McAfee TEECDE-AA-AA Evaluator Guide - Page 40

VSE: Top 10 Access Protection Rules Broken, Threat Name under Threat Events

Get McAfee TEECDE-AA-AA - Total Protection For Endpoint PDF manuals and user guides View all McAfee TEECDE-AA-AA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 40 highlights

Using Dashboards and Queries 13 From the Monitor list, select VSE: Top 10 Access Protection Rules Broken, then click OK. 14 Click Save. 15 ClickMake Active, then when prompted, click OK. 16 Click Close. 17 On the Dashboards tab, click VSE: Detections (custom). The two monitors you added display a pie chart (DAT Deployment), and a summary table (Top 10 Access Protection Rules Broken). When creating your own queries, consider the type of data you want to view, and how to display it. Running a predefined query As you discovered in the previous task, queries can be the source data displayed by dashboard monitors. You also can run queries individually. You can run the "MA: Agent Versions Summary" query, to make sure the McAfee Agent is deployed on all your test systems and to view the version number. 1 Click Menu | Reporting | Queries. 2 Expand Shared Groups and highlight McAfee Agent group. 3 In the query list, select MA: Agent Versions Summary. 4 Click Run. The results are displayed in a pie chart, showing the clients running the McAfee Agent and its version. Any systems that do not have McAfee Agent is displayed in a second pie slice. You can click on the pie slice showing version 4.x of the McAfee Agent to see the systems. Click Close to return to the pie chart and click Close again to return to the list of queries. To check whether Host Intrusion Prevention is installed and has the correct version of the program, run the HIP: Client Versions query. To check whether those clients have the most current updates, run the HIP: Content Versions query. You could also add these queries as dashboard monitors. Creating a custom query Use this task to create a query that shows all PUP detections. 1 Click Menu | Reporting | Queries. 2 Click New Query. 3 From the list, select Feature Group as Events and Result Type as Threat Events, then click Next. 4 Makes these selections, then click Next: For this... Select this... Display Results As Single Group Bar Chart Bar labels are Threat Name (under Threat Events) Bar values are Number of Threat Events 5 Click Next again to bypass the Columns page. 6 On the Filter page, from the Events section of Available Properties: • Click Detecting Product Name and set Comparison to Equals. For Value, type VirusScan Enterprise 8.7. • Click Event ID and set Comparison to Greater than. For Value, type 20000. 40 McAfee Total Protection for Endpoint Lab Evaluation Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
13
From the
Monitor
list, select
VSE: Top 10 Access Protection Rules Broken
, then click
OK
.
14
Click
Save
.
15
Click
Make Active
, then when prompted, click
OK
.
16
Click
Close
.
17
On the
Dashboards
tab, click
VSE: Detections (custom)
.
The two monitors you added display a pie chart (DAT Deployment), and a summary table (Top
10 Access Protection Rules Broken). When creating your own queries, consider the type of data
you want to view, and how to display it.
Running a predefined query
As you discovered in the previous task, queries can be the source data displayed by dashboard
monitors. You also can run queries individually.
You can run the "MA: Agent Versions Summary" query, to make sure the McAfee Agent is
deployed on all your test systems and to view the version number.
1
Click
Menu
|
Reporting
|
Queries
.
2
Expand Shared Groups and highlight
McAfee Agent
group.
3
In the query list, select
MA: Agent Versions Summary
.
4
Click
Run
.
The results are displayed in a pie chart, showing the clients running the McAfee Agent and its
version. Any systems that do not have McAfee Agent is displayed in a second pie slice.
You can click on the pie slice showing version 4.x of the McAfee Agent to see the systems. Click
Close
to return to the pie chart and click
Close
again to return to the list of queries.
To check whether Host Intrusion Prevention is installed and has the correct version of the
program, run the
HIP: Client Versions
query. To check whether those clients have the most
current updates, run the
HIP: Content Versions
query. You could also add these queries as
dashboard monitors.
Creating a custom query
Use this task to create a query that shows all PUP detections.
1
Click
Menu
|
Reporting
|
Queries
.
2
Click
New Query
.
3
From the list, select
Feature Group
as
Events
and
Result Type
as
Threat Events
,
then click
Next
.
4
Makes these selections, then click
Next
:
Select this...
For this...
Single Group Bar Chart
Display Results As
Threat Name (under Threat Events)
Bar labels are
Number of Threat Events
Bar values are
5
Click
Next
again to bypass the
Columns
page.
6
On the
Filter
page, from the
Events
section of
Available Properties
:
Click
Detecting Product Name
and set
Comparison
to
Equals
. For
Value
, type
VirusScan Enterprise 8.7
.
Click
Event ID
and set
Comparison
to
Greater than
. For
Value
, type
20000
.
Using Dashboards and Queries
McAfee Total Protection for Endpoint Lab Evaluation Guide
40