Bob Bent

Enhanced Threat Prevention System Query: Set a Column Profile to Match Your Log Query

Discussion created by Bob Bent Expert on Sep 28, 2018
Latest reply on Oct 16, 2018 by Oren Koren

Have seen a few update fails lately, but when I looked at the pre-defined Threat Prevention System query the Column Profile didn't match what I was looking for. The fields were mostly empty...

 

... so created my own. Right click on the column heading and select Edit Profile.Click Save As.. .and give it an appropriate name. 

 

Not sure these fields are the best, but are closer to what I'm looking for. If you're not sure what to add, you can open one of the log cards and then try to match the fields shown there with the ones from the Available Fields list. Note: not all of the fields are in the Available Fields list. Have to figure that one out. Also for some reason there are 2 Description fields. By trial and error selected the one that had the most info. Click Save Changes. 

 

Click Queries -> Add to Favorites. Give it a nice name. Change the Columns Profile to the new one created above, then Add.

 

This is what it looks like in Organize Favorites.

 

Wouldn't say it has the information I want to see exactly now, but at least it is relevant to what I'm looking for. Now to fix my connection to the Internet. 

Outcomes