Dashboards and queries provide various types of status information about your environment. Each product in the Complete Endpoint Protection Business suite has predefined queries that you can run individually. Often the queries cover recent events, such as detections in the last 24 hours or 7 days, or they might provide trending information over time. ePolicy Orchestrator also includes several predefined dashboards. Dashboards are comprised of multiple queries or other objects. You can also create custom dashboards and queries. By default, there are several active dashboards available for viewing. You can also create custom dashboards by using default queries or ones that you create. In the sections below, we will examine some of the default dashboards and queries, create a custom query, and create a custom dashboard.
Read the introduction to ePO and deploy the McAfee Agent prior to setting up dashboards or queries.
While there may not yet be much event data to report, this is a good opportunity to examine some of the default dashboards and understand how they are created.
In this section we will run a predefined query and view the results.
Creating a Custom Query
ePolicy Orchestrator also provides a wizard allowing you to create custom queries, which can also be used in a dashboard. In this section, you will create a more advanced query that displays both the version and patch level of VirusScan installations, broken down by servers and workstations. The resulting data will be from systems that have polled the server and reported their current status.
Your new query is now listed alphabetically in the VirusScan query group. You can run this query at any time or use it in a dashboard.
Here’s the output of this sample query, showing several systems running different versions of VirusScan. The green bars show workstations and servers running VirusScan 8.8 with no patch. The blue areas indicate workstations and servers with VirusScan 8.7 with Patch 4, while the yellow section shows three workstations running VirusScan 8.7 with only Patch 3.
Drilling down on the yellow section provides details regarding those specific systems still running VSE 8.7 with Patch 3. As mentioned, new product patches and product versions can be deployed using ePolicy Orchestrator. This sample query is provided to give you an idea of the level of detail available for reporting. Note that it is not necessary to upgrade the version of ePolicy Orchestrator in order to upgrade client versions.
Creating a Custom Dashboard
In this section you will create a new dashboard utilizing the query just created along with some other useful default queries.
Choose the query titled VSE: DAT Deployment. Note the monitors will resize themselves automatically. Repeat this process adding two additional queries: Host IPS: Desktop High Triggered Signatures and Host IPS: Desktop Medium Triggered Signatures. You can add additional monitors as desired, but note the more monitors you add, the smaller they will appear on the dashboard. Optionally, you may choose to create distinct dashboards per product showing the installation count, update status, and recent detections for VirusScan, and a similar, separate dashboard for Host IPS.