Trellix McAfee ePO
LAST UPDATED: OCT 22, 2024
Overview
McAfee ePolicy Orchestrator (McAfee ePO) centralizes and streamlines the management of endpoint, network, data security, and compliance solutions.
D3 SOAR is providing REST operations to function with Trellix McAfee ePO.
Trellix McAfee ePO is available for use in:
D3 SOAR | V12.7.83.0+ |
Category | Endpoint Security |
Deployment Options |
Connection
To connect to Trellix McAfee ePO from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The URL of the Trellix McAfee ePO server. | https://1.1.1.1:8443 |
Username | The username for authentication. | admin |
Password | The password for authentication. | D**ec**it** |
Permission Requirements
Each endpoint in the Trellix McAfee ePO API requires a certain permission scope. The following are required scopes for the commands in this integration:
Command | Permission Set | Required Permissions |
Add Tag | N/A | Administrator |
Assign Policy To System | N/A | Administrator |
Check Latest DAT | Software |
|
Check Repository Compliance | Software |
|
Determine Repository | Software |
|
Fetch Event | Queries and Reports | Queries and Reports: Use public groups; create and edit private queries/reports |
Find Client Task | McAfee Agent | McAfee Agent (Tasks): View settings |
Find Group | System Tree access | Select My Organization |
Find Groups | System Tree access | Select My Organization |
Find Package | Software | Master Repository: View packages |
Find Policy | Data Loss Prevention |
|
Find Repository | Software |
(These permissions will only return limited information, only the Administrator access can return all repository) |
Find System | Systems | System Tree: View "System Tree" tab |
Find System By Tag Name | Queries and Reports | Queries and Reports: Use public groups |
Find System In Group | Queries and Reports | Queries and Reports: Use public groups |
System Tree access | Select My Organization | |
Find Systems By Group IDs | Queries and Reports | Queries and Reports: Use public groups |
System Tree access | Select My Organization | |
Find Tag | Systems | Tag use: Apply, exclude, and clear tags |
Get Device Info | Queries and Reports | Queries and Reports: Use public groups |
System Tree access | Select My Organization | |
Get DLP Incident | Incident Management |
|
Queries and Reports | Queries and Reports: Use public groups; create and edit private queries/reports. | |
Get Task Info By Product Object | Endpoint Security Threat Prevention | Endpoint Security Threat Prevention (Tasks): View settings |
Get Threat Events | Queries and Reports | Queries and Reports: Use public groups |
Threat Event Log | Threat Event Log: View events | |
Get Version | N/A | Administrator |
eList All Server Task | Server tasks | Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log |
List Database | N/A | Administrator |
List Data Type | Queries and Reports | Queries and Reports: Use public groups |
List Permission Set | N/A | Administrator |
List Query | Queries and Reports | Queries and Reports: Use public groups |
List Repository | Software |
|
List Running Server Task | Server tasks | Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log |
List Sub Task History | Server tasks | Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log |
List Table | Queries and Reports | Queries and Reports: Use public groups; create and edit private queries/reports. |
List Task History | Server tasks | Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log |
List User | N/A | Administrator |
Remove Tag | N/A | Administrator |
Repo List | Software |
|
Retrieve Current DAT Version | Software |
|
Run Client Task | N/A | Administrator |
Scan End Point By IP | Software |
|
Scan End Points By Group Name | System Tree access | Select My Organization |
Scan End Points By Tag Name | N/A | Administrator |
Search Threat Events | N/A | Administrator |
Update Endpoints | N/A | Administrator |
Update Repository | N/A | Administrator |
Wake Up Agent | Systems | Actions: Wake up agents; view Agent Activity Log |
Test Connection | N/A | No permissions needed |
As Trellix McAfee ePO is using role-based access control (RBAC), the D3 connector will be generated based on a specific user account and the application. Therefore, the command permissions are inherited from the user account’s role. Users need to configure their user profile from the Trellix McAfee ePO console for each command in this integration.
Reader Note
The Administrator role is required to run certain commands. Refer to step 3d of the Creating a User section for more information.
The Find Repository command required the Administrator role to retrieve all results. The minimum permissions listed in the table above will only yield partial results.
Configuring Trellix McAfee ePO to Work with D3 SOAR
Creating a User
Once logged into your Trellix McAfee ePO environment, navigate to User Management > Users.
Click on New User.
Configure the new user.
Enter a user name. This will be the username used to establish and authenticate your connection in D3 SOAR.
Determine whether to enable or disable the logon status for this account. If the account is for someone who is not yet part of the organization, disabling it might be preferable.
Select ePO authentication. Enter a temporary password for the user account. The password must be changed upon initial login, which will also be used to establish and authenticate your connection in D3 SOAR.
Decide whether to grant administrative privileges or select appropriate permission sets for the user.
Click Save to complete the process.
Adding and Editing a Permission Set
Once logged into your Trellix McAfee ePO environment, navigate to User Management > Permission Sets.
Add or edit a permission set.
Add a permission set:
Click New Permission Set.
Enter a unique name for the new permission set.
Assign specific users to this permission set by selecting their usernames.
Click Save.
Edit a permission set:
Select the desired permission set to modify.
Locate the Name and users permission. Click Edit to add or remove permissions to the user. Click Save.
Repeat the same steps to modify other permissions within the permission set.
Configuring D3 SOAR to Work with Trellix McAfee ePO
Log in to D3 SOAR.
Find the Trellix McAfee ePO integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Trellix McAfee ePO in the search box to find the integration, then click it to select it.
Click + New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Trellix McAfee ePO.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL of your Trellix McAfee ePO environment.
2. input your Username.
3. Input your Password.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Trellix McAfee ePO includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Trellix McAfee ePO API, please refer to the Trellix McAfee ePO API reference.
Reader Note
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Trellix McAfee ePO to Work with D3 SOAR for details.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.
After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.
Add Tag
Adds a tag to an endpoint in McAfee ePO.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint | Required | The endpoint to add a tag. | dc_auto_mtrg |
Tag Name | Required | The name of the tag to add to the specified endpoint. | YABINGUO |
Output
The primary response data from the API request.
SAMPLE DATA
{
"Status": "Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully."
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"Status": "Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully."
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"{\\\"Status\\\":\\\"Tag SERVER has been applied to 0 endpoint(s) successfully.\\\"}\\r\\n\"",
"Status": "\"Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully.\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
Status | Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully. |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Add Tag failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Error 0 :\r\n\r\n. |
Error Sample Data Add Tag failed. Status Code: 400. Message: Error 0 :\r\n\r\n. |
Assign Policy To System
Assigns a policy to specified endpoints.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoints | Required | The list of endpoints to assign a policy. | d*****-dc |
Product ID | Required | The product ID to assign to the specified endpoints. | 1 |
Type ID | Required | The type ID to assign to the specified endpoints. | 69 |
Object ID | Required | The object ID to assign to the specified endpoints. | 1 |
Output
The primary response data from the API request.
SAMPLE DATA
{
"results": [
{
"name": "d*****-dc",
"id": "*****",
"message": "Assign policy succeeded",
"status": 0
}
]
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"results": [
{
"name": "d*****-dc",
"id": "*****",
"message": "Assign policy succeeded",
"status": 0
}
]
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"{\\r\\n \\\"results\\\": [\\r\\n {\\r\\n \\\"name\\\": \\\"*****-dc\\\",\\r\\n \\\"id\\\": \\\"*****\\\",\\r\\n \\\"message\\\": \\\"Assign policy succeeded\\\",\\r\\n \\\"status\\\": 0\\r\\n }\\r\\n ]\\r\\n}\"",
"results": "\"[\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"*****-dc\\\",\\r\\n \\r\\n \\\"id\\\": \\\"*****\\\",\\r\\n \\r\\n \\\"message\\\": \\\"Assign policy succeeded\\\",\\r\\n \\r\\n \\\"status\\\": 0\\r\\n \\r\\n }\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
results | { ";name";: ";*****-dc";, ";id";: ";*****";, ";message";: ";Assign policy succeeded";, ";status";: 0 } |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Assign Policy To System failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unable to take action on the computer because it may not exist. |
Error Sample Data Assign Policy To System failed. Status Code: 404. Message: Unable to take action on the computer because it may not exist. |
Check Latest DAT
Returns the latest DAT version.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
{
"LatestDATVersion": "9524"
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"LatestDATVersion": "9524"
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"LatestDATVersion": "\"9524\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
LatestDATVersion | 9524 |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Latest DAT failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Check Latest DAT failed. Status Code: 401. Message: Unauthorized. |
Check Repository Compliance
Checks repository compliance based on the specified DAT version.
Reader Note
Required DAT Version is a required parameter to run this command.
The latest Required DAT Version can be found from the Check Latest DAT command in the returned raw data at the path $.LatestDATVersion.
Input
Input Parameter | Required/Optional | Description | Example |
Required DAT Version | Required | The DAT version number to check repository compliance. | 9472 |
Output
The primary response data from the API request.
SAMPLE DATA
{
"CurrentDATVersion": "9534.0000",
"RequiredDATVersion": "9472",
"Status": "OK"
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"CurrentDATVersion": "9534.0000",
"RequiredDATVersion": "9472",
"Status": "OK"
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"CurrentDATVersion": "\"9534.0000\"",
"RequiredDATVersion": "\"9472\"",
"Status": "\"OK\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
CurrentDATVersion | 9534.0000 |
RequiredDATVersion | 9472 |
Status | OK |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Repository Compliance failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: could not convert string to float. |
Error Sample Data Check Repository Compliance failed. Status Code: 400. Message: could not convert string to float. |
Determine Repository
Returns details of the specified repository.
Input
Input Parameter | Required/Optional | Description | Example |
Repository Name | Required | The name of the repository to retrieve details. | ePO_***-AD |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "ePO_***-AD",
"spipeServerName": "***-AD",
"uploadCredDomain": "",
"repositoryPort": 80,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "ePO_***-AD",
"repositoryType": 2,
"location": "***-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "ePO_***-AD",
"spipeServerName": "***-AD",
"uploadCredDomain": "",
"repositoryPort": 80,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "ePO_***-AD",
"repositoryType": 2,
"location": "***-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[\\r\\n {\\r\\n \\\"SAServerDNS\\\": \\\"\\\",\\r\\n \\\"disableV1DATReplication\\\": false,\\r\\n \\\"spipeServerDNS\\\": null,\\r\\n \\\"repositoryTypeString\\\": \\\"master\\\",\\r\\n \\\"useAnonCreds\\\": false,\\r\\n \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n \\\"lockType\\\": 0,\\r\\n \\\"enabled\\\": true,\\r\\n \\\"uncUseLoggedOnUser\\\": false,\\r\\n \\\"uncOrder\\\": \\\"1\\\",\\r\\n \\\"protocol\\\": 1,\\r\\n \\\"lockedBy\\\": \\\"\\\",\\r\\n \\\"softwareInclusionList\\\": [],\\r\\n \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n \\\"protocolString\\\": \\\"SpipeSite\\\",\\r\\n \\\"disableFullDATReplication\\\": false,\\r\\n \\\"replicationUNC\\\": \\\"\\\",\\r\\n \\\"SAServerIP\\\": \\\"\\\",\\r\\n \\\"addressType\\\": null,\\r\\n \\\"autoID\\\": 3,\\r\\n \\\"softwareExclusionList\\\": null,\\r\\n \\\"repositoryTypeAsString\\\": null,\\r\\n \\\"repositoryName\\\": \\\"ePO_***-AD\\\",\\r\\n \\\"spipeServerName\\\": \\\"D3Lab-AD\\\",\\r\\n \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n \\\"repositoryPort\\\": 80,\\r\\n \\\"downloadPasswordEncrypted\\\": true,\\r\\n \\\"httpUseAuth\\\": false,\\r\\n \\\"downloadCredUsername\\\": \\\"\\\",\\r\\n \\\"includeAllSoftware\\\": true,\\r\\n \\\"repositoryId\\\": \\\"ePO_***-AD\\\",\\r\\n \\\"repositoryType\\\": 2,\\r\\n \\\"location\\\": \\\"D3Lab-AD/Software\\\",\\r\\n \\\"updateExclusionList\\\": true,\\r\\n \\\"spipeServerIP\\\": \\\"192.168.82.10\\\",\\r\\n \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n \\\"fallback\\\": false,\\r\\n \\\"repliPasswordEncrypted\\\": true\\r\\n }\\r\\n]\"",
"disableV1DATReplication": "\"[\\r\\n \\r\\n false\\r\\n \\r\\n ]\"",
"location": "\"[\\r\\n \\r\\n \\\"****-AD/Software\\\"\\r\\n \\r\\n ]\"",
"protocolString": "\"[\\r\\n \\r\\n \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
"repositoryId": "\"[\\r\\n \\r\\n \\\"ePO_***-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryName": "\"[\\r\\n \\r\\n \\\"ePO_***-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryPort": "\"[\\r\\n \\r\\n 80\\r\\n \\r\\n ]\"",
"repositoryType": "\"[\\r\\n \\r\\n 2\\r\\n \\r\\n ]\"",
"spipeServerIP": "\"[\\r\\n \\r\\n \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
"spipeServerName": "\"[\\r\\n \\r\\n \\\"***-AD\\\"\\r\\n \\r\\n ]\"",
"spipeVersion": "\"[\\r\\n \\r\\n \\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
SAServerDNS | disableV1DATReplication | spipeServerDNS | repositoryTypeString | useAnonCreds | downloadCredPassword | downloadCredDomain | lockType | enabled | uncUseLoggedOnUser | uncOrder | protocol | lockedBy | softwareInclusionList | uploadCredUsername | spipeVersion | SAServerNetbios | protocolString | disableFullDATReplication | replicationUNC | SAServerIP | addressType | autoID | softwareExclusionList | repositoryTypeAsString | repositoryName | spipeServerName | uploadCredDomain | repositoryPort | downloadPasswordEncrypted | httpUseAuth | downloadCredUsername | includeAllSoftware | repositoryId | repositoryType | location | updateExclusionList | spipeServerIP | uploadCredPassword | fallback | repliPasswordEncrypted |
False | master | False | 0 | True | False | 1 | 1 | [] | 4.5.0 | SpipeSite | False | 3 |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Determine Repository failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Determine Repository failed. Status Code: 401. Message: Unauthorized. |
Fetch Event
Retrieves events from Trellix McAfee ePO based on the specified criteria.
