+%29+%29</condition-uri>
  3159.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3160.   </query>
  3161.   <query id="704">
  3162.     <dictionary id="705"/>
  3163.     <name>MWG7: SSL certificate verification incidents for 24 hours</name>
  3164.     <description>Summary of verification status for all secure certificates passed through all registered MWG7 appliances.</description>
  3165.     <target>MWSEventsView</target>
  3166.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3167.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
  3168.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3169.   </query>
  3170.   <query id="706">
  3171.     <dictionary id="707"/>
  3172.     <name>MWG7: SSL certificate verification incidents for 1 month</name>
  3173.     <description>Summary of verification status for all secure certificates passed through all registered MWG7 appliances.</description>
  3174.     <target>MWSEventsView</target>
  3175.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3176.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28startsWith+MWSEventsView.CounterName+%22web.sslcert%22+%29+%29+%29+%29</condition-uri>
  3177.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=MWSEventsView.CounterName&amp;orion.sum.order=az&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3178.   </query>
  3179.   <query id="708">
  3180.     <dictionary id="709"/>
  3181.     <name>MWG7: Traffic volume (bytes) by protocol for 24 hours</name>
  3182.     <description>Volume of traffic through all registered MWG7 appliances broken down by scanned protocol.</description>
  3183.     <target>MWSEventsView</target>
  3184.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3185.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+86400000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
  3186.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3187.   </query>
  3188.   <query id="710">
  3189.     <dictionary id="711"/>
  3190.     <name>MWG7: Traffic volume (bytes) by protocol for 1 month</name>
  3191.     <description>Volume of traffic through all registered MWG7 appliances broken down by scanned protocol.</description>
  3192.     <target>MWSEventsView</target>
  3193.     <table-uri>query:table?orion.table.columns=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion&amp;orion.table.order=az&amp;orion.table.order.by=MWSEventsView.CounterName%3AMWSEventsView.Counter%3AMWSEventsView.DetectedUTC%3AMWSEventsView.ApplianceName%3AMWSEventsView.ApplianceHostName%3AMWSEventsView.ApplianceIP4%3AMWSEventsView.ApplianceIPV6%3AMWSEventsView.ApplianceOS%3AMWSEventsView.ApplianceVersion</table-uri>
  3194.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+MWSEventsView.DetectedUTC+2592000000++%29+%28+eq+MWSEventsView.ApplianceOS+%22MWG7%22+%29+%28+or+%28endsWith+MWSEventsView.CounterName+%22.bytes%22+%29+%29+%29+%29</condition-uri>
  3195.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;groupedbar.title=MWSEventsView.DetectedUTC&amp;orion.sum.group.by=MWSEventsView.DetectedUTC%3AMWSEventsView.CounterName&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest%3Adesc&amp;orion.show.other=false&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=MWSEventsView.Counter&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3196.   </query>
  3197.   <query id="712">
  3198.     <dictionary id="713"/>
  3199.     <name>Threats detected by Local Threat Intelligence (imported)</name>
  3200.     <description></description>
  3201.     <target>EPOEvents</target>
  3202.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3203.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  3204.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3205.   </query>
  3206.   <query id="714">
  3207.     <dictionary id="715"/>
  3208.     <name>Top Blocked or Monitored Email Attachments</name>
  3209.     <description></description>
  3210.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3211.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.attachments%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_fct_exact_email_detection.attachments%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3212.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Deferred%22+%29+%29+%28+mesa_known+csr_fct_exact_email_detection.attachments+%29+%29+%29</condition-uri>
  3213.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=csr_fct_exact_email_detection.attachments&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3214.   </query>
  3215.   <query id="716">
  3216.     <dictionary id="717"/>
  3217.     <name>Top External Senders of Blocked or Monitored Emails</name>
  3218.     <description></description>
  3219.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3220.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3221.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Inbound%22+%29+%29</condition-uri>
  3222.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3223.   </query>
  3224.   <query id="718">
  3225.     <dictionary id="719"/>
  3226.     <name>Top Internal Senders of Blocked or Monitored Emails</name>
  3227.     <description></description>
  3228.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3229.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3230.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+csr_dim_email_connection_info.traffic_direction+%22Outbound%22+%29+%29</condition-uri>
  3231.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3232.   </query>
  3233.   <query id="720">
  3234.     <dictionary id="721"/>
  3235.     <name>Top Blocked or Monitored Email Subjects</name>
  3236.     <description></description>
  3237.     <target>mesaschema.csr_fct_exact_email_delivery</target>
  3238.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_delivery.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_delivery.msg_id%3Acsr_dim_email_reason.reason_desc%3Acsr_fct_exact_email_delivery.subject%3Acsr_dim_email_sender.sender_name%3Acsr_fct_exact_email_delivery.recipients%3Acsr_fct_exact_email_delivery.bytes&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_delivery.datetime%3Acsr_fct_exact_email_delivery.recipients%3Acsr_fct_exact_email_delivery.bytes%3Acsr_fct_exact_email_delivery.subject%3Acsr_fct_exact_email_delivery.msg_id%3Acsr_fct_exact_email_delivery.num_attachments%3Acsr_fct_exact_email_delivery.attachments%3Acsr_fct_exact_email_delivery.information</table-uri>
  3239.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Delivered%22+%29+%28+ne+csr_dim_email_reason.reason_desc+%22Email+Deferred%22+%29+%29+%28+mesa_known+csr_fct_exact_email_delivery.subject+%29+%29+%29</condition-uri>
  3240.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=csr_fct_exact_email_delivery.subject&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3241.   </query>
  3242.   <query id="722">
  3243.     <dictionary id="723"/>
  3244.     <name>Top Spam Email Senders by IP</name>
  3245.     <description></description>
  3246.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3247.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3248.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_ip.src_ipaddress+%29+%29+%29</condition-uri>
  3249.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3250.   </query>
  3251.   <query id="724">
  3252.     <dictionary id="725"/>
  3253.     <name>Email Spam Volume</name>
  3254.     <description></description>
  3255.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3256.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3257.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_email_detection.datetime+%29+%29&amp;orion.condition.sexp=%28+where+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%29</condition-uri>
  3258.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_exact_email_detection.datetime&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3259.   </query>
  3260.   <query id="726">
  3261.     <dictionary id="727"/>
  3262.     <name>Top Viral Email Senders</name>
  3263.     <description></description>
  3264.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3265.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3266.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+or+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Avira+Anti+Virus%22+%29+%28+eq+csr_dim_email_scanner.scanner_desc+%22Authentium+Anti+Virus%22+%29+%29+%29</condition-uri>
  3267.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=csr_dim_email_sender.sender_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3268.   </query>
  3269.   <query id="728">
  3270.     <dictionary id="729"/>
  3271.     <name>Email Phishing Volume by Domain and IP</name>
  3272.     <description></description>
  3273.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3274.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3275.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  3276.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3277.   </query>
  3278.   <query id="730">
  3279.     <dictionary id="731"/>
  3280.     <name>Top Spam Email Senders by Domain</name>
  3281.     <description></description>
  3282.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3283.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3284.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  3285.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3286.   </query>
  3287.   <query id="732">
  3288.     <dictionary id="733"/>
  3289.     <name>Top Phishing Email Senders by IP</name>
  3290.     <description></description>
  3291.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3292.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3293.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Phish%22+%29+%28+mesa_known+csr_dim_email_src_ip.src_ipaddress+%29+%29+%29</condition-uri>
  3294.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=csr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  3295.   </query>
  3296.   <query id="734">
  3297.     <dictionary id="735"/>
  3298.     <name>Email Spam Volume by Domain and IP</name>
  3299.     <description></description>
  3300.     <target>mesaschema.csr_fct_exact_email_detection</target>
  3301.     <table-uri>query:table?orion.table.columns=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_email_detection.datetime%3Acsr_dim_email_log_source_device.device%3Acsr_dim_email_connection_info.traffic_direction%3Acsr_fct_exact_email_detection.msg_id%3Acsr_dim_email_virus.virus_name%3Acsr_fct_exact_email_detection.filename%3Acsr_dim_email_action.action_taken_desc%3Acsr_dim_email_reason.reason_desc%3Acsr_dim_email_policy.policy_name%3Acsr_dim_email_sender.sender_name%3Acsr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress%3Acsr_fct_exact_email_detection.recipients</table-uri>
  3302.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+eq+csr_dim_email_scanner.scanner_desc+%22Anti+Spam%22+%29+%28+mesa_known+csr_dim_email_src_domain.src_domain+%29+%29+%29</condition-uri>
  3303.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=csr_dim_email_src_domain.src_domain%3Acsr_dim_email_src_ip.src_ipaddress&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A5&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3304.   </query>
  3305.   <query id="736">
  3306.     <dictionary id="737"/>
  3307.     <name>Authentication Overview by Geolocation</name>
  3308.     <description></description>
  3309.     <target>mesaschema.csr_fct_exact_otp</target>
  3310.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail%3Acsr_dim_otp_geo.geo_name&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail%3Acsr_dim_otp_geo.geo_name</table-uri>
  3311.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_geo.geo_name+%29+%29</condition-uri>
  3312.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=csr_dim_otp_geo.geo_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3313.   </query>
  3314.   <query id="738">
  3315.     <dictionary id="739"/>
  3316.     <name>Authentication Overview by Reason</name>
  3317.     <description></description>
  3318.     <target>mesaschema.csr_fct_exact_otp</target>
  3319.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
  3320.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=</condition-uri>
  3321.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=csr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3322.   </query>
  3323.   <query id="740">
  3324.     <dictionary id="741"/>
  3325.     <name>Authentication Overview by Result</name>
  3326.     <description></description>
  3327.     <target>mesaschema.csr_fct_exact_otp</target>
  3328.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
  3329.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_otp.datetime+%29+%29&amp;orion.condition.sexp=</condition-uri>
  3330.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.multiline&amp;orion.sum.group.by=csr_dim_otp_result.otp_result%3Acsr_fct_exact_otp.datetime&amp;orion.sum.order=desc%3Aoldest&amp;orion.sum.limit.count=50&amp;orion.sum.time.cols=%3Atrue&amp;orion.sum.time.unit=%3Aday&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3331.   </query>
  3332.   <query id="742">
  3333.     <dictionary id="743"/>
  3334.     <name>Top Delivery Methods by Destination</name>
  3335.     <description></description>
  3336.     <target>mesaschema.csr_fct_exact_otp</target>
  3337.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
  3338.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_identity.otp_identity+%29+%29</condition-uri>
  3339.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=csr_dim_otp_identity.otp_identity%3Acsr_dim_otp_delivery_method.delivery_method&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10%3A10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3340.   </query>
  3341.   <query id="744">
  3342.     <dictionary id="745"/>
  3343.     <name>Top Delivery Methods by Username</name>
  3344.     <description></description>
