Help Setting Up A Corr Alert Using McAfee EPolicy Orchestrator ODBC Source en 4.1 SP3
I have an alert for EPO for Unhandled Threat Events (these are the ones to care about because they have not been fixed by McAfee on the endpoint).
I have attached the rule for you to review.
How our EPO device is setup:
EPO Version: 4.6
Field Delimiter: ^^
Key constraint fields: (use in reports for unhandled threats)
Disposition = 0
VendorEventCategory NOT IN ('ops')