ePolicy Orchestrator 4.0
This example analysis is used as a framework for analyzing most VirusScan Enterprise protection scenarios with ePolicy Orchestrator 4.0.
Before you begin
You must have direct or remote access to a VirusScan Enterprise protected system to perform this example analysis.
For option definitions, click ? in the interface.
- Determine where and when the attacks occurred:
- Click Reporting | Queries to open the Queries list.
- From the Public Queries list, select ePO: Malware Detection History and click More Actions | Run. The Malware Detection History query appears in the Queries list.
- To view the event that triggered the malware detection, click Reporting | Event Log, the query returns the number of recent attacks.
- Double-click the log event to display the details page in the pane. From the log event you can determine:
- Threat Source IP Address and target are shown to help you determine what actions to take.
- Threat Name and Threat Type describe what malware was used in the attack.
- Threat Event Descriptions describe how the attack affected the system and what actions were taken on the threat.