  3345.     <target>mesaschema.csr_fct_exact_otp</target>
  3346.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
  3347.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+mesa_known+csr_dim_otp_delivery_method.delivery_method+%29+%29</condition-uri>
  3348.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=csr_dim_otp_username.user_name%3Acsr_dim_otp_delivery_method.delivery_method&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=10%3A10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3349.   </query>
  3350.   <query id="746">
  3351.     <dictionary id="747"/>
  3352.     <name>Authentication Event Volume</name>
  3353.     <description></description>
  3354.     <target>mesaschema.csr_fct_exact_otp</target>
  3355.     <table-uri>query:table?orion.table.columns=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail&amp;orion.table.order=az&amp;orion.table.order.by=csr_fct_exact_otp.datetime%3Acsr_dim_otp_hostname.hostname%3Acsr_fct_exact_otp.session_number%3Acsr_dim_otp_delivery_method.delivery_method%3Acsr_dim_otp_username.user_name%3Acsr_dim_otp_identity.otp_identity%3Acsr_dim_otp_reason.otp_reason_group%3Acsr_dim_otp_reason.otp_reason_detail</table-uri>
  3356.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+beforeNow+csr_fct_exact_otp.datetime+%29+%29&amp;orion.condition.sexp=%28+where+%28+mesa_success+csr_dim_otp_result.otp_result+%29+%29</condition-uri>
  3357.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=csr_fct_exact_otp.datetime&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3358.   </query>
  3359.   <query id="748">
  3360.     <dictionary id="749"/>
  3361.     <name>Threat detection by OS (Last 7 days) (imported)</name>
  3362.     <description></description>
  3363.     <target>EPOEvents</target>
  3364.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3365.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  3366.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3367.   </query>
  3368.   <query id="750">
  3369.     <dictionary id="751"/>
  3370.     <name>Threats detected locally (signatures only) (imported 2)</name>
  3371.     <description></description>
  3372.     <target>EPOEvents</target>
  3373.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3374.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  3375.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3376.   </query>
  3377.   <query id="752">
  3378.     <dictionary id="753"/>
  3379.     <name>Unique threats detected in the cloud (imported 2)</name>
  3380.     <description></description>
  3381.     <target>EPOEvents</target>
  3382.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3383.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  3384.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3385.   </query>
  3386.   <query id="754">
  3387.     <dictionary id="755"/>
  3388.     <name>Threats for 1 Day</name>
  3389.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3390.     <target>EPOEvents</target>
  3391.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3392.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3393.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3394.   </query>
  3395.   <query id="756">
  3396.     <dictionary id="757"/>
  3397.     <name>Threats for 1 Week</name>
  3398.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3399.     <target>EPOEvents</target>
  3400.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3401.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3402.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3403.   </query>
  3404.   <query id="758">
  3405.     <dictionary id="759"/>
  3406.     <name>Threats/Host for 1 Month</name>
  3407.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3408.     <target>EPOEvents</target>
  3409.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3410.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3411.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3412.   </query>
  3413.   <query id="760">
  3414.     <dictionary id="761"/>
  3415.     <name>Threats/Host for 1 Day</name>
  3416.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3417.     <target>EPOEvents</target>
  3418.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3419.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3420.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3421.   </query>
  3422.   <query id="762">
  3423.     <dictionary id="763"/>
  3424.     <name>Threats/File for 1 Day</name>
  3425.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3426.     <target>EPOEvents</target>
  3427.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3428.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3429.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3430.   </query>
  3431.   <query id="764">
  3432.     <dictionary id="765"/>
  3433.     <name>Threats/File for 1 Week</name>
  3434.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3435.     <target>EPOEvents</target>
  3436.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3437.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3438.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3439.   </query>
  3440.   <query id="766">
  3441.     <dictionary id="767"/>
  3442.     <name>Threats/File for 1 Month</name>
  3443.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  3444.     <target>EPOEvents</target>
  3445.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3446.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%29+%29</condition-uri>
  3447.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3448.   </query>
  3449.   <query id="768">
  3450.     <dictionary id="769"/>
  3451.     <name>DLP: Privileged Users</name>
  3452.     <description>This report summarizes privileged users</description>
  3453.     <target>udlpQuerySchema.UDLP_UserProperties</target>
  3454.     <table-uri>query:table?orion.table.columns=UDLP_UserProperties.user_name%3AUDLP_UserProperties.computer_id%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions%3AUDLP_UserProperties.evidencePath%3A&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_UserProperties.user_name%3AUDLP_UserProperties.computer_id%3AUDLP_UserProperties.userDistinguishedName%3AUDLP_UserProperties.userSID%3AUDLP_UserProperties.status%3AUDLP_UserProperties.policyEnforcementMode%3AUDLP_UserProperties.userPrivilegedPermissions%3AUDLP_UserProperties.evidencePath%3A</table-uri>
  3455.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UDLP_UserProperties.userPrivilegedPermissions+1++%29+%29</condition-uri>
  3456.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_UserProperties.user_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3457.   </query>
  3458.   <query id="770">
  3459.     <dictionary id="771"/>
  3460.     <name>DLP: Chrome Support Summary</name>
  3461.     <description>This report summarizes Chrome support</description>
  3462.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  3463.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed</table-uri>
  3464.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29</condition-uri>
  3465.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ComputerProperties.isChromeVersionSupported&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3466.   </query>
  3467.   <query id="772">
  3468.     <dictionary id="773"/>
  3469.     <name>DLP: Chrome unsupported versions </name>
  3470.     <description>This report displays unsupported Chrome versions</description>
  3471.     <target>udlpQuerySchema.UDLP_ComputerProperties</target>
  3472.     <table-uri>query:table?orion.table.columns=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed&amp;orion.table.order=az&amp;orion.table.order.by=UDLP_EPOProductPropertiesView.NodeName%3AUDLP_ComputerProperties.agentStatus%3AUDLP_ComputerProperties.configurationModificationDate%3AUDLP_ComputerProperties.configurationName%3AUDLP_ComputerProperties.configurationRevision%3AUDLP_ComputerProperties.policyName%3AUDLP_ComputerProperties.dlpPluginVersion%3AUDLP_ComputerProperties.dlpProductVersion%3AUDLP_ComputerProperties.policyReceiveTime%3AUDLP_ComputerProperties.dlpOperationMode%3AUDLP_ComputerProperties.isChromeVersionSupported%3AUDLP_ComputerProperties.lastChromeVersionUsed</table-uri>
  3473.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+UDLP_ComputerProperties.isChromeVersionSupported+2++%29+%28+not_isBlank+UDLP_EPOProductPropertiesView.ProductCode+%29+%29+%29</condition-uri>
  3474.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UDLP_ComputerProperties.lastChromeVersionUsed&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3475.   </query>
  3476.   <query id="774">
  3477.     <dictionary id="775"/>
  3478.     <name>Versions of Products - ALL TC</name>
  3479.     <description></description>
  3480.     <target>EPOSystemProductVersionInfo</target>
  3481.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  3482.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
  3483.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3484.   </query>
  3485.   <query id="776">
  3486.     <dictionary id="777"/>
  3487.     <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 24 hours</name>
  3488.     <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
  3489.     <target>EPOEvents</target>
  3490.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  3491.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  3492.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3493.   </query>
  3494.   <query id="778">
  3495.     <dictionary id="779"/>
  3496.     <name>M-OPS-Machines that were NOT Fully Cleaned in the Last 48 hours</name>
  3497.     <description>Operations report for machines that require action. This query will show you machines and usernames that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for machines not cleaned in the past 24 hours</description>
  3498.     <target>EPOEvents</target>
  3499.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  3500.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  3501.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.TargetUserName%3AEPOEvents.ThreatName%3AEPOEventFilterDesc.Name&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3502.   </query>
  3503.   <query id="780">
  3504.     <dictionary id="781"/>
  3505.     <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 48 hours</name>
  3506.     <description>Operations report for machines that require action. This query will show you new infections that VirusScan may not be fully cleaning. Shows event description which will let you know what VirusScan did with the file. Compare this with same report infections not cleaned in the past 24 hours</description>
  3507.     <target>EPOEvents</target>
  3508.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  3509.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+newerThan+EPOEvents.DetectedUTC+172800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  3510.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3511.   </query>
  3512.   <query id="782">
  3513.     <dictionary id="783"/>
  3514.     <name>M-OPS-Infections that were NOT Fully Cleaned in the Last 24 hours</name>
  3515.     <description>Operational report for that shows machines that may require action. This query will show you new infections that VirusScan may not be fully cleaning in the past day. Shows event description which will let you know what VirusScan did with the file. Compare this with same report for the past 2 days.</description>
  3516.     <target>EPOEvents</target>
  3517.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatName%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity</table-uri>
  3518.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.ThreatHandled+f+%29+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatActionTaken+%22access+denied%22+%29+%28+ne+EPOEventFilterDesc.Name+%22Unable+to+scan+password+protected%22+%29+%29+%29</condition-uri>
  3519.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;multigroup.title=EPOEvents.ThreatName&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Aaz%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3520.   </query>
  3521.   <query id="784">
  3522.     <dictionary id="785"/>
  3523.     <name>M-VS Access Protection FW Rules Triggered AND Blocked in the Past 3 Days</name>
  3524.     <description>These are access protection FW rules that are being blocked by VS. The only default FW rule enabled in VS is reporting/blocking IRC communication and SMTP port 25. Broken down by threat IP address, process name, and rule that is being triggered. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
  3525.     <target>EPOEvents</target>
  3526.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3527.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1094++%29+%29+%29</condition-uri>
  3528.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&amp;orion.sum.order=az%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3529.   </query>
  3530.   <query id="786">
  3531.     <dictionary id="787"/>
  3532.     <name>M-VS Access Protection FW Rules Triggered but NOT Blocked in the Past 3 Days</name>
  3533.     <description>These are access protection FW rules that are set to report only and not block. The only default FW rule enabled in VS is reporting/blocking IRC communication. You can optionally add additional reporting rules in VS to discover other inappropriate communication in your environment.</description>
  3534.     <target>EPOEvents</target>
  3535.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3536.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatEventID+1096++%29+%29+%29</condition-uri>
  3537.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOComputerProperties.ComputerName%3AEPOEvents.SourceProcessName&amp;orion.sum.order=az%3Aaz%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3538.   </query>
  3539.   <query id="788">