Input
Input Parameter | Required/Optional | Description | Example |
Start Time | Optional | The start time of the time range to fetch events after the specified time stamp, in UTC time. | 2020-01-01 00:00 |
End Time | Optional | The end time of the time range to fetch events before the specified time stamp, in UTC time. | 2020-10-01 00:00 |
Number of Event(s) Fetched | Optional | The maximum number of the most recent events to return. | 100 |
Search Condition | Optional | The query string defining the search condition for fetching events. For more information about the query syntax, refer to the Trellix McAfee ePO API documentation. Note: The input severity value must be an integer. The severity values are defined as follows: 0-Info, 1-Warning, 2-Minor, 3-Major, 4-Critical. | Condition for search Events: (where (eq EPOEvents.ThreatType "trojan" )) Condition for search DLP Incidents ( where (and (eq UDLP_Incidents.Severity "3") (eq UDLP_IncidentStatuses.StatusKey "NEW") ) ) |
Is DLP Incident | Optional | The option to fetch DLP incidents as events. The default value is No. | Yes |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"AutoGUID": "***-***-***-***-***",
"TargetFileName": "C:\\Users\\Administrator\\Desktop\\atomic-red-team-master\\atomic-red-team-master\\atomics\\T1055\\bin\\T1055.exe",
"SourceIPV4": "1.1.1.1",
"SourceProcessName": "C:\\Windows\\explorer.exe",
"ReceivedUTC": "2020-08-19T10:02:45-07:00",
"DetectedUTC": "2020-08-19T09:56:35-07:00",
"AnalyzerName": "McAfee Endpoint Security",
"AnalyzerVersion": "10.7.0",
"AnalyzerHostName": "D3cyber-PC5",
"AnalyzerIPV4": "192.168.85.11",
"AnalyzerIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
"AnalyzerMAC": "000c29cb025a",
"AnalyzerDATVersion": "4169.0",
"AnalyzerEngineVersion": "6100.8979",
"AnalyzerDetectionMethod": "On-Access Scan",
"SourceHostName": "D3cyber-PC5",
"SourceIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
"TargetHostName": "D3cyber-PC5",
"TargetIPV4": "192.168.85.11",
"TargetIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
"TargetUserName": "D3CYBER-PC5\\Administrator",
"ThreatEventID": 1027,
"ThreatSeverity": 2,
"ThreatName": "RDN/Generic Dropper",
"ThreatType": "trojan",
"ThreatActionTaken": "IDS_ALERT_ACT_TAK_DEL",
"ThreatHandled": true,
"IsDLPIncidents": false
},
{
"IncidentId": 2,
"ComputerID": 10003,
"IncidentType": 10000,
"ViolationLocalTime": "2021-04-08T11:40:08-07:00",
"ViolationTimezone": "Pacific Daylight Time",
"TotalMatchCount": 0,
"TotalContentSize": 0,
"PolicyInfoId": 2,
"RulesToDisplay": "Plug and Play Device Rule",
"SourceApplicationId": null,
"Severity": 3,
"StatusId": "2",
"ResolutionId": "2",
"ActualAction": 0,
"ExpectedAction": 0,
"FailureReason": 0,
"JustificationText": "",
"McAfeeAgentGuid": "6FB58B73-B510-4B5E-998A-331317FD5709",
"EvidenceCount": 0,
"ReportingProduct": 1,
"destination": "portable devices",
"ShortMatchString": "",
"DestinationUserID": null,
"ExternalId": null,
"ActivityEnum": null,
"Name": "LAPTOP-IE3MEDPQ",
"IP": "192.168.1.215",
"PrimaryUserAccountID": "LAPTOP-IE3MEDPQ\\admin@",
"Username_NTLM": "LAPTOP-IE3MEDPQ\\admin",
"FQDN": null,
"UserName": "admin",
"SID": null,
"UID": null,
"UserOU": "",
"FirstName": null,
"LastName": null,
"PrimaryEmailAddress": "",
"UserTitle": "",
"UserBusinessUnit": null,
"UserDepartment": "",
"UserCity": null,
"UserCountry": null,
"UserCompany": null,
"UserManagerAccountID": "",
"DLPReviewerUserAccount": null,
"Custom1": null,
"Custom2": null,
"Custom3": null,
"UserStatus": null,
"LastDayInOffice": null,
"LastDayInOfficeYYYYMM": null,
"LastUpdated": null,
"LastUpdatedBy": null,
"LastUpdatedMethod": null,
"UserGroups": "Administrators",
"StatusKey": "NEW",
"IsDLPIncidents": true
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"AutoGUID": "***-***-***-***-***",
"TargetFileName": "C:\\Users\\Administrator\\Desktop\\atomic-red-team-master\\atomic-red-team-master\\atomics\\T1055\\bin\\T1055.exe",
"SourceIPV4": "***.***.***.***",
"SourceProcessName": "C:\\Windows\\explorer.exe",
"ReceivedUTC": "2020-08-19T10:02:45-07:00",
"DetectedUTC": "2020-08-19T09:56:35-07:00",
"AnalyzerName": "McAfee Endpoint Security",
"AnalyzerVersion": "10.7.0",
"AnalyzerHostName": "*****-PC5",
"AnalyzerIPV4": "***.***.***.***",
"AnalyzerIPV6": "****:****:****:***::****",
"AnalyzerMAC": "****",
"AnalyzerDATVersion": "4169.0",
"AnalyzerEngineVersion": "6100.8979",
"AnalyzerDetectionMethod": "On-Access Scan",
"SourceHostName": "***-PC5",
"SourceIPV6": "****:****:****:***::****",
"TargetHostName": "***-PC5",
"TargetIPV4": "***.***.***.***",
"TargetIPV6": "****:****:****:***::****",
"TargetUserName": "***-PC5\\Administrator",
"ThreatEventID": 1027,
"ThreatSeverity": 2,
"ThreatName": "RDN/Generic Dropper",
"ThreatType": "trojan",
"ThreatActionTaken": "IDS_ALERT_ACT_TAK_DEL",
"ThreatHandled": true,
"IsDLPIncidents": false
},
{
"IncidentId": 2,
"ComputerID": ***,
"IncidentType": 10000,
"ViolationLocalTime": "2021-04-08T11:40:08-07:00",
"ViolationTimezone": "Pacific Daylight Time",
"TotalMatchCount": 0,
"TotalContentSize": 0,
"PolicyInfoId": 2,
"RulesToDisplay": "Plug and Play Device Rule",
"SourceApplicationId": null,
"Severity": 3,
"StatusId": "2",
"ResolutionId": "2",
"ActualAction": 0,
"ExpectedAction": 0,
"FailureReason": 0,
"JustificationText": "",
"McAfeeAgentGuid": "***-***-***-***-***",
"EvidenceCount": 0,
"ReportingProduct": 1,
"destination": "portable devices",
"ShortMatchString": "",
"DestinationUserID": null,
"ExternalId": null,
"ActivityEnum": null,
"Name": "LAPTOP-*****",
"IP": "***.***.***.***",
"PrimaryUserAccountID": "LAPTOP-*****\\admin@",
"Username_NTLM": "LAPTOP-*****\\admin",
"FQDN": null,
"UserName": "admin",
"SID": null,
"UID": null,
"UserOU": "",
"FirstName": null,
"LastName": null,
"PrimaryEmailAddress": "",
"UserTitle": "",
"UserBusinessUnit": null,
"UserDepartment": "",
"UserCity": null,
"UserCountry": null,
"UserCompany": null,
"UserManagerAccountID": "",
"DLPReviewerUserAccount": null,
"Custom1": null,
"Custom2": null,
"Custom3": null,
"UserStatus": null,
"LastDayInOffice": null,
"LastDayInOfficeYYYYMM": null,
"LastUpdated": null,
"LastUpdatedBy": null,
"LastUpdatedMethod": null,
"UserGroups": "Administrators",
"StatusKey": "NEW",
"IsDLPIncidents": true
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"IDs": "\"[\\r\\n \\r\\n \\\"***-***-***-***-***\\\",\\r\\n \\r\\n \\\"***-***-***-***-***\\\"\\r\\n \\r\\n ]\"",
"IncidentIds": "\"[*****]\"",
"IncidentTypeID": "\"[10000,10000,10000,10000,10000]\"",
"ComputerNames": "\"[\\r\\n\\t\\\"user\\\"]\"",
"ComputerIPs": "\"[\\r\\n\\t\\\"1.1.1.1\\\"]\"",
"ViolationLocalTime": "\"[\\r\\n\\t\\\"2021-04-13 12:57:29\\\",\\r\\n\\t\\\"2021-04-13 12:57:29\\\",\\r\\n\\t\\\"2021-04-13 12:55:57\\\",\\r\\n\\t\\\"2021-04-13 12:55:57\\\",\\r\\n\\t\\\"2021-04-13 12:14:00\\\"\\r\\n]\"",
"UserName": "\"[\\r\\n\\t\\\"user\\\",\\r\\n\\t\\\"user\\\"]\"",
"Severity": "\"[3,3,3,3,3]\"",
"ActualAction": "\"[0,0,0,0,0]\"",
"ExpectedAction": "\"[0,0,0,0,0]\"",
"StatusKey": "\"[\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\"]\"",
"ReviewerUserAccount": "\"[]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
AUTOGUID | TARGETFILENAME | SOURCEIPV4 | SOURCEPROCESSNAME | RECEIVEDUTC | DETECTEDUTC | ANALYZERNAME | ANALYZERVERSION | ANALYZERHOSTNAME | ANALYZERIPV4 | ANALYZERIPV6 | ANALYZERMAC | ANALYZERDATVERSION | ANALYZERENGINEVERSION | ANALYZERDETECTIONMETHOD | SOURCEHOSTNAME | SOURCEIPV6 | TARGETHOSTNAME | TARGETIPV4 | TARGETIPV6 | TARGETUSERNAME | THREATEVENTID | THREATSEVERITY | THREATNAME | THREATTYPE | THREATACTIONTAKEN | THREATHANDLED |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
***-***-***-***-*** | C:\Users\Administrator\Desktop\atomic-red-team-master\atomic-red-team-master\atomics\T1055\bin\T1055.exe | 1.1.1.1 | C:\Windows\explorer.exe | 8/19/2020 10:02:45 AM | 8/19/2020 9:56:35 AM | McAfee Endpoint Security | 10.7.0 | ***-PC5 | 1.1.1.1 | 0:0:0:0:0:FFFF:C0A0:000B | 0***a | 4169.0 | 6100.8979 | On-Access Scan | D***-PC5 | 0:0:0:0:0:FFFF:C0A0:000B | D***-PC5 | 1.1.1.1 | 0:0:0:0:0:FFFF:C0A0:000B | D***-PC5\Administrator | 1*** | 2 | RDN/Generic Dropper | trojan | IDS_***EL | True |
DLP Incidents
INCIDENTID | COMPUTERID | INCIDENTTYPE | VIOLATIONLOCALTIME | VIOLATIONTIMEZONE | TOTALMATCHCOUNT | TOTALCONTENTSIZE | POLICYINFOID | RULESTODISPLAY | SEVERITY | STATUSID | RESOLUTIONID | ACTUALACTION | EXPECTEDACTION | FAILUREREASON | JUSTIFICATIONTEXT | MCAFEEAGENTGUID | EVIDENCECOUNT | REPORTINGPRODUCT | DESTINATION | SHORTMATCHSTRING | NAME | IP | PRIMARYUSERACCOUNTID | USERNAME_NTLM | USERNAME | USEROU | PRIMARYEMAILADDRESS | USERTITLE | USERDEPARTMENT | USERMANAGERACCOUNTID | USERGROUPS | STATUSKEY | LOCALTIME |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
*** | 1*** | 10000 | 4/13/2021 12:57:29 PM | Pacific Summer Time | 0 | 0 | 4 | Plug and Play Device Rule | 3 | 2 | 1 | 0 | 0 | 0 | 1***-***-***-***-*** | 0 | 1 | universal serial bus controllers | user | 1.1.1.1 | user@ | user | user | Administrators | NEW | 4/13/2021 12:57:29 PM (Pacific Summer Time) |
Fetch Event Field Mapping
Please note that Fetch Event commands require event field mapping. Field mapping plays a key role in the data normalization process part of the event pipeline. Field mapping converts the original data fields from the different providers to the D3 fields which are standardized by the D3 Model. Please refer to Event and Incident Intake Field Mapping for details.
