Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Managing Your Protection<br />
Management of in<strong>for</strong>mation<br />
You can produce queries <strong>for</strong> a group of selected client systems, or limit report results by product<br />
or system criteria. You can export reports into a variety of file <strong>for</strong>mats, including HTML and<br />
Microsoft Excel.<br />
Your options include:<br />
• Setting a filter to gather only selected in<strong>for</strong>mation. Choose which group or tags to include<br />
in the report.<br />
• Setting a data filter using logical operators, to define precise filters on the data returned by<br />
the report.<br />
• Generating graphical reports from the in<strong>for</strong>mation in the database, and filter the reports as<br />
needed. You can print the reports and export them to other software.<br />
• Running queries of computers, events, and installations.<br />
Predefined and custom queries to analyze your protection<br />
The reporting feature contains predefined queries from <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> and allows<br />
you to create custom queries.<br />
You can organize and maintain these queries to suit your needs. For example, if you customize<br />
settings <strong>for</strong> a report, you can export these settings as a template. You can also create custom<br />
templates and organize templates in logical groupings. For example, you can group queries<br />
that you run daily, weekly, and monthly.<br />
After a report is generated, you view summary in<strong>for</strong>mation, as determined by the filter, if any,<br />
that you have set. From the summary in<strong>for</strong>mation you can drill down to one or two levels <strong>for</strong><br />
detailed in<strong>for</strong>mation, all in the same report.<br />
You can control how much report in<strong>for</strong>mation is visible to different users; <strong>for</strong> example, global<br />
administrators versus other users. Some users can only view reports on systems in sites where<br />
they have permissions. Report in<strong>for</strong>mation is also controlled by applying filters.<br />
Custom queries<br />
You can create three<strong>Host</strong> IPS queries with the Query Builder wizard: Application Blocking Client<br />
Rules, Firewall Client Rules, and IPS Client Rules. Query parameters include:<br />
Application Blocking Client Rules<br />
Firewall Client Rules<br />
IPS Client Rules<br />
• Create Reaction<br />
• Creation Date<br />
• Creation Date<br />
• Creation Date • Direction<br />
• Enabled<br />
• Enabled • Domain List<br />
• Full Process Name<br />
• Full Process Name<br />
• Effective Reaction<br />
• Include All Processes<br />
• Hash • Enabled<br />
• Include All signatures<br />
• Hook Reaction • End Time<br />
• Include All Users<br />
• Local Version<br />
• Full Process Name<br />
• Last Modified Date<br />
• Modified Date • Hash<br />
• Local Version<br />
• Process Eval Option • IP Protocol<br />
• Process Name<br />
• Process Name<br />
• Local Service<br />
• Process Path<br />
• Process Path<br />
• Local Service type<br />
• Reaction<br />
• Local Version<br />
• Signature ID<br />
• Log Status • User Name<br />
• Match <strong>Intrusion</strong><br />
• Modified Date<br />
14<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>