  3540.     <dictionary id="789"/>
  3541.     <name>Threats detected locally (signatures only) (imported)</name>
  3542.     <description></description>
  3543.     <target>EPOEvents</target>
  3544.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3545.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  3546.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3547.   </query>
  3548.   <query id="790">
  3549.     <dictionary id="791"/>
  3550.     <name>Unique threats detected in the cloud (imported)</name>
  3551.     <description></description>
  3552.     <target>EPOEvents</target>
  3553.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3554.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  3555.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3556.   </query>
  3557.   <query id="792">
  3558.     <dictionary id="793"/>
  3559.     <name>Top 10 endpoints - Threat Events (last 7 days) (imported)</name>
  3560.     <description></description>
  3561.     <target>EPOEvents</target>
  3562.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3563.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  3564.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3565.   </query>
  3566.   <query id="794">
  3567.     <dictionary id="795"/>
  3568.     <name>Unsigned Unknown Files</name>
  3569.     <description>Find unknown files that are not signed from last month.</description>
  3570.     <target>TieServerSchema.fileJoined</target>
  3571.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3572.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+fileJoined.composite_reputation+50++%29+%28+eq+fileJoined.composite_reputation+0++%29+%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3573.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3574.   </query>
  3575.   <query id="796">
  3576.     <dictionary id="797"/>
  3577.     <name>TIE Server Unsigned Unknown Files Usage</name>
  3578.     <description>Find unsigned unknown files per composite reputation and group them by their first and last access.</description>
  3579.     <target>TieServerSchema.fileJoined</target>
  3580.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.type%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.type%3AfileJoined.composite_reputation%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date%3AfileJoined.latest_rule_id</table-uri>
  3581.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+15552000000++%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.last_access_date+604800000++%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3582.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=fileJoined.last_access_date%3AfileJoined.create_date&amp;orion.sum.time.cols=true%3Atrue&amp;orion.sum.time.unit=week%3Aweek&amp;orion.sum.order=oldest%3Aoldest&amp;orion.sum.limit.count=1&amp;orion.sum.aggregation=count%3Amax&amp;orion.sum.aggregation.column=%3AfileJoined.ent_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3583.   </query>
  3584.   <query id="798">
  3585.     <dictionary id="799"/>
  3586.     <name>Unsigned Unknown Files by Company</name>
  3587.     <description>Find Unsigned Unknown Files by company from last month.</description>
  3588.     <target>TieServerSchema.fileJoined</target>
  3589.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3590.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3591.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.company_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count%3Amax&amp;orion.sum.aggregation.column=%3AfileJoined.ent_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3592.   </query>
  3593.   <query id="800">
  3594.     <dictionary id="801"/>
  3595.     <name>Most Active Parents of Unknown Files</name>
  3596.     <description>Find the most active parent Files of Unknown Files from last month.</description>
  3597.     <target>TieServerSchema.fileJoined</target>
  3598.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.parent_sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.parent_sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  3599.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+fileJoined.parent_sha1+%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%29+%29</condition-uri>
  3600.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.parent_sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count%3Asum&amp;orion.sum.aggregation.column=%3AfileJoined.ent_count&amp;orion.sum.aggregation.showTotal=true%3Atrue</summary-uri>
  3601.   </query>
  3602.   <query id="802">
  3603.     <dictionary id="803"/>
  3604.     <name>Most Monitored Unknown Files</name>
  3605.     <description>Find the 10 most monitored Unknown Files from last month.</description>
  3606.     <target>TieServerSchema.fileJoined</target>
  3607.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3Afile_rep_enterprise.trust_level%3Aassociated_certificate_rep_enterprise.trust_level%3AfileJoined.localrep_latest%3Aassociated_certificate_rep_gti.trust_level%3Afile_rep_gti.trust_level%3Afile_rep_atd.trust_level%3Afile_rep_ctd.trust_level%3Afile_rep_mwg.trust_level</table-uri>
  3608.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+gt+fileJoined.localrep_count+10++%29+%29+%29</condition-uri>
  3609.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.sha1&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=max&amp;orion.sum.aggregation.column=fileJoined.localrep_count</summary-uri>
  3610.   </query>
  3611.   <query id="804">
  3612.     <dictionary id="805"/>
  3613.     <name>Most Active Endpoints</name>
  3614.     <description>Find the 10 systems that reported the largest number of New Files from last month.</description>
  3615.     <target>TieServerSchema.agent_new_file_summary</target>
  3616.     <table-uri>query:table?orion.table.columns=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count&amp;orion.table.order=az&amp;orion.table.order.by=agent_new_file_summary.agent%3Aagent_new_file_summary.date%3Aagent_new_file_summary.count</table-uri>
  3617.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+agent_new_file_summary.date+2592000000++%29+%29</condition-uri>
  3618.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=agent_new_file_summary.agent&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=agent_new_file_summary.count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3619.   </query>
  3620.   <query id="806">
  3621.     <dictionary id="807"/>
  3622.     <name>Signed Unknown Files</name>
  3623.     <description>Find signed unknown files from last month.</description>
  3624.     <target>TieServerSchema.fileJoined</target>
  3625.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3626.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+fileJoined.create_date+2592000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+fileJoined.composite_reputation+50++%29+%28+eq+fileJoined.composite_reputation+0++%29+%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%28+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3627.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=fileJoined.create_date&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3628.   </query>
  3629.   <query id="808">
  3630.     <dictionary id="809"/>
  3631.     <name>Signed Unknown Files per Certificate Subject</name>
  3632.     <description>Find files split by certificate subject and SHA-1.</description>
  3633.     <target>TieServerSchema.fileJoined</target>
  3634.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3635.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%28+eq+fileJoined.composite_reputation+50++%29+%28+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3636.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=fileJoined.cert_subject%3AfileJoined.cert_sha1&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=20%3A10&amp;orion.sum.aggregation=count%3Amax&amp;orion.sum.aggregation.column=%3AfileJoined.ent_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3637.   </query>
  3638.   <query id="810">
  3639.     <dictionary id="811"/>
  3640.     <name>Signed Unknown Files by Company</name>
  3641.     <description>Find signed Unknown Files by company from last month.</description>
  3642.     <target>TieServerSchema.fileJoined</target>
  3643.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3644.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3645.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=fileJoined.company_name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count%3Amax&amp;orion.sum.aggregation.column=%3AfileJoined.ent_count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3646.   </query>
  3647.   <query id="812">
  3648.     <dictionary id="813"/>
  3649.     <name>Signed Unknown Files by Product</name>
  3650.     <description>Find signed Unknown Files by product from last month.</description>
  3651.     <target>TieServerSchema.fileJoined</target>
  3652.     <table-uri>query:table?orion.table.columns=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date&amp;orion.table.order=az&amp;orion.table.order.by=fileJoined.sha1%3AfileJoined.company_name%3AfileJoined.product_name%3AfileJoined.cert_subject%3AfileJoined.composite_reputation%3AfileJoined.latest_rule_id%3AfileJoined.ent_count%3AfileJoined.create_date%3AfileJoined.last_access_date</table-uri>
  3653.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+fileJoined.composite_reputation+50++%29+%28+newerThan+fileJoined.create_date+2592000000++%29+%28+not_isBlank+fileJoined.cert_sha1+%29+%29+%29+gt+fileJoined.ent_count+0++%29+%29+%29</condition-uri>
  3654.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.multigroup&amp;orion.sum.group.by=fileJoined.company_name%3AfileJoined.product_name&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=20%3A20&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3655.   </query>
  3656.   <query id="814">
  3657.     <dictionary id="815"/>
  3658.     <name>M-Top 10 Computers with the Most Detections Cleaned in Past 3 Days</name>
  3659.     <description>Displays the top ten computers with the most detections in the last 3 Days</description>
  3660.     <target>EPOEvents</target>
  3661.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.DetectedUTC%3AEPOEvents.ReceivedUTC%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3662.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+not_isBlank+EPOComputerProperties.ComputerName+%29+%29+%29</condition-uri>
  3663.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOLeafNode.NodeName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOLeafNode.NodeName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3664.   </query>
  3665.   <query id="816">
  3666.     <dictionary id="817"/>
  3667.     <name>M-Top 10 Users with the Most Detections Cleaned in the Last 3 Days</name>
  3668.     <description>Top 10 user with the most infections cleaned in the last 3 days. Local System and Network username have been removed.</description>
  3669.     <target>EPOEvents</target>
  3670.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  3671.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+startsWith+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+newerThan+EPOEvents.DetectedUTC+259200000++%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+notContains+EPOEvents.TargetUserName+%22authority%22+%29+%28+eq+EPOEvents.ThreatHandled+t+%29+%29+%29</condition-uri>
  3672.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3673.   </query>
  3674.   <query id="818">
  3675.     <dictionary id="819"/>
  3676.     <name>Malware Detection History</name>
  3677.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  3678.     <target>EPOEvents</target>
  3679.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3680.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  3681.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3682.   </query>
  3683.   <query id="820">
  3684.     <dictionary id="821"/>
  3685.     <name>Threats detected locally (signatures only)</name>
  3686.     <description></description>
  3687.     <target>EPOEvents</target>
  3688.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3689.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+notContains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+notContains+EPOEvents.ThreatName+%22TIE%2Fsuspect%22+%29+%29+%29+%29</condition-uri>
  3690.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3691.   </query>
  3692.   <query id="822">
  3693.     <dictionary id="823"/>
  3694.     <name>Unique threats detected in the cloud</name>
  3695.     <description></description>
  3696.     <target>EPOEvents</target>
  3697.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3698.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29+%29</condition-uri>
  3699.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.ThreatName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3700.   </query>
  3701.   <query id="824">
  3702.     <dictionary id="825"/>
  3703.     <name>Top 10 endpoints - Threat Events (last 7 days)</name>
  3704.     <description></description>
  3705.     <target>EPOEvents</target>
  3706.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3707.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  3708.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3709.   </query>
  3710.   <query id="826">
  3711.     <dictionary id="827"/>
  3712.     <name>Threats detected by the cloud (no signatures)</name>
  3713.     <description></description>
  3714.     <target>EPOEvents</target>
  3715.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3716.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  3717.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3718.   </query>
  3719.   <query id="828">
  3720.     <dictionary id="829"/>
  3721.     <name>Threat Events NOT handled (last 1 week)</name>
  3722.     <description></description>
  3723.     <target>EPOEvents</target>