If you require a custom field mapping, click + Add Field to add a custom field mapping. You can also remove built-in field mappings by clicking x. Please note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.
The Trellix McAfee ePO integration in D3 SOAR has separate pre-configured field mappings for events and DLP incidents since the returned raw data to both fields are different, which correspond to the Default Event Source and DLP Incidents mappings:
Default Event Source
Configures the field mapping which are specific to the events. If a source field in the field mapping is not found, the corresponding field mapping will be ignored. The default event source has a “Main Event JSON Path” (i.e., $) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the “Main Event JSON Path”.Main Event JSON Path: $
The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
For example, the root node of a JSON Path is $. The child node denoting the Unique Event Key field would be AutoGUID. Putting it together, the JSON Path expression to extract the Unique Event Key is $.AutoGUID.
Event Source for DLP Incidents
Configures the field mapping which are specific to the DLP Incidents. If a source field in the field mapping is not found, the corresponding field mapping will be ignored. As the data of the DLP Incidents have a character that the value of the IsDLPIncident field is True, the DLP Incidents can be defined by the Search String: {$.IsDLPIncident}=True. Click Edit Event Source to view the Search String.
The pre-configured field mappings are detailed below:
Field Name | Source Field |
Default Event Source (Main Event JSON Path: $) | |
None | .AnalyzerDATVersion |
None | .AnalyzerDetectionMethod |
None | .AnalyzerEngineVersion |
None | .AnalyzerHostName |
None | .AnalyzerIPV4 |
None | .AnalyzerMAC |
None | .AnalyzerName |
None | .AnalyzerVersion |
Application layer protocol | .TargetProtocol |
Call trace | .SourceDescription |
Destination IP address | .TargetIPV4 |
Destination port | .TargetPort |
Destination MAC | .TargetMAC |
Driver image path | .TargetFileName |
Unique Event Key | .AutoGUID |
EventTime/UtcTime | .DetectedUTC |
Event Type | .ThreatType |
Filename | .TargetFileName |
ParentImage | .SourceParentProcessName |
Parent process name | .SourceParentProcessName |
Process command line | .SourceDescription |
Process file path | .SourceFilePath |
Process Hash | .SourceProcessHash |
Process Name | .SourceProcessName |
Receipt time | .TargetCreateTime |
Registry path | TargetFileName |
Source hostname | .SourceHostName |
Source IP address | .SourceIPV4 |
Source port | .SourcePort |
Source MAC address | .SourceMAC |
Source username | .SourceUserName |
None | .TargetHostName |
Target image | .TargetFileName |
Target process name | .TargetProcessName |
Threat action taken | .ThreatActionTaken |
Threat event ID | .ThreatEventID |
Threat handled | .ThreatHandled |
Threat name | .ThreatName |
Threat severity | .ThreatSeverity |
Threat type | .ThreatType |
URL | .TargetURL |
Username | .TargetUserName |
Start time (UTC) | .DetectedUTC |
Event Source for DLP Incidents (Search String: {$.IsDLPIncident}=True) The search string format is {jsonpath}=value. If the value of the IsDLPIncident key is True in the event object under raw data, then the DLP Incidents will use the field mapping below. | |
__ViolationLocalTime | .LocalTime |
Device IP address | .IP |
Unique Event Key | .IncidentId |
Event Type | .RulesToDisplay |
Hostname | .Name |
Start Time | .ViolationLocalTime |
Severity | .Severity |
Status | .StatusKey |
Username | .UserName |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Fetch Event failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: This error might be caused by incorrect search condition. Please refer to sample data for syntax of search condition. Also, you can refer to McAfee document <https://docs.mcafee.com/bundle/epolicy-orchestrator-web-api-reference-guide/page/GUID-***-***-***-***-***.html> for detailed syntax. |
Error Sample Data Fetch Event failed. Status Code: 400. Message: This error might be caused by incorrect search condition. Please refer to sample data for syntax of search condition. Also, you can refer to McAfee document <https://docs.mcafee.com/bundle/epolicy-orchestrator-web-api-reference-guide/page/GUID-***-***-***-***-***.html> for detailed syntax. |
Find Client Task
Retrieves client task details based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text defining the condition to retrieve client task details. | Endpoint Security Threat Prevention |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
"objectName": "On-Demand Scan - Full Scan",
"typeId": 13,
"objectId": 18,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
"objectName": "On-Demand Scan - Quick Scan",
"typeId": 13,
"objectId": 19,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
"objectName": "New Task",
"typeId": 11,
"objectId": 91,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
"objectName": "Run_ODS_CWS",
"typeId": 11,
"objectId": 147,
"productName": "Endpoint Security Threat Prevention "
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
"objectName": "On-Demand Scan - Full Scan",
"typeId": 13,
"objectId": 18,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
"objectName": "On-Demand Scan - Quick Scan",
"typeId": 13,
"objectId": 19,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
"objectName": "New Task",
"typeId": 11,
"objectId": 91,
"productName": "Endpoint Security Threat Prevention "
},
{
"productId": "ENDP_AM_1000",
"typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
"objectName": "Run_ODS_CWS",
"typeId": 11,
"objectId": 147,
"productName": "Endpoint Security Threat Prevention "
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"Collect All\\\",\\\"typeId\\\":4,\\\"objectId\\\":7,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: Product Deployment\\\",\\\"objectName\\\":\\\"McAfee Active Response 2.4.0.158\\\",\\\"typeId\\\":2,\\\"objectId\\\":21,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: Product Deployment\\\",\\\"objectName\\\":\\\"McAfee Active Response 2.4.4.404\\\",\\\"typeId\\\":2,\\\"objectId\\\":23,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"On-Demand Scan - Full Scan\\\",\\\"typeId\\\":4,\\\"objectId\\\":24,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"On-Demand Scan - Quick Scan\\\",\\\"typeId\\\":4,\\\"objectId\\\":25,\\\"productName\\\":\\\"McAfee Agent \\\"}]\"",
"objectId": "\"[\\r\\n \\r\\n 18,\\r\\n \\r\\n 19,\\r\\n \\r\\n 91,\\r\\n \\r\\n 147\\r\\n \\r\\n ]\"",
"objectName": "\"[\\r\\n \\r\\n \\\"On-Demand Scan - Full Scan\\\",\\r\\n \\r\\n \\\"On-Demand Scan - Quick Scan\\\",\\r\\n \\r\\n \\\"New Task\\\",\\r\\n \\r\\n \\\"Run_ODS_CWS\\\"\\r\\n \\r\\n ]\"",
"productId": "\"[\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\"\\r\\n \\r\\n ]\"",
"productName": "\"[\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\"\\r\\n \\r\\n ]\"",
"typeId": "\"[\\r\\n \\r\\n 13,\\r\\n \\r\\n 13,\\r\\n \\r\\n 11,\\r\\n \\r\\n 11\\r\\n \\r\\n ]\"",
"typeName": "\"[\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention: Policy Based On-Demand Scan\\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention: Policy Based On-Demand Scan\\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention: Custom On-Demand Scan\\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention: Custom On-Demand Scan\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
productId | typeName | objectName | typeId | objectId | productName |
ENDP_AM_1000 | Endpoint Security Threat Prevention: Policy Based On-Demand Scan | On-Demand Scan - Full Scan | 13 | 18 | Endpoint Security Threat Prevention |
ENDP_AM_1000 | Endpoint Security Threat Prevention: Policy Based On-Demand Scan | On-Demand Scan - Quick Scan | 13 | 19 | Endpoint Security Threat Prevention |
ENDP_AM_1000 | Endpoint Security Threat Prevention: Custom On-Demand Scan | New Task | 11 | 91 | Endpoint Security Threat Prevention |
ENDP_AM_1000 | Endpoint Security Threat Prevention: Custom On-Demand Scan | Run_ODS_CWS | 11 | 147 | Endpoint Security Threat Prevention |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Client Task failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Client Task failed. Status Code: 401. Message: Unauthorized. |
Find Group
Retrieves group information based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text defining the condition to retrieve group information. | AD Domain Controllers |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"groupId": 7,
"groupPath": "My Organization\\Servers\\AD Domain Controllers"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"groupId": 7,
"groupPath": "My Organization\\Servers\\AD Domain Controllers"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\\"groupId\\\":2,\\\"groupPath\\\":\\\"My Organization\\\"},{\\\"groupId\\\":3,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\"},{\\\"groupId\\\":4,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\"},{\\\"groupId\\\":5,\\\"groupPath\\\":\\\"My Organization\\\\\\\\d3cyber7.local\\\"},{\\\"groupId\\\":6,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\d3cyber7.local\\\"}]\\r\\n\"",
"groupId": "\"[\\r\\n\\t\\t\\t7\\r\\n\\t\\t]\"",
"groupPath": "\"[\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\AD Domain Controllers\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
groupId | groupPath |
7 | My Organization\Servers\AD Domain Controllers |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Group failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Group failed. Status Code: 401. Message: Unauthorized. |
Find Groups
Retrieves a list of all groups.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"groupId": 2,
"groupPath": "My Organization"
},
{
"groupId": 3,
"groupPath": "My Organization\\Lost and Found"
},
{
"groupId": 4,
"groupPath": "My Organization\\Laptops"
},
{
"groupId": 5,
"groupPath": "My Organization\\Workstations"
},
{
"groupId": 6,
"groupPath": "My Organization\\Servers"
},
{
"groupId": 7,
"groupPath": "My Organization\\Servers\\AD Domain Controllers"
},
{
"groupId": 8,
"groupPath": "My Organization\\Servers\\DHCP and WINS Servers"
},
{
"groupId": 9,
"groupPath": "My Organization\\Servers\\Mail Servers"
},
{
"groupId": 10,
"groupPath": "My Organization\\Servers\\Sharepoint Servers"
},
{
"groupId": 11,
"groupPath": "My Organization\\Servers\\SQL Servers"
},
{
"groupId": 13,
"groupPath": "My Organization\\Lost and Found\\QA"
},
{
"groupId": 14,
"groupPath": "My Organization\\Lost and Found\\WORKGROUP"
},
{
"groupId": 15,
"groupPath": "My Organization\\My Group"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"groupId": 2,
"groupPath": "My Organization"
},
{
"groupId": 3,
"groupPath": "My Organization\\Lost and Found"
},
{
"groupId": 4,
"groupPath": "My Organization\\Laptops"
},
{
"groupId": 5,
"groupPath": "My Organization\\Workstations"
},
{
"groupId": 6,
"groupPath": "My Organization\\Servers"
},
{
"groupId": 7,
"groupPath": "My Organization\\Servers\\AD Domain Controllers"
},
{
"groupId": 8,
"groupPath": "My Organization\\Servers\\DHCP and WINS Servers"
},
{
"groupId": 9,
"groupPath": "My Organization\\Servers\\Mail Servers"
},
{
"groupId": 10,
"groupPath": "My Organization\\Servers\\Sharepoint Servers"
},
{
"groupId": 11,
"groupPath": "My Organization\\Servers\\SQL Servers"
},
{
"groupId": 13,
"groupPath": "My Organization\\Lost and Found\\QA"
},
{
"groupId": 14,
"groupPath": "My Organization\\Lost and Found\\WORKGROUP"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"groupIds": "\"[\\r\\n\\t\\t\\t2,\\r\\n\\t\\t\\t3,\\r\\n\\t\\t\\t4,\\r\\n\\t\\t\\t5,\\r\\n\\t\\t\\t6,\\r\\n\\t\\t\\t7,\\r\\n\\t\\t\\t8,\\r\\n\\t\\t\\t9,\\r\\n\\t\\t\\t10,\\r\\n\\t\\t\\t11,\\r\\n\\t\\t\\t13,\\r\\n\\t\\t\\t14,\\r\\n\\t\\t\\t15,\\r\\n\\t\\t\\t27,\\r\\n\\t\\t\\t28,\\r\\n\\t\\t\\t29,\\r\\n\\t\\t\\t30,\\r\\n\\t\\t\\t31,\\r\\n\\t\\t\\t32,\\r\\n\\t\\t\\t33,\\r\\n\\t\\t\\t34,\\r\\n\\t\\t\\t35,\\r\\n\\t\\t\\t36,\\r\\n\\t\\t\\t37,\\r\\n\\t\\t\\t38,\\r\\n\\t\\t\\t39,\\r\\n\\t\\t\\t40,\\r\\n\\t\\t\\t41,\\r\\n\\t\\t\\t42,\\r\\n\\t\\t\\t43,\\r\\n\\t\\t\\t44,\\r\\n\\t\\t\\t45,\\r\\n\\t\\t\\t46,\\r\\n\\t\\t\\t47,\\r\\n\\t\\t\\t48,\\r\\n\\t\\t\\t49,\\r\\n\\t\\t\\t51\\r\\n\\t\\t]\"",
"groupPaths": "\"[\\r\\n\\t\\t\\t\\\"My Organization\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Laptops\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Workstations\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\AD Domain Controllers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\DHCP and WINS Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\Mail Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\Sharepoint Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\SQL Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\QA\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Timmy-Group (2)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 2\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 3\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\eu-north-1\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Mumbai)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\eu-west-3\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (London)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (Ireland)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Seoul)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Tokyo)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\South America (Sao Paulo)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Canada (Central)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Singapore)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Sydney)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (Frankfurt)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (N. Virginia)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\\\\\\us-east-2a\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\\\\\\us-east-2b\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US West (N. California)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US West (Oregon)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 4\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
groupId | groupPath |
2 | My Organization |
3 | My Organization\Lost and Found |
4 | My Organization\Laptops |
5 | My Organization\Workstations |
6 | My Organization\Servers |
7 | My Organization\Servers\AD Domain Controllers |
8 | My Organization\Servers\DHCP and WINS Servers |
9 | My Organization\Servers\Mail Servers |
10 | My Organization\Servers\Sharepoint Servers |
11 | My Organization\Servers\SQL Servers |
13 | My Organization\Lost and Found\QA |
14 | My Organization\Lost and Found\WORKGROUP |
15 | My Organization\My Group |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Groups failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Groups failed. Status Code: 401. Message: Unauthorized. |
Find Package
Retrieves packages based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text defining the condition to retrieve packages. | all |
Output
The primary response data from the API request.
