McAfee TEECDE-AA-AA Evaluator Guide - Page 40
VSE: Top 10 Access Protection Rules Broken, Threat Name under Threat Events
View all McAfee TEECDE-AA-AA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Using Dashboards and Queries 13 From the Monitor list, select VSE: Top 10 Access Protection Rules Broken, then click OK. 14 Click Save. 15 ClickMake Active, then when prompted, click OK. 16 Click Close. 17 On the Dashboards tab, click VSE: Detections (custom). The two monitors you added display a pie chart (DAT Deployment), and a summary table (Top 10 Access Protection Rules Broken). When creating your own queries, consider the type of data you want to view, and how to display it. Running a predefined query As you discovered in the previous task, queries can be the source data displayed by dashboard monitors. You also can run queries individually. You can run the "MA: Agent Versions Summary" query, to make sure the McAfee Agent is deployed on all your test systems and to view the version number. 1 Click Menu | Reporting | Queries. 2 Expand Shared Groups and highlight McAfee Agent group. 3 In the query list, select MA: Agent Versions Summary. 4 Click Run. The results are displayed in a pie chart, showing the clients running the McAfee Agent and its version. Any systems that do not have McAfee Agent is displayed in a second pie slice. You can click on the pie slice showing version 4.x of the McAfee Agent to see the systems. Click Close to return to the pie chart and click Close again to return to the list of queries. To check whether Host Intrusion Prevention is installed and has the correct version of the program, run the HIP: Client Versions query. To check whether those clients have the most current updates, run the HIP: Content Versions query. You could also add these queries as dashboard monitors. Creating a custom query Use this task to create a query that shows all PUP detections. 1 Click Menu | Reporting | Queries. 2 Click New Query. 3 From the list, select Feature Group as Events and Result Type as Threat Events, then click Next. 4 Makes these selections, then click Next: For this... Select this... Display Results As Single Group Bar Chart Bar labels are Threat Name (under Threat Events) Bar values are Number of Threat Events 5 Click Next again to bypass the Columns page. 6 On the Filter page, from the Events section of Available Properties: • Click Detecting Product Name and set Comparison to Equals. For Value, type VirusScan Enterprise 8.7. • Click Event ID and set Comparison to Greater than. For Value, type 20000. 40 McAfee Total Protection for Endpoint Lab Evaluation Guide