  3724.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3725.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  3726.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3727.   </query>
  3728.   <query id="830">
  3729.     <dictionary id="831"/>
  3730.     <name>Top 10 users - Threat Events (last 7 days)</name>
  3731.     <description></description>
  3732.     <target>EPOEvents</target>
  3733.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3734.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  3735.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3736.   </query>
  3737.   <query id="832">
  3738.     <dictionary id="833"/>
  3739.     <name>Threats detected by Local Threat Intelligence</name>
  3740.     <description></description>
  3741.     <target>EPOEvents</target>
  3742.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3743.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  3744.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3745.   </query>
  3746.   <query id="834">
  3747.     <dictionary id="835"/>
  3748.     <name>Versions of Products - ALL</name>
  3749.     <description></description>
  3750.     <target>EPOSystemProductVersionInfo</target>
  3751.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  3752.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOSystemProductVersionInfo.productVersion+%29+%29</condition-uri>
  3753.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3754.   </query>
  3755.   <query id="836">
  3756.     <dictionary id="837"/>
  3757.     <name>VSE Engine Versions Summary</name>
  3758.     <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  3759.     <target>EPOLeafNode</target>
  3760.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  3761.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3762.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3763.   </query>
  3764.   <query id="838">
  3765.     <dictionary id="839"/>
  3766.     <name>DAT Versions Summary</name>
  3767.     <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  3768.     <target>EPOLeafNode</target>
  3769.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  3770.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3771.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3772.   </query>
  3773.   <query id="840">
  3774.     <dictionary id="841"/>
  3775.     <name>Agent Versions Summary</name>
  3776.     <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  3777.     <target>EPOLeafNode</target>
  3778.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  3779.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3780.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3781.   </query>
  3782.   <query id="842">
  3783.     <dictionary id="843"/>
  3784.     <name>VirusScan Patch Versions</name>
  3785.     <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
  3786.     <target>EPOLeafNode</target>
  3787.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
  3788.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
  3789.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3790.   </query>
  3791.   <query id="844">
  3792.     <dictionary id="845"/>
  3793.     <name>Systems per Top-Level Group</name>
  3794.     <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
  3795.     <target>EPOLeafNode</target>
  3796.     <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
  3797.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3798.     <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&amp;bool.red.text=Non-Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;orion.query.type=bar.bar&amp;bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&amp;bar.count.title=EPOLeafNode&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3799.   </query>
  3800.   <query id="846">
  3801.     <dictionary id="847"/>
  3802.     <name>Operating System Types PIE Charat</name>
  3803.     <description></description>
  3804.     <target>EPOLeafNode</target>
  3805.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.OSPlatform%3AEPOComputerProperties.OSServicePackVer%3AEPOComputerProperties.OSVersion</table-uri>
  3806.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3807.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOComputerProperties.OSType&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3808.   </query>
  3809.   <query id="848">
  3810.     <dictionary id="849"/>
  3811.     <name>Duplicate Systems Names by First Level Group</name>
  3812.     <description>Lists all system names that appear in multiple System Tree locations.</description>
  3813.     <target>EPOLeafNode</target>
  3814.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOBranchNode.NodeTextPath2%3AEPOLeafNode.Tags</table-uri>
  3815.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+duplicatedComputerName+EPOLeafNode.NodeName+%29+%29</condition-uri>
  3816.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOLeafNode.NodeName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3817.   </query>
  3818.   <query id="850">
  3819.     <dictionary id="851"/>
  3820.     <name>Systems Not Reporting in - more than 30 Days</name>
  3821.     <description></description>
  3822.     <target>EPOLeafNode</target>
  3823.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.os%3AEPOLeafNode.AgentGUID%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  3824.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%29</condition-uri>
  3825.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L2ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3826.   </query>
  3827.   <query id="852">
  3828.     <dictionary id="853"/>
  3829.     <name>Systems with High Sequence Errors by Group</name>
  3830.     <description>Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.</description>
  3831.     <target>EPOLeafNode</target>
  3832.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.ManagedState%3AEPOLeafNode.SequenceErrorCount</table-uri>
  3833.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+gt+EPOLeafNode.SequenceErrorCount+25++%29+%29</condition-uri>
  3834.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.NodeTextPath2&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3835.   </query>
  3836.   <query id="854">
  3837.     <dictionary id="855"/>
  3838.     <name>UnManaged Systems by Group</name>
  3839.     <description></description>
  3840.     <target>EPOLeafNode</target>
  3841.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.AgentGUID%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  3842.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+0++%29+%29</condition-uri>
  3843.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3844.   </query>
  3845.   <query id="856">
  3846.     <dictionary id="857"/>
  3847.     <name>Threat Events in the Last 2 Weeks</name>
  3848.     <description>This chart shows the trend of threat event generation for the last 2 weeks. </description>
  3849.     <target>EPOEvents</target>
  3850.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3851.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  3852.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3853.   </query>
  3854.   <query id="858">
  3855.     <dictionary id="859"/>
  3856.     <name>Most Numerous Threat Event Descriptions in the Database</name>
  3857.     <description>Shows the most numerous threat events found in the database today. This can let you pinpoint events that may be overwhelming your database and then you can filter them by disabling them.</description>
  3858.     <target>EPOEvents</target>
  3859.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3860.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3861.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=40&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3862.   </query>
  3863.   <query id="860">
  3864.     <dictionary id="861"/>
  3865.     <name>Repositories Composite Utilization</name>
  3866.     <description></description>
  3867.     <target>EPOProductEvents</target>
  3868.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  3869.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  3870.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3871.   </query>
  3872.   <query id="862">
  3873.     <dictionary id="863"/>
  3874.     <name>Systems in Lost and Found</name>
  3875.     <description></description>
  3876.     <target>EPOLeafNode</target>
  3877.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  3878.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
  3879.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L2ParentID&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3880.   </query>
  3881.   <query id="864">
  3882.     <dictionary id="865"/>
  3883.     <name>Rogue Systems, By OUI (Last 7 Days)</name>
  3884.     <description>Rogue Systems, By OUI (Last 7 Days)</description>
  3885.     <target>RSDInterfaces</target>
  3886.     <table-uri>query:table?orion.table.columns=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName&amp;orion.table.order=az&amp;orion.table.order.by=RSDDetectedSystems.NetbiosName%3ARSDInterfaces.MAC%3ARSDInterfaces.IPV6%3ARSDInterfaces.LastDetectedTime%3ARSDInterfaces.DetectedSourceName%3ARSDInterfaces.OrgName</table-uri>
  3887.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+RSDInterfaces.LastDetectedTime+604800000++%29+%28+eq+RSDDetectedSystems.Rogue+%221%22+%29+%29+%29</condition-uri>
  3888.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=RSDInterfaces.OrgName&amp;orion.query.type=pie.pie&amp;orion.sum.group.by=RSDInterfaces.OrgName&amp;orion.sum.order=desc&amp;orion.show.other=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3889.   </query>
  3890.   <query id="866">
  3891.     <dictionary id="867"/>
  3892.     <name>PoV: Last 3 Months Detections Trend for TIE (imported)</name>
  3893.     <description>Last 3 Month Detections Trend for TIE</description>
  3894.     <target>EPOEvents</target>
  3895.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3896.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  3897.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3898.   </query>
  3899.   <query id="868">
  3900.     <dictionary id="869"/>
  3901.     <name>PoV: Last 3 Months Detections Trend for HIPS (imported)</name>
  3902.     <description>Last 3 Month Detections Trend for HIPS</description>
  3903.     <target>EPOEvents</target>
  3904.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3905.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  3906.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3907.   </query>
  3908.   <query id="870">
  3909.     <dictionary id="871"/>
  3910.     <name>PoV: Last 2 Weeks Detections Trend for TIE</name>
  3911.     <description>Last 2 weeks Detections Trend for TIE</description>
  3912.     <target>EPOEvents</target>
  3913.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3914.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+1209600000++%29+%29</condition-uri>
  3915.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3916.   </query>
  3917.   <query id="872">
  3918.     <dictionary id="873"/>
  3919.     <name>OBM: Detected Threats over the past 4 hours</name>
  3920.     <description></description>
  3921.     <target>EPOEvents</target>
  3922.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  3923.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
  3924.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3925.   </query>
  3926.   <query id="874">
  3927.     <dictionary id="875"/>
  3928.     <name>Repositories and Percentage Utilization</name>
  3929.     <description>Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and needed repository configuration improvements in policy.</description>
  3930.     <target>EPOProductEvents</target>
  3931.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  3932.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOProductEvents.Type+%22Plugin%22+%29+%28+ne+EPOProductEvents.Type+%22Uninstall%22+%29+%29+%28+eq+EPOProductEvents.Error+0++%29+%28+not_isBlank+EPOProductEvents.SiteName+%29+%29+%29</condition-uri>
  3933.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3934.   </query>
  3935.   <query id="876">
  3936.     <dictionary id="877"/>
  3937.     <name>Applied Policies Bubble Chart</name>
  3938.     <description></description>
  3939.     <target>EPOAssignedPolicy</target>
  3940.     <table-uri>query:table?orion.table.columns=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID&amp;orion.table.order=az&amp;orion.table.order.by=EPOAssignedPolicy.NodeName%3AEPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.ServerID</table-uri>
  3941.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3942.     <summary-uri>query:summary?orion.query.type=bubble.bubble&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOAssignedPolicy.PolicyObjectID%3AEPOAssignedPolicy.FeatureTextID&amp;orion.sum.order=az%3Aaz&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3943.   </query>
  3944.   <query id="878">
  3945.     <dictionary id="879"/>
  3946.     <name>SiteAdvisor Product Versions</name>
  3947.     <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
  3948.     <target>EPOLeafNode</target>
  3949.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
  3950.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3951.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3952.   </query>
  3953.   <query id="880">
  3954.     <dictionary id="881"/>
  3955.     <name>ePO DB Table Space Usage</name>
  3956.     <description>Displays the space used by each table in the ePO database. Values are updated when the PA: Get Index and Space Statistics server task is run.</description>
  3957.     <target>PATableSizeView</target>