SAMPLE DATA
{
"existsInCurrent": null,
"distributionType": "Licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "***",
"checkinDate": "2018-02-14T13****:****:****:***::****-****:****:****:***::****",
"buildNumber": "623",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Product Improvement Program",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "1425209253",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "*****_Current_Install_0000_1.6.0_***3",
"dependencyProductID": null,
"packageTotalSize": "2763",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "623",
"productDetectionProductVersion": "1.6.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
},
{
"existsInCurrent": null,
"distributionType": "licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "*****",
"checkinDate": "2018-02-14T13:14:35-08:00",
"buildNumber": "619",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Endpoint Security Threat Prevention",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "325877289",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "w+*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "ENDP_AM_1020_Current_Install_0000_10.2.0_*****",
"dependencyProductID": "******",
"packageTotalSize": "43331",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "619",
"productDetectionProductVersion": "10.2.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
},
{
"existsInCurrent": null,
"distributionType": "licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "*****",
"checkinDate": "2018-02-14T13:14:53-08:00",
"buildNumber": "361",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Endpoint Security Firewall",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "-1329182882",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "w+*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "******Current_Install_0000_10.2.0_*****",
"dependencyProductID": "*****",
"packageTotalSize": "16164",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "361",
"productDetectionProductVersion": "10.2.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"existsInCurrent": null,
"distributionType": "Licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "***",
"checkinDate": "2018-02-14T13****:****:****:***::****-****:****:****:***::****",
"buildNumber": "623",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Product Improvement Program",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "1425209253",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "*****_Current_Install_0000_1.6.0_***3",
"dependencyProductID": null,
"packageTotalSize": "2763",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "623",
"productDetectionProductVersion": "1.6.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
},
{
"existsInCurrent": null,
"distributionType": "licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "*****",
"checkinDate": "2018-02-14T13:14:35-08:00",
"buildNumber": "619",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Endpoint Security Threat Prevention",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "325877289",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "w+*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "ENDP_AM_1020_Current_Install_0000_10.2.0_*****",
"dependencyProductID": "******",
"packageTotalSize": "43331",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "619",
"productDetectionProductVersion": "10.2.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
},
{
"existsInCurrent": null,
"distributionType": "licensed",
"existsInPrevious": null,
"hidden": false,
"productID": "*****",
"productDetectionPlatformID": "*****",
"checkinDate": "2018-02-14T13:14:53-08:00",
"buildNumber": "361",
"databaseAutoId": 0,
"packageType": "Install",
"productName": "Endpoint Security Firewall",
"signerName": "McAfee",
"evaluation": false,
"hashCode": "-1329182882",
"id": "***************************************",
"keyType": 0,
"conflictingPackageItems": [],
"signingKeyHash": "w+*****=",
"deploymentPath": null,
"unknownDistributionType": false,
"licensed": true,
"existsInEvaluation": null,
"packageId": "******Current_Install_0000_10.2.0_*****",
"dependencyProductID": "*****",
"packageTotalSize": "16164",
"applicableForGlobalUpdating": false,
"packageLangID": "0000",
"hotFixVersion": "361",
"productDetectionProductVersion": "10.2.0",
"revokedStatus": false,
"managedPkgDependencyList": null,
"engineVersion64": "",
"packageBranch": "Current",
"productPlatform": null
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"checkinDate": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2020-02-13T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T11****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T11****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-06T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-10T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-10T14****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T20****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T20****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T21****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T18****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-03T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-03T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\"\\r\\n\\t\\t]\"",
"distributionType": "\"[\\r\\n\\t\\t\\t\\\"Licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\"\\r\\n\\t\\t]\"",
"id": "***************************************"[\\r\\n\\t\\t\\t\\\"*****_Current_Install_0000_1.6.0_*****\\\"\\r\\n\\t\\t]\"",
"packageBranch": "\"[\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\"\\r\\n\\t\\t]\"",
"packageId": "\"[\\r\\n\\t\\t\\t\\\"*****_0000_1.6.0_*****\\\"\\r\\n\\t\\t]\"",
"packageType": "\"[\\r\\n\\t\\t\\t\\\"Install\\\"]\"",
"productDetectionPlatformID": "\"[\\r\\n\\t\\t\\t\\\"*****\\\"]\"",
"productID": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"]\"",
"productName": "\"[\\r\\n\\t\\t\\t\\\"Product Improvement Program\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention for Mac\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall for Mac\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control for Mac\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention - Device Control\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Endpoint Security for Linux Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Agent\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Endpoint Snapshot Tool (x64)\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Endpoint Snapshot Tool (x86)\\\",\\r\\n\\t\\t\\t\\\"DXL Platform\\\",\\r\\n\\t\\t\\t\\\"Data Exchange Layer Broker\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for LINUX\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for MAC\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange module for VirusScan Enterprise\\\",\\r\\n\\t\\t\\t\\\"TIE Server\\\",\\r\\n\\t\\t\\t\\\"TIE Platform\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Intelligence\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Discover Server\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Server\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Server\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP OCR Add-on\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform\\\",\\r\\n\\t\\t\\t\\\"Solidcore Client for Windows\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection\\\",\\r\\n\\t\\t\\t\\\"SIEM Collector\\\",\\r\\n\\t\\t\\t\\\"McAfee DVM Engine for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee DAM Sensor for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response\\\"\\r\\n\\t\\t]\"",
"signerName": "\"[\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\"\\r\\n\\t\\t]\"",
"signingKeyHash": "\"[\\r\\n\\t\\t\\t\\\"*****=\\\",\\r\\n\\t\\t\\t\\\"w+*****=\\\",\\r\\n\\t\\t\\t\\\"w+*****=\\\"]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
EXISTSINCURRENT | DISTRIBUTIONTYPE | EXISTSINPREVIOUS | HIDDEN | PRODUCTID | PRODUCTDETECTIONPLATFORMID | CHECKINDATE | BUILDNUMBER | DATABASEAUTOID | PACKAGETYPE | PRODUCTNAME | SIGNERNAME | EVALUATION | HASHCODE | ID | KEYTYPE | CONFLICTINGPACKAGEITEMS | SIGNINGKEYHASH | DEPLOYMENTPATH | UNKNOWNDISTRIBUTIONTYPE | LICENSED | EXISTSINEVALUATION | PACKAGEID | DEPENDENCYPRODUCTID | PACKAGETOTALSIZE | APPLICABLEFORGLOBALUPDATING | PACKAGELANGID | HOTFIXVERSION | PRODUCTDETECTIONPRODUCTVERSION | REVOKEDSTATUS | MANAGEDPKGDEPENDENCYLIST | ENGINEVERSION64 | PACKAGEBRANCH | PRODUCTPLATFORM |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Licensed | False | T***** | W***** | 2/14/2018 1:10:22 PM | 6*** | 0 | Install | Product Improvement Program | McAfee | False | 1***** | TELEMTRY1000_Current_Install_0000_1.6.0_***** | 0 | [] | H*****= | False | True | T*****_Current_Install_0000_1.6.0_***** | 2763 | False | 0000 | 623 | 1.6.0 | False | Current |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Package failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Package failed. Status Code: 401. Message: Unauthorized. |
Find Policy
Retrieves ePO policies based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text defining the condition to retrieve policies. | My Default |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"productId": "MARCOBA_META",
"featureName": "MARCOBA_META",
"typeName": "General",
"objectName": "My Default",
"typeId": *****,
"featureId": "MARCOBA_META",
"objectId": *****,
"productName": "Active Response 2.4.0",
"objectNotes": ""
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"productId": "MARCOBA_META",
"featureName": "MARCOBA_META",
"typeName": "General",
"objectName": "My Default",
"typeId": *****,
"featureId": "MARCOBA_META",
"objectId": *****,
"productName": "Active Response 2.4.0",
"objectNotes": ""
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\\"groupId\\\":2,\\\"groupPath\\\":\\\"My Organization\\\"},{\\\"groupId\\\":3,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\"},{\\\"groupId\\\":4,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\"},{\\\"groupId\\\":5,\\\"groupPath\\\":\\\"My Organization\\\\\\\\d3cyber7.local\\\"},{\\\"groupId\\\":6,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\d3cyber7.local\\\"}]\\r\\n\"",
"featureId": "\"[\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"MCA_____1000\\\",\\r\\n \\r\\n \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"ENDP_GS_1000\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"MCPSRVER1000\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"TIEMGMT_META\\\",\\r\\n \\r\\n \\\"TIEMGMT_META\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"TELEMTRY1000\\\",\\r\\n \\r\\n \\\"TELEMTRY1000\\\"\\r\\n \\r\\n ]\"",
