AnsweredAssumed Answered

Can someone help with a excel query for RSA endpoint analysis which will include columns such as Description,alertable,IOCLevel,machine Count &Machine Name?

Question asked by Harold Tsatsi on Dec 27, 2018

For example I have ran the query below but just need to include more columns to it such as Description,Alertable,IOCLevel,MachineCount & MachineName

 

SELECT

      MA.MachineName,

     IQ.Description AS IIOC,

      MAX(IE.AuditUTCDate) AS LastTriggered

FROM

      dbo.IOCEvaluation AS IE WITH(NOLOCK)

      INNER JOIN dbo.IOCQuery AS IQ WITH(NOLOCK) ON IQ.PK_IOCQuery = IE.FK_IOCQuery

      INNER JOIN dbo.Machines AS MA WITH(NOLOCK) ON MA.PK_Machines = IE.FK_Machines

WHERE

      IQ.Active=1 AND IOClevel <= 1

GROUP BY

      MA.MachineName,

      IQ.Description

ORDER BY

      MA.MachineName,

      IQ.Description,

      LastTriggered DESC

Outcomes