  3958.     <table-uri>query:table?orion.table.columns=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB&amp;orion.table.order=az&amp;orion.table.order.by=PATableSizeView.TabName%3APATableSizeView.Rows%3APATableSizeView.ReservedMB%3APATableSizeView.DataMB%3APATableSizeView.Index_SizeMB%3APATableSizeView.UnusedMB</table-uri>
  3959.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3960.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=PATableSizeView.TabName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=PATableSizeView.ReservedMB&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3961.   </query>
  3962.   <query id="882">
  3963.     <dictionary id="883"/>
  3964.     <name>Agent Handler Status</name>
  3965.     <description>Agent handler communication status within the last hour.</description>
  3966.     <target>EPOAgentHandlers</target>
  3967.     <table-uri>query:table?orion.table.columns=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastUpdate</table-uri>
  3968.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3969.     <summary-uri>query:summary?bool.red.text=Not+Communicating&amp;orion.sum.query=true&amp;bool.green.text=Communicating&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+newerThan+EPOAgentHandlers.LastUpdate+3600000++%29+%29&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3970.   </query>
  3971.   <query id="884">
  3972.     <dictionary id="885"/>
  3973.     <name>VSE Versions</name>
  3974.     <description></description>
  3975.     <target>EPOLeafNode</target>
  3976.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.ManagedState%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.IsPortable%3AEPOComputerProperties.NetAddress</table-uri>
  3977.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  3978.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3979.   </query>
  3980.   <query id="886">
  3981.     <dictionary id="887"/>
  3982.     <name>PoV: Last Month Detections per Product</name>
  3983.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  3984.     <target>EPOEvents</target>
  3985.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3986.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  3987.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3988.   </query>
  3989.   <query id="888">
  3990.     <dictionary id="889"/>
  3991.     <name>PoV: Last 3 Months Detections Trend for TIE</name>
  3992.     <description>Last 3 Month Detections Trend for TIE</description>
  3993.     <target>EPOEvents</target>
  3994.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  3995.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  3996.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  3997.   </query>
  3998.   <query id="890">
  3999.     <dictionary id="891"/>
  4000.     <name>PoV: Last 3 Months Detections Trend for Virus Scan</name>
  4001.     <description>Last 3 Month Detections Trend for Virus Scan</description>
  4002.     <target>EPOEvents</target>
  4003.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4004.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  4005.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4006.   </query>
  4007.   <query id="892">
  4008.     <dictionary id="893"/>
  4009.     <name>PoV: Last 3 Months Detections Trend for ENS</name>
  4010.     <description>Last 3 Month Detections Trend for ENS</description>
  4011.     <target>EPOEvents</target>
  4012.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4013.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  4014.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4015.   </query>
  4016.   <query id="894">
  4017.     <dictionary id="895"/>
  4018.     <name>PoV: Last 3 Months Detections Trend for HIPS</name>
  4019.     <description>Last 3 Month Detections Trend for HIPS</description>
  4020.     <target>EPOEvents</target>
  4021.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4022.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  4023.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4024.   </query>
  4025.   <query id="896">
  4026.     <dictionary id="897"/>
  4027.     <name>PoV: Last 1 Months Detections Trend for HIPS</name>
  4028.     <description>Last 1 Month Detection Trend for HIPS</description>
  4029.     <target>EPOEvents</target>
  4030.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4031.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  4032.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4033.   </query>
  4034.   <query id="898">
  4035.     <dictionary id="899"/>
  4036.     <name>PoV: Last 1 Month Detections Trend for TIE</name>
  4037.     <description>Last 1 Month Detections Trend for TIE</description>
  4038.     <target>EPOEvents</target>
  4039.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4040.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Threat+Intelligence%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  4041.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4042.   </query>
  4043.   <query id="900">
  4044.     <dictionary id="901"/>
  4045.     <name>PoV: Last 1 Month Detections Trend for ENS</name>
  4046.     <description>Last 1 Month Detections Trend for ENS</description>
  4047.     <target>EPOEvents</target>
  4048.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4049.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%29</condition-uri>
  4050.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4051.   </query>
  4052.   <query id="902">
  4053.     <dictionary id="903"/>
  4054.     <name>PoV: Last 3 Month Detections per Product</name>
  4055.     <description>Displays a pie chart of detections within the last 3 month organized by detecting product.</description>
  4056.     <target>EPOEvents</target>
  4057.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4058.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  4059.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4060.   </query>
  4061.   <query id="904">
  4062.     <dictionary id="905"/>
  4063.     <name>PoV: Last Day Detections per Product</name>
  4064.     <description>Displays a pie chart of detections within the last 1 day organized by detecting product.</description>
  4065.     <target>EPOEvents</target>
  4066.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4067.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  4068.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4069.   </query>
  4070.   <query id="906">
  4071.     <dictionary id="907"/>
  4072.     <name>PoV: Last Month Detections per Product (imported)</name>
  4073.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  4074.     <target>EPOEvents</target>
  4075.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4076.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  4077.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEvents.AnalyzerName&amp;orion.query.type=pie.pie&amp;pie.count.title=Events&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4078.   </query>
  4079.   <query id="908">
  4080.     <dictionary id="909"/>
  4081.     <name>PoV: Last Month Detections per Product by Severity-bar</name>
  4082.     <description>Displays a pie chart of detections within the last 1 month organized by detecting product.</description>
  4083.     <target>EPOEvents</target>
  4084.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4085.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%29+%29</condition-uri>
  4086.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOEvents.AnalyzerName%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4087.   </query>
  4088.   <query id="910">
  4089.     <dictionary id="911"/>
  4090.     <name>TIE: Last 1 Week Rule Names and Action Taken</name>
  4091.     <description></description>
  4092.     <target>JTIClientEventInfoView</target>
  4093.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name%3AJTIClientEventInfoView.SecurityPosture&amp;orion.table.order=za&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOLeafNode.NodeName%3AEPOEvents.TargetFileName%3AJTIClientEventInfoView.CertName%3AJTIClientRulesView.Name</table-uri>
  4094.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29</condition-uri>
  4095.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=JTIClientRulesView.Name%3AEPOEvents.ThreatActionTaken&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4096.   </query>
  4097.   <query id="912">
  4098.     <dictionary id="913"/>
  4099.     <name>PoV: Last 3 Months Detections Trend for Virus Scan (imported)</name>
  4100.     <description>Last 3 Month Detections Trend for Virus Scan</description>
  4101.     <target>EPOEvents</target>
  4102.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4103.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  4104.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4105.   </query>
  4106.   <query id="914">
  4107.     <dictionary id="915"/>
  4108.     <name>PoV: Last 3 Months Detections Trend for ENS (imported)</name>
  4109.     <description>Last 3 Month Detections Trend for ENS</description>
  4110.     <target>EPOEvents</target>
  4111.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.ThreatActionTaken%3AEPOLeafNode.NodeName%3AEPOLeafNode.os%3AEPOEvents.SourceIPV4%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4112.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%29+%29&amp;orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7776000000++%29+%29</condition-uri>
  4113.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4114.   </query>
  4115.   <query id="916">
  4116.     <dictionary id="917"/>
  4117.     <name>OBM: Detected Threats 4 to 8 hours</name>
  4118.     <description></description>
  4119.     <target>EPOEvents</target>
  4120.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4121.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
  4122.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4123.   </query>
  4124.   <query id="918">
  4125.     <dictionary id="919"/>
  4126.     <name>OBM: Detected Threats 8 to 12 hours</name>
  4127.     <description></description>
  4128.     <target>EPOEvents</target>
  4129.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4130.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
  4131.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4132.   </query>
  4133.   <query id="920">
  4134.     <dictionary id="921"/>
  4135.     <name>OBM: Infected Systems over the past 4 hours</name>
  4136.     <description></description>
  4137.     <target>EPOEvents</target>
  4138.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4139.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+newerThan+EPOEvents.DetectedUTC+14400000++%29+%29+%29</condition-uri>
  4140.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4141.   </query>
  4142.   <query id="922">
  4143.     <dictionary id="923"/>
  4144.     <name>OBM: Infected Systems over the past 4 to 8 hours</name>
  4145.     <description></description>
  4146.     <target>EPOEvents</target>
  4147.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4148.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+14400000++%29+%28+newerThan+EPOEvents.DetectedUTC+28800000++%29+%29+%29+%29</condition-uri>
  4149.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  4150.   </query>
  4151.   <query id="924">
  4152.     <dictionary id="925"/>
  4153.     <name>OBM: Infected Systems over the past 8 to 12 hours</name>
  4154.     <description></description>
  4155.     <target>EPOEvents</target>
  4156.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4157.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1049++%29+%29+%28+and+%28+olderThan+EPOEvents.DetectedUTC+28800000++%29+%28+newerThan+EPOEvents.DetectedUTC+43200000++%29+%29+%29+%29</condition-uri>
  4158.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=false</summary-uri>
  4159.   </query>
  4160.   <query id="926">
  4161.     <dictionary id="927"/>
  4162.     <name>VSE Versions Summary (imported)</name>
  4163.     <description>Displays a pie chart of installed VSE versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  4164.     <target>EPOLeafNode</target>
  4165.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4166.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4167.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4168.   </query>
  4169.   <query id="928">
  4170.     <dictionary id="929"/>
  4171.     <name>VSE Engine Versions Summary (imported)</name>
  4172.     <description>Displays a pie chart of installed VSE Engine versions on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  4173.     <target>EPOLeafNode</target>
  4174.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4175.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4176.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.enginever&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4177.   </query>
  4178.   <query id="930">
  4179.     <dictionary id="931"/>
  4180.     <name>DAT Versions Summary (imported)</name>
  4181.     <description>Displays a pie chart of installed DAT files by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  4182.     <target>EPOLeafNode</target>
  4183.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4184.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4185.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=za&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4186.   </query>
  4187.   <query id="932">
  4188.     <dictionary id="933"/>
  4189.     <name>Agent Versions Summary (imported)</name>
  4190.     <description>Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.</description>
  4191.     <target>EPOLeafNode</target>
  4192.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4193.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4194.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOProdPropsView_EPOAGENT.productversion&amp;orion.query.type=pie.pie&amp;pie.count.title=Computers&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4195.   </query>
  4196.   <query id="934">