"featureName": "\"[\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"Assessment\\\",\\r\\n \\r\\n \\\"Assessment\\\",\\r\\n \\r\\n \\\"Assessment\\\",\\r\\n \\r\\n \\\"Assessment\\\",\\r\\n \\r\\n \\\"Common Appliance Management\\\",\\r\\n \\r\\n \\\"Data Loss Prevention\\\",\\r\\n \\r\\n \\\"Data Loss Prevention\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\"DLP Appliance Management\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\"Firewall\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\" Policy Category\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Agent\\\",\\r\\n \\r\\n \\\"McAfee Client Proxy\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n \\\"McAfee DXL Client\\\",\\r\\n \\r\\n \\\"McAfee DXL Client\\\",\\r\\n \\r\\n \\\"McAfee DXL Client\\\",\\r\\n \\r\\n \\\"McAfee Threat Intelligence Exchange Server\\\",\\r\\n \\r\\n \\\"McAfee Threat Intelligence Exchange Server\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"Product Improvement Program\\\",\\r\\n \\r\\n \\\"Product Improvement Program\\\"\\r\\n \\r\\n ]\"",
"objectId": "\"[\\r\\n \\r\\n *****,\\r\\n \\r\\n ***** ]\"",
"objectName": "\"\\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default DLP Policy\\\",\\r\\n \\r\\n \\\"My Default Server Configuration\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n \\\"My Default (DC2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n \\\"My Default (DC2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default(Tim)(2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\",\\r\\n \\r\\n \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\",\\r\\n \\r\\n \\\"My Default\\\",\\r\\n \\r\\n \\\"My Default (Tim)\\\"\\r\\n \\r\\n ]\"",
"objectNotes": "\"\\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"\\\"\\r\\n \\r\\n ]\"",
"productId": "\"[\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"MARCOBA_META\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"assessment\\\",\\r\\n \\r\\n \\\"MCA_____1000\\\",\\r\\n \\r\\n \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"DLPPS___1000\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"TIEClientMETA\\\",\\r\\n \\r\\n \\\"ENDP_GS_1000\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_FW_META\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n \\\"MCPSRVER1000\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"DXLCLNT_META\\\",\\r\\n \\r\\n \\\"TIEMGMT_META\\\",\\r\\n \\r\\n \\\"TIEMGMT_META\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"MVEDR___META\\\",\\r\\n \\r\\n \\\"TELEMTRY1000\\\",\\r\\n \\r\\n \\\"TELEMTRY1000\\\"\\r\\n \\r\\n ]\"",
"productName": "\"[\\r\\n \\r\\n \\\"Active Response 2.4.0\\\",\\r\\n \\r\\n \\\"Active Response 2.4.0\\\",\\r\\n \\r\\n \\\"Cloud Workload Security \\\",\\r\\n \\r\\n \\\"Cloud Workload Security \\\",\\r\\n \\r\\n \\\"Cloud Workload Security \\\",\\r\\n \\r\\n \\\"Cloud Workload Security \\\",\\r\\n \\r\\n \\\"Common Appliance Management 1.1.0\\\",\\r\\n \\r\\n \\\"Data Loss Prevention 11.2\\\",\\r\\n \\r\\n \\\"Data Loss Prevention 11.2\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n \\\"Endpoint Security Common \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Agent \\\",\\r\\n \\r\\n \\\"McAfee Client Proxy 2.3.5\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n \\\"McAfee Threat Intelligence Exchange Server Management 2.3.0\\\",\\r\\n \\r\\n \\\"McAfee Threat Intelligence Exchange Server Management 2.3.0\\\",\\r\\n \\r\\n \\\"MVISION EDR \\\",\\r\\n \\r\\n \\\"MVISION EDR \\\",\\r\\n \\r\\n \\\"Product Improvement Program \\\",\\r\\n \\r\\n \\\"Product Improvement Program \\\"\\r\\n \\r\\n ]\"",
"typeId": "\"[\\r\\n \\r\\n *****,\\r\\n \\r\\n ***** ]\"",
"typeName": "\"[\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"Assessment Rules - Firewall\\\",\\r\\n \\r\\n \\\"Assessment Rules - General\\\",\\r\\n \\r\\n \\\"Auto-Remediation Settings\\\",\\r\\n \\r\\n \\\"Assessment Rules - Container\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"DLP Policy\\\",\\r\\n \\r\\n \\\"Server Configuration\\\",\\r\\n \\r\\n \\\"General \\\",\\r\\n \\r\\n \\\"McAfee DLP Prevent Email Settings\\\",\\r\\n \\r\\n \\\"McAfee DLP Capture Settings\\\",\\r\\n \\r\\n \\\"Users and Groups\\\",\\r\\n \\r\\n \\\"McAfee DLP Prevent Web Settings\\\",\\r\\n \\r\\n \\\"McAfee DLP Monitor Settings\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Dynamic Application Containment\\\",\\r\\n \\r\\n \\\"Dynamic Application Containment\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Rules\\\",\\r\\n \\r\\n \\\"Rules\\\",\\r\\n \\r\\n \\\"Rules\\\",\\r\\n \\r\\n \\\"On-Access Scan\\\",\\r\\n \\r\\n \\\"On-Access Scan\\\",\\r\\n \\r\\n \\\"On-Demand Scan\\\",\\r\\n \\r\\n \\\"On-Demand Scan\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Access Protection\\\",\\r\\n \\r\\n \\\"Access Protection\\\",\\r\\n \\r\\n \\\"Exploit Prevention\\\",\\r\\n \\r\\n \\\"Exploit Prevention\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Options\\\",\\r\\n \\r\\n \\\"Enforcement Messaging\\\",\\r\\n \\r\\n \\\"Enforcement Messaging\\\",\\r\\n \\r\\n \\\"Block and Allow List\\\",\\r\\n \\r\\n \\\"Block and Allow List\\\",\\r\\n \\r\\n \\\"Content Actions\\\",\\r\\n \\r\\n \\\"Content Actions\\\",\\r\\n \\r\\n \\\"Browser Control\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"Repository\\\",\\r\\n \\r\\n \\\"Troubleshooting\\\",\\r\\n \\r\\n \\\"Product Improvement Program\\\",\\r\\n \\r\\n \\\"Custom Properties\\\",\\r\\n \\r\\n \\\"MCP Policy\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"TIE Server Settings\\\",\\r\\n \\r\\n \\\"TIE Server Settings\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\",\\r\\n \\r\\n \\\"General\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
productId | featureName | typeName | objectName | typeId | featureId | objectId | productName | objectNotes |
MARCOBA_META | MARCOBA_META | General | My Default | *** | MARCOBA_META | *** | Active Response 2.4.1 | |
MARCOBA_META | MARCOBA_META | General | My Default (Tim-2) | *** | MARCOBA_META | *** | Active Response 2.4.1 |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Policy failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Policy failed. Status Code: 401. Message: Unauthorized. |
Find Repository
Retrieves an ePO repository based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text defining the condition to retrieve a repository. | 3 |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "*****-AD",
"spipeServerName": "*****-AD",
"uploadCredDomain": "",
"repositoryPort": *****,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "*****-AD",
"repositoryType": 2,
"location": "*****-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "*****-AD",
"spipeServerName": "*****-AD",
"uploadCredDomain": "",
"repositoryPort": *****,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "*****-AD",
"repositoryType": 2,
"location": "*****-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\r\\n \\\"SAServerDNS\\\": \\\"\\\",\\r\\n \\\"disableV1DATReplication\\\": false,\\r\\n \\\"spipeServerDNS\\\": null,\\r\\n \\\"repositoryTypeString\\\": \\\"mirror\\\",\\r\\n \\\"useAnonCreds\\\": false,\\r\\n \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n \\\"lockType\\\": 0,\\r\\n \\\"enabled\\\": true,\\r\\n \\\"uncUseLoggedOnUser\\\": false,\\r\\n \\\"uncOrder\\\": \\\"1\\\",\\r\\n \\\"protocol\\\": 4,\\r\\n \\\"lockedBy\\\": \\\"\\\",\\r\\n \\\"softwareInclusionList\\\": [],\\r\\n \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n \\\"protocolString\\\": \\\"FTPSite\\\",\\r\\n \\\"disableFullDATReplication\\\": false,\\r\\n \\\"replicationUNC\\\": \\\"\\\",\\r\\n \\\"SAServerIP\\\": \\\"\\\",\\r\\n \\\"addressType\\\": null,\\r\\n \\\"autoID\\\": 1,\\r\\n \\\"softwareExclusionList\\\": null,\\r\\n \\\"repositoryTypeAsString\\\": null,\\r\\n \\\"repositoryName\\\": \\\"McAfeeFtp\\\",\\r\\n \\\"spipeServerName\\\": null,\\r\\n \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n \\\"repositoryPort\\\": 21,\\r\\n \\\"downloadPasswordEncrypted\\\": true,\\r\\n \\\"httpUseAuth\\\": false,\\r\\n \\\"downloadCredUsername\\\": \\\"anonymous\\\",\\r\\n \\\"includeAllSoftware\\\": true,\\r\\n \\\"repositoryId\\\": \\\"McAfeeFtp\\\",\\r\\n \\\"repositoryType\\\": 1,\\r\\n \\\"location\\\": \\\"ftp.nai.com/CommonUpdater\\\",\\r\\n \\\"updateExclusionList\\\": true,\\r\\n \\\"spipeServerIP\\\": null,\\r\\n \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n \\\"fallback\\\": false,\\r\\n \\\"repliPasswordEncrypted\\\": true\\r\\n }]\"",
"disableV1DATReplication": "\"[\\r\\n \\r\\n false\\r\\n \\r\\n ]\"",
"location": "\"[\\r\\n \\r\\n \\\"*****-AD/Software\\\"\\r\\n \\r\\n ]\"",
"protocolString": "\"[\\r\\n \\r\\n \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
"repositoryId": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryName": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryPort": "\"[\\r\\n \\r\\n *****\\r\\n \\r\\n ]\"",
"repositoryType": "\"[\\r\\n \\r\\n 2\\r\\n \\r\\n ]\"",
"spipeServerIP": "\"[\\r\\n \\r\\n \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
"spipeServerName": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"spipeVersion": "\"[\\r\\n \\r\\n \\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
SAServerDNS | disableV1DATReplication | spipeServerDNS | repositoryTypeString | useAnonCreds | downloadCredPassword | downloadCredDomain | lockType | enabled | uncUseLoggedOnUser | uncOrder | protocol | lockedBy | softwareInclusionList | uploadCredUsername | spipeVersion | SAServerNetbios | protocolString | disableFullDATReplication | replicationUNC | SAServerIP | addressType | autoID | softwareExclusionList | repositoryTypeAsString | repositoryName | spipeServerName | uploadCredDomain | repositoryPort | downloadPasswordEncrypted | httpUseAuth | downloadCredUsername | includeAllSoftware | repositoryId | repositoryType | location | updateExclusionList | spipeServerIP | uploadCredPassword | fallback | repliPasswordEncrypted |
False | master | False | 0 | True | False | 1 | 1 | [] | 4.5.0 | SpipeSite | False | 3 | ***-AD | *** | *** | True | False | True | ***-AD | 2 | ***-AD/Software | True | 1.1.1.1 | False | True |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Repository failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Repository failed. Status Code: 401. Message: Unauthorized. |
Find System
Retrieves system information based on the provided name or IP address.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The IP address or name of the system to search. | ***-DC |
Output
The primary response data from the API request.
