Use the available queries to review information for the endpoints based on the data stored in the McAfee ePO database. The following Change Control queries are available from the McAfee ePO console.
Table 4: Change Control Queries
Description Query
Displays all alerts generated in the last 3 months. Solidcore: Alerts
Displays the attempted violation events detected during the last 24 hours. The line chart plots data on a per hour basis. Click a value on the chart to review event details.
Solidcore: Attempted Violations Detected in the Last 24 Hours
Displays the attempted violation events detected during the last 7 days. The line chart plots data on a per day basis. Click a value on the chart to review event details.
Solidcore: Attempted Violations Detected in the Last 7 Days Monitoring and reporting Using dashboards
Description Query
Displays the status of all endpoints with the Change Control license which are managed by the McAfee ePO console. The pie chart categorizes the information based on the client status. Click a segment to review endpoint information. Solidcore: Integrity Monitor
Status Report
Displays the status of all endpoints managed by the McAfee ePO console. This report combines information for both the Application Control and Change Control Solidcore: Agent Status Report
licenses. The pie chart categorizes the information based on the client status. Click a segment to review detailed information.
Indicates the number of Solidcore Agents that are managed by the McAfee ePO console. The information is categorized based on the license information, namely Solidcore: Agent License Report
Application Control and Change Control, and further sorted based on the operating system on the endpoint.
Displays monitoring-related events detected during the last 24 hours. The line chart plots data on a per hour basis. Click a value on the chart to review event details. Solidcore: Integrity Monitor
Events Detected in the Last 24 Hours
Displays monitoring-related events detected during the last 7 days. The line chart plots data on a per day basis. Click a value on the chart to review event details. Solidcore: Integrity Monitor
Events Detected in the Last 7 Days
Lists the endpoints that are currently not compliant. The list is sorted based on the reason for non-compliance. An endpoint can be non compliant if it is in Disabled or Update mode or if the local Command Line Interface (CLI) access is recovered. Solidcore: Non Compliant
Solidcore Agents
Displays change events generated in the last 24 hours which are not compliant with the update policy. The line chart plots data on a per hour basis. Click a value on the chart to review event details.
Solidcore: Out of Band Change Events detected in Last 24 Hours
Displays change events generated in the last 7 days which are not compliant with the update policy. The line chart plots data on a per day basis. Click a value on the chart to review event details.
Solidcore: Out of Band Change Events detected in Last 7 Days
Displays the summary of changes that are grouped by the program name. This report allows you to comply with Payment Card Industry (PCI) requirement 10.3. Solidcore : PCI Req 10.3: File
Integrity Monitoring - Rolling 90 Days
Displays a detailed audit log of the critical systems, critical applications, and configuration files. This report allows you to comply with PCI Data Security Standards (DSS) requirement 11.5.
Solidcore : PCI DSS Req 11.5: Detailed PCI File Integrity Monitoring - Rolling 90 Days
Displays a summarized audit log of the critical systems, critical applications, and configuration files. This report allows you to comply with PCI DSS requirement 11.5.
Solidcore : PCI DSS Req 11.5: Summary PCI File Integrity Monitoring - Rolling 90 Days
Displays a detailed list of changes that are grouped by the user name. This report allows you to comply with PCI DSS requirement 10.3.1.
Solidcore : PCI DSS Req 10.3.1: User Report Detail - Rolling 90 Days
Displays the summarized list of changes that are sorted based on the user name and date. This report allows you to comply with PCI DSS requirement 10.3.1. Solidcore : PCI DSS Req 10.3.1:
User Report Summary - Rolling 90 Days
Lists the number of policies applied on the managed endpoints. Click a system to review information on the applied policies.
Solidcore: Policy Assignments By System
Categorizes and lists the rules defined in a selected monitoring or protection policy. To view the report, click Edit for the query, navigate to the Filter page, select a policy name, and click Run. Click a category to review all the rules in the category. Solidcore: Policy Details
Displays the top 10 change events that were generated during the last 7 days. The chart includes a bar for each event type and indicates the number of events Solidcore: Top 10 Change Events
in the Last 7 Days
generated for each event type. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Monitoring and reporting Viewing queries
Description Query
Displays the top 10 programs with most changes during the last 7 days. The chart includes a bar for each program and indicates the number of events generated by Solidcore: Top 10 Programs with
Most Change Events in the Last
7 Days each program. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Displays the top 10 systems with the most changes during the last 7 days. The chart includes a bar for each system and indicates the number of events generated Solidcore: Top 10 Systems with
Most Change Events in the Last
7 Days for each system. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Displays the top 10 systems with the maximum number of violations in the last 24 hours. The chart includes a bar for each system and indicates the number of violations for each system. Click a bar on the chart to review detailed information. Solidcore: Top 10 Systems with
Most Violations Detected in the Last 24 Hours
Displays the top 10 systems with the maximum number of violations in the last 7 days. The chart includes a bar for each system and indicates the number of violations for each system. Click a bar on the chart to review detailed information. Solidcore: Top 10 Systems with
Most Violations Detected in the Last 7 Days
Displays the top 10 users with the most changes during the last 7 days. The chart includes a bar for each user and indicates the number of events generated by each Solidcore: Top 10 Users with
Most Change Events in the Last
7 Days user. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Displays the top 10 users with the most policy violation attempts in the last 24 hours. The chart includes a bar for each user and indicates the number of policy Solidcore: Top 10 Users with
Most Violations Detected in the
Last 24 Hours violation attempts for each user. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Displays the top 10 users with the most policy violation attempts in the last 7 days. The chart includes a bar for each user and indicates the number of policy violation Solidcore: Top 10 Users with
Most Violations Detected in the
Last 7 Days attempts for each user. The bar chart sorts the data in descending order. Click a bar on the chart to review detailed information.
Use this task to view a query.
Task
For option definitions, click ? in the interface.
1 Select Menu | Reporting.
2 Perform one of these tasks.
• From the McAfee ePO 4.6 console, select Queries & Reports. • From the McAfee ePO 4.5 console, select Queries.
3 Select the Change Control group under Shared Groups.
4 Review the queries in the list.
5 Navigate to the required query and click Run. The results for the selected query are displayed.
6 Click Close to return to the previous page.
Monitoring and reporting Viewing queries