  4197.     <dictionary id="935"/>
  4198.     <name>VirusScan Patch Versions (imported)</name>
  4199.     <description>Shows complete VirusScan products and all the patches associated with them that are installed in the environment.</description>
  4200.     <target>EPOLeafNode</target>
  4201.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOLeafNode.Tags%3AEPOProdPropsView_VIRUSCAN.hotfix%3AEPOProdPropsView_VIRUSCAN.productversion</table-uri>
  4202.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+version_ge+EPOProdPropsView_VIRUSCAN.productversion+%228.5%22+%29+%29</condition-uri>
  4203.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.productversion%3AEPOProdPropsView_VIRUSCAN.hotfix&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4204.   </query>
  4205.   <query id="936">
  4206.     <dictionary id="937"/>
  4207.     <name>Systems per Top-Level Group (imported)</name>
  4208.     <description>Displays a bar chart of your managed systems organized by top-level System Tree group.</description>
  4209.     <target>EPOLeafNode</target>
  4210.     <table-uri>query:table?orion.table.columns=EPOBranchNode.NodeTextPath2%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags&amp;orion.table.order=az&amp;orion.table.order.by=EPOBranchNode.NodeTextPath%3AEPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOLeafNode.os%3AEPOLeafNode.Tags</table-uri>
  4211.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4212.     <summary-uri>query:summary?bar.title=EPOBranchNode.NodeName&amp;bool.red.text=Non-Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;orion.query.type=bar.bar&amp;bool.green.criteria=%28+where+%28+hasTag+EPOLeafNode.AppliedTags+%223%22+%29+%29&amp;bar.count.title=EPOLeafNode&amp;orion.sum.group.by=EPOBranchNode.L1ParentID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=20&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4213.   </query>
  4214.   <query id="938">
  4215.     <dictionary id="939"/>
  4216.     <name>SiteAdvisor Product Versions (imported)</name>
  4217.     <description>Shows all the different versions of SiteAdvisor in the Enterprise</description>
  4218.     <target>EPOLeafNode</target>
  4219.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOProdPropsView_SITEADVISOR.productversion</table-uri>
  4220.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4221.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProdPropsView_SITEADVISOR.productversion&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4222.   </query>
  4223.   <query id="940">
  4224.     <dictionary id="941"/>
  4225.     <name>Agent Communication Summary</name>
  4226.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  4227.     <target>EPOLeafNode</target>
  4228.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4229.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4230.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%221%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4231.   </query>
  4232.   <query id="942">
  4233.     <dictionary id="943"/>
  4234.     <name>Composite Utilization</name>
  4235.     <description></description>
  4236.     <target>EPOProductEvents</target>
  4237.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4238.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  4239.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4240.   </query>
  4241.   <query id="944">
  4242.     <dictionary id="945"/>
  4243.     <name>DAT Utilization</name>
  4244.     <description></description>
  4245.     <target>EPOProductEvents</target>
  4246.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4247.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22DAT%22+%29+%29+%29</condition-uri>
  4248.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.SiteName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4249.   </query>
  4250.   <query id="946">
  4251.     <dictionary id="947"/>
  4252.     <name>Install Utilization</name>
  4253.     <description></description>
  4254.     <target>EPOProductEvents</target>
  4255.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4256.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22Install%22+%29+%29+%29</condition-uri>
  4257.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4258.   </query>
  4259.   <query id="948">
  4260.     <dictionary id="949"/>
  4261.     <name>Invalid Repositories</name>
  4262.     <description></description>
  4263.     <target>EPOProductEvents</target>
  4264.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4265.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+isBlank+EPOProductEvents.Type+%29+%29+%29</condition-uri>
  4266.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.HostName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4267.   </query>
  4268.   <query id="950">
  4269.     <dictionary id="951"/>
  4270.     <name>Patch Utilization</name>
  4271.     <description></description>
  4272.     <target>EPOProductEvents</target>
  4273.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4274.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+eq+EPOProductEvents.Type+%22HotFix%22+%29+%29+%29</condition-uri>
  4275.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOProductEvents.SiteName%3AEPOProductEvents.ProductCode&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4276.   </query>
  4277.   <query id="952">
  4278.     <dictionary id="953"/>
  4279.     <name>Update Errors</name>
  4280.     <description></description>
  4281.     <target>EPOProductEvents</target>
  4282.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4283.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOProductEvents.DetectedUTC+172800000++%29+%28+not_isBlank+EPOProductEvents.Type+%29+%28+ne+EPOProductEvents.Error+0++%29+%29+%29</condition-uri>
  4284.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOBranchNode.L1ParentID%3AEPOProductEvents.Error&amp;orion.sum.order=az%3Aaz&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4285.   </query>
  4286.   <query id="954">
  4287.     <dictionary id="955"/>
  4288.     <name>Threat Events in the Last Week</name>
  4289.     <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
  4290.     <target>EPOEvents</target>
  4291.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4292.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  4293.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4294.   </query>
  4295.   <query id="956">
  4296.     <dictionary id="957"/>
  4297.     <name>Top 10 endpoints - Threat Events Last 24h</name>
  4298.     <description></description>
  4299.     <target>EPOEvents</target>
  4300.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
  4301.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  4302.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4303.   </query>
  4304.   <query id="958">
  4305.     <dictionary id="959"/>
  4306.     <name>Malware Detections</name>
  4307.     <description></description>
  4308.     <target>EPOEvents</target>
  4309.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
  4310.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
  4311.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4312.   </query>
  4313.   <query id="960">
  4314.     <dictionary id="961"/>
  4315.     <name>Top 10 Users with the Most Detections Last 24h</name>
  4316.     <description>Top 10 user with the most detections in the last three months.</description>
  4317.     <target>EPOEvents</target>
  4318.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  4319.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  4320.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4321.   </query>
  4322.   <query id="962">
  4323.     <dictionary id="963"/>
  4324.     <name>Convictions by Technology</name>
  4325.     <description></description>
  4326.     <target>EPOEvents</target>
  4327.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4328.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
  4329.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4330.   </query>
  4331.   <query id="964">
  4332.     <dictionary id="965"/>
  4333.     <name>Last Month ENS Detections</name>
  4334.     <description></description>
  4335.     <target>EPOEvents</target>
  4336.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  4337.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
  4338.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4339.   </query>
  4340.   <query id="966">
  4341.     <dictionary id="967"/>
  4342.     <name>Application Containment Results</name>
  4343.     <description></description>
  4344.     <target>EPOEvents</target>
  4345.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  4346.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
  4347.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4348.   </query>
  4349.   <query id="968">
  4350.     <dictionary id="969"/>
  4351.     <name>Endpoint Detection Events by Analyzer Type</name>
  4352.     <description></description>
  4353.     <target>EPOEvents</target>
  4354.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  4355.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
  4356.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4357.   </query>
  4358.   <query id="970">
  4359.     <dictionary id="971"/>
  4360.     <name>Threat detection by OS (Last 7 days)</name>
  4361.     <description></description>
  4362.     <target>EPOEvents</target>
  4363.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4364.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  4365.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4366.   </query>
  4367.   <query id="972">
  4368.     <dictionary id="973"/>
  4369.     <name>Malware Detection History (imported)</name>
  4370.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  4371.     <target>EPOEvents</target>
  4372.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4373.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  4374.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4375.   </query>
  4376.   <query id="974">
  4377.     <dictionary id="975"/>
  4378.     <name>Agent + Protection</name>
  4379.     <description></description>
  4380.     <target>EPOLeafNode</target>
  4381.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  4382.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+7776000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
  4383.     <summary-uri>query:summary?horizontal=true&amp;orion.sum.query=true&amp;orion.query.type=bar.stackedbar&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion%3AEPOProdPropsView_THREATPREVENTION.productversion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4384.   </query>
  4385.   <query id="976">
  4386.     <dictionary id="977"/>
  4387.     <name>Agent Communication Summary (imported)</name>
  4388.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  4389.     <target>EPOLeafNode</target>
  4390.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4391.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
  4392.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4393.   </query>
  4394.   <query id="978">
  4395.     <dictionary id="979"/>
  4396.     <name>DAT versions (last 1 month)</name>
  4397.     <description></description>
  4398.     <target>EPOLeafNode</target>
  4399.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName</table-uri>
  4400.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOLeafNode.ManagedState+1++%29+%28+newerThan+EPOLeafNode.LastUpdate+2592000000++%29+%29+%29</condition-uri>
  4401.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOProdPropsView_VIRUSCAN.datver&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4402.   </query>
  4403.   <query id="980">
  4404.     <dictionary id="981"/>
  4405.     <name>Failed DAT Updates (last week)</name>
  4406.     <description>Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.</description>
  4407.     <target>EPOProductEvents</target>
  4408.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.IPV6%3AEPOProductEvents.DetectedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.ProductCode%3AEPOLeafNode.NodeName%3AEPOProductEvents.DetectedUTC</table-uri>
  4409.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOProductEvents.TVDEventID+258++%29+%28+newerThan+EPOProductEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  4410.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOProductEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=hour&amp;orion.sum.order=oldest&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4411.   </query>
  4412.   <query id="982">
  4413.     <dictionary id="983"/>
  4414.     <name>Distributed Repository Status</name>
  4415.     <description>Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.</description>
  4416.     <target>EPORepositoryStatus</target>
  4417.     <table-uri>query:table?orion.table.columns=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status%3AEPORepositoryStatus.lastreplication&amp;orion.table.order=az&amp;orion.table.order.by=EPORepositoryStatus.name%3AEPORepositoryStatus.type%3AEPORepositoryStatus.status</table-uri>
  4418.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPORepositoryStatus.type+3++%29+%29</condition-uri>
  4419.     <summary-uri>query:summary?bool.red.text=failure&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+eq+EPORepositoryStatus.status+3++%29+%29&amp;bool.green.text=success&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4420.   </query>
  4421.   <query id="984">
  4422.     <dictionary id="985"/>
  4423.     <name>Server Task Errors (last month)</name>
  4424.     <description></description>
  4425.     <target>OrionTaskLogTask</target>
  4426.     <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&amp;orion.table.order=az&amp;orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
  4427.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