SAMPLE DATA
{
"results": [
{
"EPOComputerProperties.ParentID": *****,
"EPOComputerProperties.ComputerName": "*****",
"EPOComputerProperties.Description": null,
"EPOComputerProperties.ComputerDescription": "N/A",
"EPOComputerProperties.TimeZone": "Pacific Standard Time",
"EPOComputerProperties.DefaultLangID": "*****",
"EPOComputerProperties.UserName": "administrator",
"EPOComputerProperties.DomainName": "*****",
"EPOComputerProperties.IPHostName": "*****-DC.*****.local",
"EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:000",
"EPOComputerProperties.IPAddress": "1.1.1.1",
"EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
"EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
"EPOComputerProperties.IPV4x": *****,
"EPOComputerProperties.IPXAddress": "N/A",
"EPOComputerProperties.SubnetAddress": "1.1.1.1",
"EPOComputerProperties.SubnetMask": "2.2.2.2",
"EPOComputerProperties.NetAddress": "*****",
"EPOComputerProperties.OSType": "Windows Server 2019",
"EPOComputerProperties.OSVersion": "10.0",
"EPOComputerProperties.OSCsdVersion": "",
"EPOComputerProperties.OSBuildNum": *****,
"EPOComputerProperties.OSPlatform": "Server",
"EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
"EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz",
"EPOComputerProperties.CPUSpeed": 3392,
"EPOComputerProperties.NumOfCPU": 8,
"EPOComputerProperties.CPUSerialNumber": "N/A",
"EPOComputerProperties.TotalPhysicalMemory": 17159188480,
"EPOComputerProperties.FreeMemory": 8900734976,
"EPOComputerProperties.FreeDiskSpace": 2005585,
"EPOComputerProperties.TotalDiskSpace": 2059762,
"EPOComputerProperties.IsPortable": 0,
"EPOComputerProperties.Vdi": 0,
"EPOComputerProperties.OSBitMode": 1,
"EPOComputerProperties.LastAgentHandler": 1,
"EPOComputerProperties.UserProperty1": "",
"EPOComputerProperties.UserProperty2": "",
"EPOComputerProperties.UserProperty3": "",
"EPOComputerProperties.UserProperty4": "",
"EPOComputerProperties.UserProperty5": "",
"EPOComputerProperties.UserProperty6": "",
"EPOComputerProperties.UserProperty7": "",
"EPOComputerProperties.UserProperty8": "",
"EPOComputerProperties.Free_Space_of_Drive_C": 1853153,
"EPOComputerProperties.Total_Space_of_Drive_C": 1907177,
"EPOLeafNode.Tags": "*****-dc, DC, DLP Deploy on Cyber-DC, Firewall For DC, Server",
"EPOLeafNode.ExcludedTags": "",
"EPOLeafNode.LastUpdate": "2020-03-16T08:12:02-07:00",
"EPOLeafNode.ManagedState": 1,
"EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
"EPOLeafNode.AgentVersion": "5.6.1.157",
"EPOBranchNode.AutoID": 7,
"raw": "{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC'}
"system": "*****-DC"
}
]
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"results": [
{
"EPOComputerProperties.ParentID": *****,
"EPOComputerProperties.ComputerName": "*****",
"EPOComputerProperties.Description": null,
"EPOComputerProperties.ComputerDescription": "N/A",
"EPOComputerProperties.TimeZone": "Pacific Standard Time",
"EPOComputerProperties.DefaultLangID": "*****",
"EPOComputerProperties.UserName": "administrator",
"EPOComputerProperties.DomainName": "*****",
"EPOComputerProperties.IPHostName": "*****-DC.*****.local",
"EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:000",
"EPOComputerProperties.IPAddress": "1.1.1.1",
"EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
"EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
"EPOComputerProperties.IPV4x": *****,
"EPOComputerProperties.IPXAddress": "N/A",
"EPOComputerProperties.SubnetAddress": "1.1.1.1",
"EPOComputerProperties.SubnetMask": "2.2.2.2",
"EPOComputerProperties.NetAddress": "*****",
"EPOComputerProperties.OSType": "Windows Server 2019",
"EPOComputerProperties.OSVersion": "10.0",
"EPOComputerProperties.OSCsdVersion": "",
"EPOComputerProperties.OSBuildNum": *****,
"EPOComputerProperties.OSPlatform": "Server",
"EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
"EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz",
"EPOComputerProperties.CPUSpeed": 3392,
"EPOComputerProperties.NumOfCPU": 8,
"EPOComputerProperties.CPUSerialNumber": "N/A",
"EPOComputerProperties.TotalPhysicalMemory": 17159188480,
"EPOComputerProperties.FreeMemory": 8900734976,
"EPOComputerProperties.FreeDiskSpace": 2005585,
"EPOComputerProperties.TotalDiskSpace": 2059762,
"EPOComputerProperties.IsPortable": 0,
"EPOComputerProperties.Vdi": 0,
"EPOComputerProperties.OSBitMode": 1,
"EPOComputerProperties.LastAgentHandler": 1,
"EPOComputerProperties.UserProperty1": "",
"EPOComputerProperties.UserProperty2": "",
"EPOComputerProperties.UserProperty3": "",
"EPOComputerProperties.UserProperty4": "",
"EPOComputerProperties.UserProperty5": "",
"EPOComputerProperties.UserProperty6": "",
"EPOComputerProperties.UserProperty7": "",
"EPOComputerProperties.UserProperty8": "",
"EPOComputerProperties.Free_Space_of_Drive_C": 1853153,
"EPOComputerProperties.Total_Space_of_Drive_C": 1907177,
"EPOLeafNode.Tags": "*****-dc, DC, DLP Deploy on Cyber-DC, Firewall For DC, Server",
"EPOLeafNode.ExcludedTags": "",
"EPOLeafNode.LastUpdate": "2020-03-16T08:12:02-07:00",
"EPOLeafNode.ManagedState": 1,
"EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
"EPOLeafNode.AgentVersion": "5.6.1.157",
"EPOBranchNode.AutoID": 7,
"raw": "{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC'}
"system": "*****-DC"
}
]
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"tagId": "\"[\\r\\n \\r\\n 43\\r\\n \\r\\n ]\"",
"tagName": "\"[\\r\\n \\r\\n \\\"TestTag\\\"\\r\\n \\r\\n ]\"",
"tagNotes": "\"[\\r\\n \\r\\n \\\"\\\"\\r\\n \\r\\n ]\"",
"results": "\"[]"\"
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
results | { ";EPOComputerProperties.ParentID";: ***, ";EPOComputerProperties.ComputerName";: ";***-DC";, ";EPOComputerProperties.Description";: null, ";EPOComputerProperties.ComputerDescription";: ";N/A";, ";EPOComputerProperties.TimeZone";: ";Pacific Standard Time";, ";EPOComputerProperties.DefaultLangID";: ";*****";, ";EPOComputerProperties.UserName";: ";administrator";, ";EPOComputerProperties.DomainName";: ";*****";, ";EPOComputerProperties.IPHostName";: ";*****-DC.*****.local";, ";EPOComputerProperties.IPV6";: ";0:0:0:0:0:FFFF:C0A0:000";, ";EPOComputerProperties.IPAddress";: ";1.1.1.1";, ";EPOComputerProperties.IPSubnet";: ";0:0:0:0:0:FFFF:C0A0:000";, ";EPOComputerProperties.IPSubnetMask";: ";0:0:0:0:0:FFFF:FFFF:FF00";, ";EPOComputerProperties.IPV4x";: *****, ";EPOComputerProperties.IPXAddress";: ";N/A";, ";EPOComputerProperties.SubnetAddress";: ";1.1.1.1";, ";EPOComputerProperties.SubnetMask";: ";2.2.2.2";, ";EPOComputerProperties.NetAddress";: ";*****";, ";EPOComputerProperties.OSType";: ";Windows Server 2019";, ";EPOComputerProperties.OSVersion";: ";10.0";, ";EPOComputerProperties.OSCsdVersion";: ";";, ";EPOComputerProperties.OSBuildNum";: *****, ";EPOComputerProperties.OSPlatform";: ";Server";, ";EPOComputerProperties.OSOEMID";: ";*****-*****-*****-*****";, ";EPOComputerProperties.CPUType";: ";Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz";, ";EPOComputerProperties.CPUSpeed";: 3392, ";EPOComputerProperties.NumOfCPU";: 8, ";EPOComputerProperties.CPUSerialNumber";: ";N/A";, ";EPOComputerProperties.TotalPhysicalMemory";: 17159188480, ";EPOComputerProperties.FreeMemory";: 8900734976, ";EPOComputerProperties.FreeDiskSpace";: 2005585, ";EPOComputerProperties.TotalDiskSpace";: 2059762, ";EPOComputerProperties.IsPortable";: 0, ";EPOComputerProperties.Vdi";: 0, ";EPOComputerProperties.OSBitMode";: 1, ";EPOComputerProperties.LastAgentHandler";: 1, ";EPOComputerProperties.UserProperty1";: ";";, ";EPOComputerProperties.UserProperty2";: ";";, ";EPOComputerProperties.UserProperty3";: ";";, ";EPOComputerProperties.UserProperty4";: ";";, ";EPOComputerProperties.UserProperty5";: ";";, ";EPOComputerProperties.UserProperty6";: ";";, ";EPOComputerProperties.UserProperty7";: ";";, ";EPOComputerProperties.UserProperty8";: ";";, ";EPOComputerProperties.Free_Space_of_Drive_C";: 1853153, ";EPOComputerProperties.Total_Space_of_Drive_C";: 1907177, ";EPOLeafNode.Tags";: ";*****-dc, DC, DLP Deploy on *****-DC, Firewall For DC, Server";, ";EPOLeafNode.ExcludedTags";: ";";, ";EPOLeafNode.LastUpdate";: ";2020-03-16T08:12:02-07:00";, ";EPOLeafNode.ManagedState";: 1, ";EPOLeafNode.AgentGUID";: ";*****-*****-*****-*****-*****";, ";EPOLeafNode.AgentVersion";: ";5.6.1.157";, ";EPOBranchNode.AutoID";: 7, ";raw";: ";{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC', 'EPOComputerProperties.Description': None, 'EPOComputerProperties.ComputerDescription': 'N/A', 'EPOComputerProperties.TimeZone': 'Pacific Standard Time'}";, ";status";: ";success";, ";system";: ";*****-DC"; } |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find System failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find System failed. Status Code: 401. Message: Unauthorized. |
Find System By Tag Name
Retrieves system information based on the provided tag name.
Reader Note
Tag Name is a required parameter to run this command.
Run the Find Tag command to obtain Tag Name. Tag Names can be found in the returned raw data at the path $[*].tagName.
Input
Input Parameter | Required/Optional | Description | Example |
Tag Name | Required | The name of the tag to retrieve system information. Tag Name can be obtained using the Find Tag command. | ***-DC |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"*****-DC": {
"results": [
{
"UDLP_EPOTagsView.NodeName": "*****-DC",
"UDLP_EPOTagsView.TagName": "*****-dc"
}
]
}
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"*****-DC": {
"results": [
{
"UDLP_EPOTagsView.NodeName": "*****-DC",
"UDLP_EPOTagsView.TagName": "*****-dc"
}
]
}
}
]
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
***-DC |
{ ";results";: [ { ";UDLP_EPOTagsView.NodeName";: ";*****-DC";, ";UDLP_EPOTagsView.TagName";: ";*****-dc"; } ] } |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find System By Tag Name failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find System By Tag Name failed. Status Code: 401. Message: Unauthorized. |
Find System In Group
Retrieves system information within the specified ePO group.
Reader Note
Group ID is a required parameter to run this command.
Run the Find Group or Find Groups command to obtain Group ID. Group IDs can be found in the returned raw data at the path $[*].groupId.
If the provided group ID cannot be found, this command will return success with no results.
Input
Input Parameter | Required/Optional | Description | Example |
Group ID | Required | The ID of the group to retrieve system information. Group IDs can be obtained using the Find Group or Find Groups commands. | 2 |
Search Subgroups? | Optional | The option to include results within subgroups. | True |
Output
The primary response data from the API request.
SAMPLE DATA
{
"EPOComputerProperties.ParentID": 1,
"EPOComputerProperties.ComputerName": "*****-AD",
"EPOComputerProperties.Description": null,
"EPOComputerProperties.ComputerDescription": null,
"EPOComputerProperties.TimeZone": "",
"EPOComputerProperties.DefaultLangID": "",
"EPOComputerProperties.UserName": "",
"EPOComputerProperties.DomainName": "",
"EPOComputerProperties.IPHostName": "",
"EPOComputerProperties.IPV6": null,
"EPOComputerProperties.IPAddress": "",
"EPOComputerProperties.IPSubnet": null,
"EPOComputerProperties.IPSubnetMask": null,
"EPOComputerProperties.IPV4x": null,
"EPOComputerProperties.IPXAddress": "",
"EPOComputerProperties.SubnetAddress": "",
"EPOComputerProperties.SubnetMask": "",
"EPOComputerProperties.NetAddress": "",
"EPOComputerProperties.OSType": "",
"EPOComputerProperties.OSVersion": "",
"EPOComputerProperties.OSCsdVersion": "",
"EPOComputerProperties.OSBuildNum": 0,
"EPOComputerProperties.OSPlatform": "",
"EPOComputerProperties.OSOEMID": "",
"EPOComputerProperties.CPUType": "",
"EPOComputerProperties.CPUSpeed": 0,
"EPOComputerProperties.NumOfCPU": 0,
"EPOComputerProperties.CPUSerialNumber": "",
"EPOComputerProperties.TotalPhysicalMemory": 0,
"EPOComputerProperties.FreeMemory": 0,
"EPOComputerProperties.FreeDiskSpace": 0,
"EPOComputerProperties.TotalDiskSpace": 0,
"EPOComputerProperties.IsPortable": -1,
"EPOComputerProperties.Vdi": -1,
"EPOComputerProperties.OSBitMode": -1,
"EPOComputerProperties.LastAgentHandler": null,
"EPOComputerProperties.UserProperty1": null,
"EPOComputerProperties.UserProperty2": null,
"EPOComputerProperties.UserProperty3": null,
"EPOComputerProperties.UserProperty4": null,
"EPOComputerProperties.UserProperty5": null,
"EPOComputerProperties.UserProperty6": null,
"EPOComputerProperties.UserProperty7": null,
"EPOComputerProperties.UserProperty8": null,
"EPOComputerProperties.Free_Space_of_Drive_C": 0,
"EPOComputerProperties.Total_Space_of_Drive_C": 0,
"EPOLeafNode.Tags": "",
"EPOLeafNode.ExcludedTags": "",
"EPOLeafNode.LastUpdate": null,
"EPOLeafNode.ManagedState": 0,
"EPOLeafNode.AgentGUID": null,
"EPOLeafNode.AgentVersion": null,
"EPOBranchNode.AutoID": 2
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
EPOCOMPUTERPROPERTIES.PARENTID | EPOCOMPUTERPROPERTIES.COMPUTERNAME | EPOCOMPUTERPROPERTIES.DESCRIPTION | EPOCOMPUTERPROPERTIES.COMPUTERDESCRIPTION | EPOCOMPUTERPROPERTIES.TIMEZONE | EPOCOMPUTERPROPERTIES.DEFAULTLANGID | EPOCOMPUTERPROPERTIES.USERNAME | EPOCOMPUTERPROPERTIES.DOMAINNAME | EPOCOMPUTERPROPERTIES.IPHOSTNAME | EPOCOMPUTERPROPERTIES.IPV6 | EPOCOMPUTERPROPERTIES.IPADDRESS | EPOCOMPUTERPROPERTIES.IPSUBNET | EPOCOMPUTERPROPERTIES.IPSUBNETMASK | EPOCOMPUTERPROPERTIES.IPV4X | EPOCOMPUTERPROPERTIES.IPXADDRESS | EPOCOMPUTERPROPERTIES.SUBNETADDRESS | EPOCOMPUTERPROPERTIES.SUBNETMASK | EPOCOMPUTERPROPERTIES.NETADDRESS | EPOCOMPUTERPROPERTIES.OSTYPE | EPOCOMPUTERPROPERTIES.OSVERSION | EPOCOMPUTERPROPERTIES.OSCSDVERSION | EPOCOMPUTERPROPERTIES.OSBUILDNUM | EPOCOMPUTERPROPERTIES.OSPLATFORM | EPOCOMPUTERPROPERTIES.OSOEMID | EPOCOMPUTERPROPERTIES.CPUTYPE | EPOCOMPUTERPROPERTIES.CPUSPEED | EPOCOMPUTERPROPERTIES.NUMOFCPU | EPOCOMPUTERPROPERTIES.CPUSERIALNUMBER | EPOCOMPUTERPROPERTIES.TOTALPHYSICALMEMORY | EPOCOMPUTERPROPERTIES.FREEMEMORY | EPOCOMPUTERPROPERTIES.FREEDISKSPACE | EPOCOMPUTERPROPERTIES.TOTALDISKSPACE | EPOCOMPUTERPROPERTIES.ISPORTABLE | EPOCOMPUTERPROPERTIES.VDI | EPOCOMPUTERPROPERTIES.OSBITMODE | EPOCOMPUTERPROPERTIES.LASTAGENTHANDLER | EPOCOMPUTERPROPERTIES.USERPROPERTY1 | EPOCOMPUTERPROPERTIES.USERPROPERTY2 | EPOCOMPUTERPROPERTIES.USERPROPERTY3 | EPOCOMPUTERPROPERTIES.USERPROPERTY4 | EPOCOMPUTERPROPERTIES.USERPROPERTY5 | EPOCOMPUTERPROPERTIES.USERPROPERTY6 | EPOCOMPUTERPROPERTIES.USERPROPERTY7 | EPOCOMPUTERPROPERTIES.USERPROPERTY8 | EPOCOMPUTERPROPERTIES.FREE_SPACE_OF_DRIVE_C | EPOCOMPUTERPROPERTIES.TOTAL_SPACE_OF_DRIVE_C | EPOLEAFNODE.TAGS | EPOLEAFNODE.EXCLUDEDTAGS | EPOLEAFNODE.LASTUPDATE | EPOLEAFNODE.MANAGEDSTATE | EPOLEAFNODE.AGENTGUID | EPOLEAFNODE.AGENTVERSION | EPOBRANCHNODE.AUTOID |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | ***-AD | 0 | 0 | 0 | 0 | 0 | 0 | 0 | -1 | -1 | -1 | 0 | 0 | 0 | 2 |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find System In Group failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find System In Group failed. Status Code: 401. Message: Unauthorized. |
Find Systems By Group IDs
Retrieves system information based on the provided group IDs.