  4428.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=OrionTaskLogTask.Status&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4429.   </query>
  4430.   <query id="986">
  4431.     <dictionary id="987"/>
  4432.     <name>Malware Detection History (imported 2)</name>
  4433.     <description>Displays a line chart of the number of internal virus detections over the past quarter.</description>
  4434.     <target>EPOEvents</target>
  4435.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOEventFilterDesc.Name%3AEPOEvents.SourceIPV4%3AEPOLeafNode.os%3AEPOEvents.AnalyzerEngineVersion%3AEPOEvents.AnalyzerDATVersion</table-uri>
  4436.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+7862400000++%29+%29&amp;orion.condition.sexp=%28+where+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29</condition-uri>
  4437.     <summary-uri>query:summary?orion.sum.query=true&amp;line.count.title=EPOEvents&amp;orion.query.type=line.line&amp;line.title=EPOEvents.DetectedUTC&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4438.   </query>
  4439.   <query id="988">
  4440.     <dictionary id="989"/>
  4441.     <name>Top 10 endpoints - Threat Events (last 7 days) (imported 2)</name>
  4442.     <description></description>
  4443.     <target>EPOEvents</target>
  4444.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4445.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  4446.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4447.   </query>
  4448.   <query id="990">
  4449.     <dictionary id="991"/>
  4450.     <name>Threats detected by the cloud (no signatures) (imported 2)</name>
  4451.     <description></description>
  4452.     <target>EPOEvents</target>
  4453.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4454.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22Artemis%22+%29+%29+%29</condition-uri>
  4455.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4456.   </query>
  4457.   <query id="992">
  4458.     <dictionary id="993"/>
  4459.     <name>Threat Events NOT handled (last 1 week) (imported 2)</name>
  4460.     <description></description>
  4461.     <target>EPOEvents</target>
  4462.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4463.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+ne+EPOEvents.ThreatHandled+t+%29+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%29+%29</condition-uri>
  4464.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.ThreatHandled&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4465.   </query>
  4466.   <query id="994">
  4467.     <dictionary id="995"/>
  4468.     <name>Top 10 users - Threat Events (last 7 days) (imported 2)</name>
  4469.     <description></description>
  4470.     <target>EPOEvents</target>
  4471.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4472.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  4473.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4474.   </query>
  4475.   <query id="996">
  4476.     <dictionary id="997"/>
  4477.     <name>Threats detected by Local Threat Intelligence (imported 2)</name>
  4478.     <description></description>
  4479.     <target>EPOEvents</target>
  4480.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4481.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+15552000000++%29+%29&amp;orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+contains+EPOEvents.ThreatName+%22TIE%22+%29+%29+%29</condition-uri>
  4482.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=week&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4483.   </query>
  4484.   <query id="998">
  4485.     <dictionary id="999"/>
  4486.     <name>Top Blocked Sites by Users</name>
  4487.     <description>SiteAdvisor Enterprise: Top 100 sites that were blocked over the last 30 days.</description>
  4488.     <target>SAEEvent</target>
  4489.     <table-uri>query:table?orion.table.columns=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName%3ASAEEvent.Count&amp;orion.table.order=az&amp;orion.table.order.by=SAEEvent.DetectedUTC%3ASAEEvent.RatingID%3ASAEEvent.ContentID%3ASAEEvent.DomainName%3ASAEEvent.ActionID%3ASAEEvent.ReasonID%3ASAEEvent.ListID%3ASAEEvent.URL%3AEPOLeafNode.NodeName</table-uri>
  4490.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+SAEEvent.EventTypeID+18600++%29+%28+newerThan+SAEEvent.DetectedUTC+2592000000++%29+%28+eq+SAEEvent.ActionID+4++%29+%28+not_isBlank+EPOLeafNode.NodeName+%29+%29+%29</condition-uri>
  4491.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=SAEEvent.DomainName&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=SAEEvent.UserID&amp;orion.sum.order=desc&amp;orion.sum.limit.count=100&amp;orion.sum.aggregation=sum&amp;orion.sum.aggregation.column=SAEEvent.Count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4492.   </query>
  4493.   <query id="1000">
  4494.     <dictionary id="1001"/>
  4495.     <name>Threat detection by OS (Last 7 days) (imported 2)</name>
  4496.     <description></description>
  4497.     <target>EPOEvents</target>
  4498.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4499.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPOComputerProperties.OSType+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29+%29</condition-uri>
  4500.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.groupedbar&amp;orion.sum.group.by=EPOComputerProperties.OSType%3AEPOEvents.ThreatSeverity&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.limit.count=100%3A100&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4501.   </query>
  4502.   <query id="1002">
  4503.     <dictionary id="1003"/>
  4504.     <name>Threats for 1 Day (imported)</name>
  4505.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4506.     <target>EPOEvents</target>
  4507.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4508.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4509.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4510.   </query>
  4511.   <query id="1004">
  4512.     <dictionary id="1005"/>
  4513.     <name>Threats for 1 Week (imported)</name>
  4514.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4515.     <target>EPOEvents</target>
  4516.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4517.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4518.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4519.   </query>
  4520.   <query id="1006">
  4521.     <dictionary id="1007"/>
  4522.     <name>Threat Events in the Last Week (imported)</name>
  4523.     <description>This chart shows the trend of threat event generation for the last 2 weeks.</description>
  4524.     <target>EPOEvents</target>
  4525.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.ThreatEventID%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4526.     <condition-uri>query:condition?orion.requied.sexp=%28+where+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%29&amp;orion.condition.sexp=</condition-uri>
  4527.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=line.line&amp;orion.sum.group.by=EPOEvents.DetectedUTC&amp;orion.sum.time.cols=true&amp;orion.sum.time.unit=day&amp;orion.sum.order=oldest&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4528.   </query>
  4529.   <query id="1008">
  4530.     <dictionary id="1009"/>
  4531.     <name>Top 10 endpoints - Threat Events Last 24h (imported)</name>
  4532.     <description></description>
  4533.     <target>EPOEvents</target>
  4534.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatType%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatName</table-uri>
  4535.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_belongs+EPOEvents.ThreatCategory+%22av%22+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  4536.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4537.   </query>
  4538.   <query id="1010">
  4539.     <dictionary id="1011"/>
  4540.     <name>Malware Detections (imported)</name>
  4541.     <description></description>
  4542.     <target>EPOEvents</target>
  4543.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetFileName%3AEPOEvents.ThreatName%3AEPOEvents.ReceivedUTC</table-uri>
  4544.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+and+%28+not_isBlank+EPExtendedEvent.TargetName+%29+%28+ne+EPOEvents.ThreatType+%22Dynamic+Application+Containment%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22IDS_ACTION_WOULD_BLOCK%22+%29+%29+%29</condition-uri>
  4545.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.AnalyzerHostName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.TargetFileName&amp;orion.sum.order=desc%3Adesc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4546.   </query>
  4547.   <query id="1012">
  4548.     <dictionary id="1013"/>
  4549.     <name>Top 10 Users with the Most Detections Last 24h (imported)</name>
  4550.     <description>Top 10 user with the most detections in the last three months.</description>
  4551.     <target>EPOEvents</target>
  4552.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDetectionMethod%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AAM_CustomProps.ManifestVersion%3AAM_CustomProps.EngineVersion</table-uri>
  4553.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+or+%28+eq+EPOEvents.ThreatType+%22app%22+%29+%28+eq+EPOEvents.ThreatType+%22app_adware%22+%29+%28+eq+EPOEvents.ThreatType+%22app_remoteadmin%22+%29+%28+eq+EPOEvents.ThreatType+%22app_keylogger%22+%29+%28+eq+EPOEvents.ThreatType+%22app_pwcracker%22+%29+%28+eq+EPOEvents.ThreatType+%22app_dialer%22+%29+%28+eq+EPOEvents.ThreatType+%22app_spyware%22+%29+%28+eq+EPOEvents.ThreatType+%22virus%22+%29+%28+eq+EPOEvents.ThreatType+%22trojan%22+%29+%28+eq+EPOEvents.ThreatType+%22joke%22+%29+%28+eq+EPOEvents.ThreatType+%22test%22+%29+%29+%28+ne+EPOEvents.ThreatEventID+34928++%29+%28+not_isBlank+EPOEvents.TargetUserName+%29+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%29+%29</condition-uri>
  4554.     <summary-uri>query:summary?orion.sum.query=true&amp;topn.title=EPOEvents.TargetUserName&amp;topn.count.title=EPOEvents&amp;orion.query.type=summary.topn&amp;orion.sum.group.by=EPOEvents.TargetUserName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4555.   </query>
  4556.   <query id="1014">
  4557.     <dictionary id="1015"/>
  4558.     <name>Convictions by Technology (imported)</name>
  4559.     <description></description>
  4560.     <target>EPOEvents</target>
  4561.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.ThreatType&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName</table-uri>
  4562.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+or+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Active+Response%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Endpoint+Security%22+%29+%28+eq+EPOEvents.AnalyzerName+%22vATD%22+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+eq+EPOEvents.AnalyzerName+%22Endpoint+Security+Platform%22+%29+%28+eq+EPOEvents.AnalyzerName+%22McAfee+Host+Intrusion+Prevention%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MOVE+AV+Client%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%28+eq+EPOEvents.AnalyzerName+%22MSME%22+%29+%29+%28+or+%28+ne+EPOEvents.ThreatActionTaken+%22jticlient.allowed%22+%29+%28+ne+EPOEvents.ThreatActionTaken+%22none%22+%29+%28+not_isBlank+EPOEvents.ThreatActionTaken+%29+%29+%29+%29</condition-uri>
  4563.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4564.   </query>
  4565.   <query id="1016">
  4566.     <dictionary id="1017"/>
  4567.     <name>Last Month ENS Detections (imported)</name>
  4568.     <description></description>
  4569.     <target>EPOEvents</target>
  4570.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  4571.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+ne+EPOEvents.AnalyzerDetectionMethod+%22On-Execute+Scan%22+%29+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29+%28+newerThan+EPOEvents.ReceivedUTC+2592000000++%29+%29+%29</condition-uri>
  4572.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4573.   </query>
  4574.   <query id="1018">
  4575.     <dictionary id="1019"/>
  4576.     <name>Application Containment Results (imported)</name>
  4577.     <description></description>
  4578.     <target>EPOEvents</target>
  4579.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  4580.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+threatcategory_not_belongs+EPOEvents.ThreatCategory+%22ops%22+%29+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+eq+EPOEvents.ThreatType+%22IDS_THREAT_TYPE_VALUE_DACAP%22+%29+%29+%29</condition-uri>
  4581.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4582.   </query>
  4583.   <query id="1020">
  4584.     <dictionary id="1021"/>
  4585.     <name>Endpoint Detection Events by Analyzer Type (imported)</name>
  4586.     <description></description>
  4587.     <target>EPOEvents</target>
  4588.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.TargetHostName%3AEPOEvents.ThreatName%3AEPOEvents.AnalyzerDetectionMethod%3AEPOEvents.AnalyzerHostName%3AEPOEvents.ThreatActionTaken%3AEPOEvents.SourceProcessName</table-uri>
  4589.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+not_isBlank+EPOEvents.AnalyzerDetectionMethod+%29+%29</condition-uri>
  4590.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOEvents.AnalyzerDetectionMethod&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4591.   </query>
  4592.   <query id="1022">
  4593.     <dictionary id="1023"/>
  4594.     <name>Threats for 1 Month</name>
  4595.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4596.     <target>EPOEvents</target>
  4597.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4598.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4599.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatType%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4600.   </query>
  4601.   <query id="1024">
  4602.     <dictionary id="1025"/>
  4603.     <name>Threats/Host for 1 Day (imported)</name>