Reader Note
Group ID is a required parameter to run this command.
Run the Find Group or Find Groups commands to obtain Group ID. Group IDs can be found in the returned raw data at the path $[*].groupId.
Input
Input Parameter | Required/Optional | Description | Example |
Group IDs | Optional | The IDs of the groups to retrieve system information. Group IDs can be obtained using the Find Group or Find Groups commands. | ["5"] |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"EPOComputerProperties.ParentID": 2,
"EPOComputerProperties.ComputerName": "*****",
"EPOComputerProperties.Description": null,
"EPOComputerProperties.ComputerDescription": "N/A",
"EPOComputerProperties.TimeZone": "Pacific Standard Time",
"EPOComputerProperties.DefaultLangID": "*****",
"EPOComputerProperties.UserName": "Administrator",
"EPOComputerProperties.DomainName": "WORKGROUP",
"EPOComputerProperties.IPHostName": "*****",
"EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:0EB",
"EPOComputerProperties.IPAddress": "1.2.3.4",
"EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
"EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
"EPOComputerProperties.IPV4x": *****,
"EPOComputerProperties.IPXAddress": "N/A",
"EPOComputerProperties.SubnetAddress": "1.1.1.1",
"EPOComputerProperties.SubnetMask": "2.2.2.2",
"EPOComputerProperties.NetAddress": "*****",
"EPOComputerProperties.OSType": "Windows Server 2016",
"EPOComputerProperties.OSVersion": "10.0",
"EPOComputerProperties.OSCsdVersion": "",
"EPOComputerProperties.OSBuildNum": *****,
"EPOComputerProperties.OSPlatform": "Server",
"EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
"EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz",
"EPOComputerProperties.CPUSpeed": 3192,
"EPOComputerProperties.NumOfCPU": 12,
"EPOComputerProperties.CPUSerialNumber": "N/A",
"EPOComputerProperties.TotalPhysicalMemory": 17036529664,
"EPOComputerProperties.FreeMemory": 3377205248,
"EPOComputerProperties.FreeDiskSpace": 2030176,
"EPOComputerProperties.TotalDiskSpace": 2981159,
"EPOComputerProperties.IsPortable": 0,
"EPOComputerProperties.Vdi": 0,
"EPOComputerProperties.OSBitMode": 1,
"EPOComputerProperties.LastAgentHandler": 1,
"EPOComputerProperties.UserProperty1": "",
"EPOComputerProperties.UserProperty2": "",
"EPOComputerProperties.UserProperty3": "",
"EPOComputerProperties.UserProperty4": "",
"EPOComputerProperties.UserProperty5": "",
"EPOComputerProperties.UserProperty6": "",
"EPOComputerProperties.UserProperty7": "",
"EPOComputerProperties.UserProperty8": "",
"EPOComputerProperties.Free_Space_of_Drive_C": 476782,
"EPOComputerProperties.Total_Space_of_Drive_C": 952335,
"EPOLeafNode.Tags": "AR Retry, DLP_Yabin_test, Server, TestTag, Workstation, Yabin AR",
"EPOLeafNode.ExcludedTags": "",
"EPOLeafNode.LastUpdate": "2020-02-10T14:15:53-08:00",
"EPOLeafNode.ManagedState": 1,
"EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
"EPOLeafNode.AgentVersion": "5.5.0.447",
"EPOBranchNode.AutoID": 5
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"GroupID": "5",
"SystemName": "*****",
"MACAddress": "*****"
},
{
"GroupID": "5",
"SystemName": "*****",
"MACAddress": "*****"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"GroupIDs": "\"[\\r\\n\\t\\t\\t\\\"5\\\",\\r\\n\\t\\t\\t\\\"5\\\"\\r\\n\\t\\t]\"",
"SystemNames": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"\\r\\n\\t\\t]\"",
"MACAddresses": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
GroupID | SystemName | MACAddress |
5 | *** | *** |
5 | *** | *** |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Systems By Group IDs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Expecting value: line 1 column 1 (char 0). |
Error Sample Data Find Systems By Group IDs failed. Status Code: 400. Message: Expecting value: line 1 column 1 (char 0). |
Find Tag
Retrieves tag information based on the provided search text.
Input
Input Parameter | Required/Optional | Description | Example |
Search Text | Optional | The search text containing the keywords to retrieve tag information. If there are no matches with the search keywords, the command will indicate success with no results. | TestTag |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"tagNotes": "",
"tagId": 43,
"tagName": "TestTag"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"tagNotes": "",
"tagId": 43,
"tagName": "TestTag"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"tagId": "\"[\\r\\n\\t\\t\\t43\\r\\n\\t\\t]\"",
"tagName": "\"[\\r\\n\\t\\t\\t\\\"TestTag\\\"\\r\\n\\t\\t]\"",
"tagNotes": "\"[\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
tagNotes | tagId | tagName |
43 | TestTag |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Find Tag failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Find Tag failed. Status Code: 401. Message: Unauthorized. |
Get Device Info
Retrieves system information on the specified hosts.
Input
Input Parameter | Required/Optional | Description | Example |
IPs or Hostnames | Optional | The IP addresses or hostnames to retrieve system information. | ["1.1.1.1"] |
Output
The primary response data from the API request.
SAMPLE DATA
No Sample Data
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
No Sample Data
Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No Sample Data
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Device Info failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get Device Info failed. Status Code: 401. Message: Unauthorized. |
Get DLP Incident
Retrieves DLP incidents.
Input
Input Parameter | Required/Optional | Description | Example |
Start Time | Optional | The start time of the time range to retrieve DLP incidents, in UTC time. | 2021-01-11 00:00 |
End Time | Optional | The end time of the time range to retrieve DLP incidents, in UTC time. | 2021-05-11 00:00 |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"UDLP_Incidents.IncidentId": *****,
"UDLP_EventUsers.UserName": "Administrator",
"UDLP_Incidents.ComputerID": 2,
"UDLP_EventComputers.Name": "*****-PC5",
"UDLP_EventComputers.IP": "1.1.1.1",
"UDLP_Incidents.IncidentType": 10000,
"UDLP_Incidents.ViolationLocalTime": "2021-05-05T14:01:39-07:00",
"UDLP_Incidents.ViolationTimezone": "Pacific Daylight Time",
"UDLP_IncidentStatuses.StatusKey": "NEW",
"UDLP_Incidents.TotalMatchCount": 0,
"UDLP_Incidents.TotalContentSize": 0,
"UDLP_Incidents.RulesToDisplay": "Plug and Play Device Rule",
"UDLP_Incidents.PolicyInfoId": 4,
"UDLP_Incidents.SourceApplicationId": null,
"UDLP_Incidents.UserID": *****,
"UDLP_Incidents.Severity": 1,
"UDLP_Incidents.StatusId": "2",
"UDLP_Incidents.ResolutionId": "1",
"UDLP_Incidents.ActualAction": 0,
"UDLP_Incidents.ExpectedAction": 0,
"UDLP_Incidents.FailureReason": 0,
"UDLP_Incidents.JustificationText": "",
"UDLP_Incidents.McAfeeAgentGuid": "*****-*****-*****-*****-*****",
"UDLP_Incidents.EvidenceCount": 0,
"UDLP_Incidents.ReportingProduct": 1,
"UDLP_Incidents.destination": "***** drives",
"UDLP_Incidents.ShortMatchString": "",
"UDLP_Incidents.DestinationUserID": null,
"UDLP_Incidents.ExternalId": null,
"UDLP_Incidents.ActivityEnum": null,
"UDLP_EventUsers.PrimaryUserAccountID": "*****-PC5\\Administrator@",
"UDLP_EventUsers.Username_NTLM": "*****-PC5\\Administrator",
"UDLP_EventUsers.FQDN": null,
"UDLP_EventUsers.SID": null,
"UDLP_EventUsers.UID": null,
"UDLP_EventUsers.UserOU": "",
"UDLP_EventUsers.FirstName": null,
"UDLP_EventUsers.LastName": null,
"UDLP_EventUsers.PrimaryEmailAddress": "",
"UDLP_EventUsers.UserTitle": "",
"UDLP_EventUsers.UserBusinessUnit": null,
"UDLP_EventUsers.UserDepartment": "",
"UDLP_EventUsers.UserCity": null,
"UDLP_EventUsers.UserCountry": null,
"UDLP_EventUsers.UserCompany": null,
"UDLP_EventUsers.UserManagerAccountID": "",
"UDLP_EventUsers.DLPReviewerUserAccount": null,
"UDLP_EventUsers.Custom1": null,
"UDLP_EventUsers.Custom2": null,
"UDLP_EventUsers.Custom3": null,
"UDLP_EventUsers.UserStatus": null,
"UDLP_EventUsers.LastDayInOffice": null,
"UDLP_EventUsers.LastDayInOfficeYYYYMM": null,
"UDLP_EventUsers.LastUpdated": null,
"UDLP_EventUsers.LastUpdatedBy": null,
"UDLP_EventUsers.LastUpdatedMethod": null,
"UDLP_EventUsers.UserGroups": "Administrators"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"UDLP_Incidents.IncidentId": *****,
"UDLP_EventUsers.UserName": "Administrator",
"UDLP_Incidents.ComputerID": 2,
"UDLP_EventComputers.Name": "*****-PC5",
"UDLP_EventComputers.IP": "1.1.1.1",
"UDLP_Incidents.IncidentType": 10000,
"UDLP_Incidents.ViolationLocalTime": "2021-05-05T14:01:39-07:00",
"UDLP_Incidents.ViolationTimezone": "Pacific Daylight Time",
"UDLP_IncidentStatuses.StatusKey": "NEW",
"UDLP_Incidents.TotalMatchCount": 0,
"UDLP_Incidents.TotalContentSize": 0,
"UDLP_Incidents.RulesToDisplay": "Plug and Play Device Rule",
"UDLP_Incidents.PolicyInfoId": 4,
"UDLP_Incidents.SourceApplicationId": null,
"UDLP_Incidents.UserID": *****,
"UDLP_Incidents.Severity": 1,
"UDLP_Incidents.StatusId": "2",
"UDLP_Incidents.ResolutionId": "1",
"UDLP_Incidents.ActualAction": 0,
"UDLP_Incidents.ExpectedAction": 0,
"UDLP_Incidents.FailureReason": 0,
"UDLP_Incidents.JustificationText": "",
"UDLP_Incidents.McAfeeAgentGuid": "*****-*****-*****-*****-*****",
"UDLP_Incidents.EvidenceCount": 0,
"UDLP_Incidents.ReportingProduct": 1,
"UDLP_Incidents.destination": "***** drives",
"UDLP_Incidents.ShortMatchString": "",
"UDLP_Incidents.DestinationUserID": null,
"UDLP_Incidents.ExternalId": null,
"UDLP_Incidents.ActivityEnum": null,
"UDLP_EventUsers.PrimaryUserAccountID": "*****-PC5\\Administrator@",
"UDLP_EventUsers.Username_NTLM": "*****-PC5\\Administrator",
"UDLP_EventUsers.FQDN": null,
"UDLP_EventUsers.SID": null,
"UDLP_EventUsers.UID": null,
"UDLP_EventUsers.UserOU": "",
"UDLP_EventUsers.FirstName": null,
"UDLP_EventUsers.LastName": null,
"UDLP_EventUsers.PrimaryEmailAddress": "",
"UDLP_EventUsers.UserTitle": "",
"UDLP_EventUsers.UserBusinessUnit": null,