  4604.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4605.     <target>EPOEvents</target>
  4606.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4607.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4608.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4609.   </query>
  4610.   <query id="1026">
  4611.     <dictionary id="1027"/>
  4612.     <name>Threats/Host for 1 Week</name>
  4613.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4614.     <target>EPOEvents</target>
  4615.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4616.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4617.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4618.   </query>
  4619.   <query id="1028">
  4620.     <dictionary id="1029"/>
  4621.     <name>Threats/Host for 1 Month (imported)</name>
  4622.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4623.     <target>EPOEvents</target>
  4624.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4625.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4626.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOComputerProperties.ComputerName%3AEPOEvents.ThreatName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4627.   </query>
  4628.   <query id="1030">
  4629.     <dictionary id="1031"/>
  4630.     <name>Threats/File for 1 Day (imported)</name>
  4631.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4632.     <target>EPOEvents</target>
  4633.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4634.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+newerThan+EPOEvents.DetectedUTC+86400000++%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4635.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4636.   </query>
  4637.   <query id="1032">
  4638.     <dictionary id="1033"/>
  4639.     <name>Threats/File for 1 Week (imported)</name>
  4640.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4641.     <target>EPOEvents</target>
  4642.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4643.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+604800000++%29+%28+olderThan+EPOEvents.DetectedUTC+86400000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4644.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4645.   </query>
  4646.   <query id="1034">
  4647.     <dictionary id="1035"/>
  4648.     <name>Threats/File for 1 Month (imported)</name>
  4649.     <description>Summary of threats that have been detected in the last seven days. No cookies.</description>
  4650.     <target>EPOEvents</target>
  4651.     <table-uri>query:table?orion.table.columns=EPOEvents.ThreatCategory%3AEPOEvents.ThreatType%3AEPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.TargetUserName%3AEPOEvents.TargetHostName%3AEPOEvents.AnalyzerIPV4%3AEPOLeafNode.Tags%3AEPOEvents.AnalyzerName%3AEPOEvents.AnalyzerVersion%3AEPOEvents.AnalyzerDATVersion%3AEPOEvents.AnalyzerEngineVersion%3AEPOLeafNode.LastUpdate%3AEPOProductPropertyProducts.Products</table-uri>
  4652.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+and+%28+newerThan+EPOEvents.DetectedUTC+2592000000++%29+%28+olderThan+EPOEvents.DetectedUTC+604800000++%29+%29+%28+eq+EPOEvents.AnalyzerName+%22VirusScan+Enterprise%22+%29+%28+and+%28+ne+EPOEvents.ThreatType+%22access+protection%22+%29+%28+ne+EPOEvents.ThreatType+%22app_puocookie%22+%29+%29+%28+and+%28+not_isBlank+EPOEvents.ThreatName+%29+%28+ne+EPOEvents.ThreatName+%22None%22+%29+%29+%28+and+%28+ne+EPOEvents.ThreatEventID+1051++%29+%28+ne+EPOEvents.ThreatEventID+1059++%29+%29+%29+%29</condition-uri>
  4653.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOEvents.ThreatName%3AEPOEvents.TargetFileName&amp;orion.sum.order=az%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4654.   </query>
  4655.   <query id="1036">
  4656.     <dictionary id="1037"/>
  4657.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 categories chart</name>
  4658.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  4659.     <target>UA_Category_Query_Chart</target>
  4660.     <table-uri>query:table?orion.table.columns=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total&amp;orion.table.order=az&amp;orion.table.order.by=UA_Category_Query_Chart.Description%3AUA_Category_Query_Chart.Total</table-uri>
  4661.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Category_Query_Chart.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  4662.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=UA_Category_Query_Chart.Description&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4663.   </query>
  4664.   <query id="1038">
  4665.     <dictionary id="1039"/>
  4666.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 analyze table</name>
  4667.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  4668.     <target>UA_Analyse_Query</target>
  4669.     <table-uri>query:table?orion.table.columns=UA_Analyse_Query.Product%3AUA_Analyse_Query.Your_Environment%3AUA_Analyse_Query.Required_Update%3AUA_Analyse_Query.Endpoints&amp;orion.table.order=asc&amp;orion.table.order.by=UA_Analyse_Query.Product</table-uri>
  4670.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Analyse_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  4671.     <summary-uri>query:summary?orion.query.type=table.table&amp;orion.sum.query=false</summary-uri>
  4672.   </query>
  4673.   <query id="1040">
  4674.     <dictionary id="1041"/>
  4675.     <name>Endpoint Upgrade Assistant - McAfee Endpoint Security 10.5 plan table</name>
  4676.     <description>Expired or old data? Click on &apos;Analyze Environment&apos; to refresh this query for All Endpoints</description>
  4677.     <target>UA_Plan_Query</target>
  4678.     <table-uri>query:table?orion.table.columns=UA_Plan_Query.Required_Actions%3AUA_Plan_Query.Restarts%3AUA_Plan_Query.Servers%3AUA_Plan_Query.Workstations%3AUA_Plan_Query.Total&amp;orion.table.order=az&amp;orion.table.order.by=UA_Plan_Query.Required_Actions</table-uri>
  4679.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+UA_Plan_Query.UA_ReferenceConfiguration_Id+2+%29+%29</condition-uri>
  4680.     <summary-uri>query:summary?orion.query.type=table.table</summary-uri>
  4681.   </query>
  4682.   <query id="1042">
  4683.     <dictionary id="1043"/>
  4684.     <name>Systeme pro Agentensteuerung</name>
  4685.     <description>Zeigt ein Kreisdiagramm von verwalteten Systemen an, wobei jedes Segment fΓΌr eine Agentensteuerung steht.</description>
  4686.     <target>EPOLeafNode</target>
  4687.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOAgentHandlers.DNSName%3AEPOAgentHandlers.LastKnownTCPIP%3AEPOLeafNode.LastUpdate%3AEPOProdPropsView_EPOAGENT.productversion</table-uri>
  4688.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1+%29+%29</condition-uri>
  4689.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=&amp;orion.sum.group.by=EPOAgentHandlers.DNSName&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4690.   </query>
  4691.   <query id="1044">
  4692.     <dictionary id="1045"/>
  4693.     <name>Inaktive Agenten</name>
  4694.     <description>Agenten vom Typ McAfee Agent, die in den letzten 30 Tagen nicht mit dem ePolicy Orchestrator-Server kommuniziert haben.</description>
  4695.     <target>EPOLeafNode</target>
  4696.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.UserName%3AEPOLeafNode.LastUpdate</table-uri>
  4697.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+olderThan+EPOLeafNode.LastUpdate+2592000000++%29+%28+eq+EPOLeafNode.ManagedState+1++%29+%29+%29</condition-uri>
  4698.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOProdPropsView_EPOAGENT.productversion&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4699.   </query>
  4700.   <query id="1046">
  4701.     <dictionary id="1047"/>
  4702.     <name>Agent Communication Summary (imported 2)</name>
  4703.     <description>Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.</description>
  4704.     <target>EPOLeafNode</target>
  4705.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOComputerProperties.UserName%3AEPOProdPropsView_EPOAGENT.productversion%3AEPOComputerProperties.IPV6%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.OSVersion%3AEPOComputerProperties.OSType%3AEPOLeafNode.LastUpdate</table-uri>
  4706.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+eq+EPOLeafNode.ManagedState+1++%29+%29</condition-uri>
  4707.     <summary-uri>query:summary?bool.red.text=Non+Compliant&amp;orion.sum.query=true&amp;bool.green.text=Compliant&amp;bool.show.criteria=false&amp;orion.query.type=pie.bool&amp;bool.green.criteria=%28+where+%28+and+%28+newerThan+EPOLeafNode.LastUpdate+604800000++%29+%28+version_ge+EPOProdPropsView_EPOAGENT.productversion+%225%22+%29+%29+%29&amp;show.percentage=false&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4708.   </query>
  4709.   <query id="1048">
  4710.     <dictionary id="1049"/>
  4711.     <name>Systeme in Lost &amp; Found</name>
  4712.     <description></description>
  4713.     <target>EPOLeafNode</target>
  4714.     <table-uri>query:table?orion.table.columns=EPOLeafNode.LastUpdate%3AEPOLeafNode.NodeName%3AEPOLeafNode.Tags%3AEPOComputerProperties.DomainName%3AEPOComputerProperties.IPHostName&amp;orion.table.order=asc&amp;orion.table.order.by=EPOLeafNode.LastUpdate</table-uri>
  4715.     <condition-uri>query:condition?orion.requied.sexp=&amp;orion.condition.sexp=%28+where+%28+descendsFrom+EPOBranchNode.AutoID+%223%22+%29+%29</condition-uri>
  4716.     <summary-uri>query:summary?orion.query.type=summary.topn&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOLeafNode.NodeName&amp;orion.sum.order=desc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4717.   </query>
  4718.   <query id="1050">
  4719.     <dictionary id="1051"/>
  4720.     <name>OS overview</name>
  4721.     <description></description>
  4722.     <target>EPOLeafNode</target>
  4723.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion&amp;orion.table.order=az&amp;orion.table.order.by=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate%3AEPOComputerProperties.OSType%3AEPOComputerProperties.OSVersion</table-uri>
  4724.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4725.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=false&amp;orion.sum.group.by=EPOComputerProperties.OSType&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4726.   </query>
  4727.   <query id="1052">
  4728.     <dictionary id="1053"/>
  4729.     <name>Total Threat Events in EPO Database</name>
  4730.     <description></description>
  4731.     <target>EPOEvents</target>
  4732.     <table-uri>query:table?orion.table.columns=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName&amp;orion.table.order=az&amp;orion.table.order.by=EPOEvents.DetectedUTC%3AEPOEvents.Analyzer%3AEPOEvents.TargetHostName%3AEPOEvents.TargetIPV4%3AEPOEvents.ThreatCategory%3AEPOEvents.ThreatEventID%3AEPOEvents.ThreatSeverity%3AEPOEvents.ThreatName</table-uri>
  4733.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4734.     <summary-uri>query:summary?orion.sum.query=true&amp;pie.slice.title=EPOEventFilterDesc.Name&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=10&amp;orion.show.other=true&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4735.   </query>
  4736.   <query id="1054">
  4737.     <dictionary id="1055"/>
  4738.     <name>Total Client Events in EPO Database</name>
  4739.     <description></description>
  4740.     <target>EPOProductEvents</target>
  4741.     <table-uri>query:table?orion.table.columns=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version&amp;orion.table.order=az&amp;orion.table.order.by=EPOProductEvents.TVDEventID%3AEPOProductEvents.TVDSeverity%3AEPOProductEvents.ProductCode%3AEPOProductEvents.version</table-uri>
  4742.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4743.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=pie.pie&amp;show.percentage=true&amp;orion.sum.group.by=EPOEventFilterDesc.Name&amp;orion.sum.order=desc&amp;orion.sum.limit.count=360&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4744.   </query>
  4745.   <query id="1056">
  4746.     <dictionary id="1057"/>
  4747.     <name>Server Task Errors (last month) (imported)</name>
  4748.     <description></description>
  4749.     <target>OrionTaskLogTask</target>
  4750.     <table-uri>query:table?orion.table.columns=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource&amp;orion.table.order=az&amp;orion.table.order.by=OrionTaskLogTask.Name%3AOrionTaskLogTask.StartDate%3AOrionTaskLogTask.EndDate%3AOrionTaskLogTask.UserName%3AOrionTaskLogTask.Status%3AOrionTaskLogTask.TaskSource</table-uri>
  4751.     <condition-uri>query:condition?orion.condition.sexp=%28+where+%28+and+%28+ne+OrionTaskLogTask.Status+0++%29+%28+newerThan+OrionTaskLogTask.EndDate+2592000000++%29+%29+%29</condition-uri>
  4752.     <summary-uri>query:summary?orion.sum.query=true&amp;orion.query.type=bar.bar&amp;orion.sum.group.by=OrionTaskLogTask.Status&amp;orion.sum.order=desc&amp;orion.sum.limit.count=200&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4753.   </query>
  4754.   <query id="1058">
  4755.     <dictionary id="1059"/>
  4756.     <name>Versions of Products - ALL (imported)</name>
  4757.     <description></description>
  4758.     <target>EPOSystemProductVersionInfo</target>
  4759.     <table-uri>query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion%3AEPOLeafNode.LastUpdate&amp;orion.table.order=az&amp;orion.table.order.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion</table-uri>
  4760.     <condition-uri>query:condition?orion.condition.sexp=</condition-uri>
  4761.     <summary-uri>query:summary?orion.query.type=summary.multigroup&amp;orion.sum.query=true&amp;orion.sum.group.by=EPOSystemProductVersionInfo.FamilyDispName%3AEPOSystemProductVersionInfo.productVersion&amp;orion.sum.order=desc%3Adesc&amp;orion.sum.aggregation=count&amp;orion.sum.aggregation.showTotal=true</summary-uri>
  4762.   </query>
  4763. </list>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!