"UDLP_EventUsers.UserDepartment": "",
"UDLP_EventUsers.UserCity": null,
"UDLP_EventUsers.UserCountry": null,
"UDLP_EventUsers.UserCompany": null,
"UDLP_EventUsers.UserManagerAccountID": "",
"UDLP_EventUsers.DLPReviewerUserAccount": null,
"UDLP_EventUsers.Custom1": null,
"UDLP_EventUsers.Custom2": null,
"UDLP_EventUsers.Custom3": null,
"UDLP_EventUsers.UserStatus": null,
"UDLP_EventUsers.LastDayInOffice": null,
"UDLP_EventUsers.LastDayInOfficeYYYYMM": null,
"UDLP_EventUsers.LastUpdated": null,
"UDLP_EventUsers.LastUpdatedBy": null,
"UDLP_EventUsers.LastUpdatedMethod": null,
"UDLP_EventUsers.UserGroups": "Administrators"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"IncidentIds": "\"[27,26]\"",
"IncidentTypes": "\"[10000,10000]\"",
"ComputerNames": "\"[\\\"*****-PC5\\\",\\\"EPO-*****\\\"]\"",
"ComputerIPs": "\"[\\\"1.1.1.1\\\",\\\"1.1.1.1\\\"]\"",
"ViolationLocalTimes": "\"[\\\"2021-05-05T14:01:39-07:00\\\",\\\"2021-05-05T12:24:20-07:00\\\"]\"",
"UserNames": "\"[\\\"Administrator\\\",\\\"Administrator\\\"]\"",
"Severities": "\"[\\\"warning\\\",\\\"major\\\"]\"",
"ActualActions": "\"[0,0]\"",
"ExpectedActions": "\"[0,0]\"",
"StatusKeys": "\"[\\\"NEW\\\",\\\"NEW\\\"]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
UDLP_INCIDENTS.INCIDENTID | UDLP_EVENTUSERS.USERNAME | UDLP_INCIDENTS.COMPUTERID | UDLP_EVENTCOMPUTERS.NAME | UDLP_EVENTCOMPUTERS.IP | UDLP_INCIDENTS.INCIDENTTYPE | UDLP_INCIDENTS.VIOLATIONLOCALTIME | UDLP_INCIDENTS.VIOLATIONTIMEZONE | UDLP_INCIDENTSTATUSES.STATUSKEY | UDLP_INCIDENTS.TOTALMATCHCOUNT | UDLP_INCIDENTS.TOTALCONTENTSIZE | UDLP_INCIDENTS.RULESTODISPLAY | UDLP_INCIDENTS.POLICYINFOID | UDLP_INCIDENTS.SOURCEAPPLICATIONID | UDLP_INCIDENTS.USERID | UDLP_INCIDENTS.SEVERITY | UDLP_INCIDENTS.STATUSID | UDLP_INCIDENTS.RESOLUTIONID | UDLP_INCIDENTS.ACTUALACTION | UDLP_INCIDENTS.EXPECTEDACTION | UDLP_INCIDENTS.FAILUREREASON | UDLP_INCIDENTS.JUSTIFICATIONTEXT | UDLP_INCIDENTS.MCAFEEAGENTGUID | UDLP_INCIDENTS.EVIDENCECOUNT | UDLP_INCIDENTS.REPORTINGPRODUCT | UDLP_INCIDENTS.DESTINATION | UDLP_INCIDENTS.SHORTMATCHSTRING | UDLP_INCIDENTS.DESTINATIONUSERID | UDLP_INCIDENTS.EXTERNALID | UDLP_INCIDENTS.ACTIVITYENUM | UDLP_EVENTUSERS.PRIMARYUSERACCOUNTID | UDLP_EVENTUSERS.USERNAME_NTLM | UDLP_EVENTUSERS.FQDN | UDLP_EVENTUSERS.SID | UDLP_EVENTUSERS.UID | UDLP_EVENTUSERS.USEROU | UDLP_EVENTUSERS.FIRSTNAME | UDLP_EVENTUSERS.LASTNAME | UDLP_EVENTUSERS.PRIMARYEMAILADDRESS | UDLP_EVENTUSERS.USERTITLE | UDLP_EVENTUSERS.USERBUSINESSUNIT | UDLP_EVENTUSERS.USERDEPARTMENT | UDLP_EVENTUSERS.USERCITY | UDLP_EVENTUSERS.USERCOUNTRY | UDLP_EVENTUSERS.USERCOMPANY | UDLP_EVENTUSERS.USERMANAGERACCOUNTID | UDLP_EVENTUSERS.DLPREVIEWERUSERACCOUNT | UDLP_EVENTUSERS.CUSTOM1 | UDLP_EVENTUSERS.CUSTOM2 | UDLP_EVENTUSERS.CUSTOM3 | UDLP_EVENTUSERS.USERSTATUS | UDLP_EVENTUSERS.LASTDAYINOFFICE | UDLP_EVENTUSERS.LASTDAYINOFFICEYYYYMM | UDLP_EVENTUSERS.LASTUPDATED | UDLP_EVENTUSERS.LASTUPDATEDBY | UDLP_EVENTUSERS.LASTUPDATEDMETHOD | UDLP_EVENTUSERS.USERGROUPS |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
27 | Administrator | 2 | ***-PC5 | 1.1.1.1 | 10000 | 5/5/2021 2:01:39 PM | Pacific Daylight Time | NEW | 0 | 0 | Plug and Play Device Rule | 4 | 1*** | 1 | 2 | 1 | 0 | 0 | 0 | ***-***-***-***-*** | 0 | 1 | ***es | ***-PC5\Administrator@ | ***-PC5\Administrator | Administrators |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get DLP Incident failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get DLP Incident failed. Status Code: 401. Message: Unauthorized. |
Get Task Info By Product Object
Retrieves task information based on the provided product name and object name.
Input
Input Parameter | Required/Optional | Description | Example |
Product Name | Required | The name of the product to retrieve task information. | Endpoint Security Threat Prevention |
Object Name | Required | The name of the object to retrieve task information. | On-Demand Scan - Quick Scan |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"productId": "*****",
"typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
"objectName": "On-Demand Scan - Full Scan",
"typeId": *****,
"objectId": *****,
"productName": "Endpoint Security Threat Prevention "
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
D3 customizes the context data by extracting "productId" and "objectId" fields.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"productId": "*****",
"objectId": *****
}
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"productId": "\"*****\"",
"objectId": "\"*****\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
productName | Endpoint Security Threat Prevention |
objectName | On-Demand Scan - Quick Scan |
productId | *** |
objectId | *** |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Task Info By Product Object failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Can not get Task info by given productName and objectName. |
Error Sample Data Get Task Info By Product Object failed. Status Code: 404. Message: Can not get Task info by given productName and objectName. |
Get Threat Events
Retrieves threat events based on the specified criteria.
Input
Input Parameter | Required/Optional | Description | Example |
Event Time | Optional | The timestamp to retrieve events, in UTC time. | 2019-11-24 00:00 |
Time Before | Optional | The amount of time prior to the specified event time to retrieve events. | -3d |
Time After | Optional | The amount of time after the specified event time to retrieve events. | 2d |
IP Addresses | Optional | The IP addresses to retrieve relevant events. | ["1.1.1.1"] |
Unhandled or All Threats? | Optional | The option to retrieve only unhandled threats or all threats. | unhandled |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"1.1.1.1": {
"results": [
{
"ReceivedUTC": "2019-11-25T16:03:54-08:00",
"DetectedUTC": "2019-11-25T16:02:33-08:00",
"AutoID": *****,
"SourceIPV4": "1.1.1.1",
"SourceUserName": null,
"SourceURL": null,
"TargetHostName": "*****-DC",
"TargetIPV4": "1.0.0.0",
"TargetUserName": "administrator",
"TargetPort": null,
"TargetProtocol": null,
"TargetProcessName": null,
"TargetFileName": null,
"ThreatCategory": "av.*****",
"ThreatEventID": *****,
"ThreatSeverity": 2,
"ThreatName": "PS/*****",
"ThreatType": "*****",
"ThreatActionTaken": "*****",
"ThreatHandled": false,
"AnalyzerDetectionMethod": "*****",
"Raw": "{'ReceivedUTC': '2019-11-25T16:03:54-08:00', 'DetectedUTC': '2019-11-25T16:02:33-08:00'}"
]
}
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"1.1.1.1": {
"results": [
{
"ReceivedUTC": "2019-11-25T16:03:54-08:00",
"DetectedUTC": "2019-11-25T16:02:33-08:00",
"AutoID": *****,
"SourceIPV4": "1.1.1.1",
"SourceUserName": null,
"SourceURL": null,
"TargetHostName": "*****-DC",
"TargetIPV4": "1.0.0.0",
"TargetUserName": "administrator",
"TargetPort": null,
"TargetProtocol": null,
"TargetProcessName": null,
"TargetFileName": null,
"ThreatCategory": "av.*****",
"ThreatEventID": *****,
"ThreatSeverity": 2,
"ThreatName": "PS/*****",
"ThreatType": "*****",
"ThreatActionTaken": "*****",
"ThreatHandled": false,
"AnalyzerDetectionMethod": "*****",
"Raw": "{'ReceivedUTC': '2019-11-25T16:03:54-08:00', 'DetectedUTC': '2019-11-25T16:02:33-08:00'}"
]
}
}
]
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
1.1.1.1 |
---|
{ |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Threat Events failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get Threat Events failed. Status Code: 401. Message: Unauthorized. |
Get Version
Retrieves the ePO version.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
No Sample Data
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
No Sample Data
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No Sample Data
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Version failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get Version failed. Status Code: 401. Message: Unauthorized. |
List All Server Task
Retrieves a list of all server tasks.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"id": *****,
"name": "Update Master Repository",
"description": "This default task updates the master repository from the McAfee update site (McAfeeHttp).",
"startDate": "2018-02-14T00:00:01-08:00",
"endDate": "None",
"nextRunTime": "2019-12-17T01:41:00-08:00",
"enabled": true,
"valid": true
},
{
"id": *****,
"name": "TIE Server Telemetry",
"description": "TIE Server telemetry process to collect and transmit data from remote points.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
},
{
"id": *****,
"name": "TIE Server Synchronize Topology",
"description": "It manages the synchronization of the TIE Server Topology in a multi-ePO environment.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
},
{
"id": ******,
"name": "TIE Server Synchronize CA",
"description": "It manages the synchronization of the TIE Server CAs in a multi-ePO environment.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"id": *****,
"name": "Update Master Repository",
"description": "This default task updates the master repository from the McAfee update site (McAfeeHttp).",
"startDate": "2018-02-14T00:00:01-08:00",
"endDate": "None",
"nextRunTime": "2019-12-17T01:41:00-08:00",
"enabled": true,
"valid": true
},
{
"id": *****,
"name": "TIE Server Telemetry",
"description": "TIE Server telemetry process to collect and transmit data from remote points.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
},
{
"id": *****,
"name": "TIE Server Synchronize Topology",
"description": "It manages the synchronization of the TIE Server Topology in a multi-ePO environment.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
},
{
"id": ******,
"name": "TIE Server Synchronize CA",
"description": "It manages the synchronization of the TIE Server CAs in a multi-ePO environment.",
"startDate": "2019-06-05T00:00:01-07:00",
"endDate": "None",
"nextRunTime": "2019-12-17T00:15:00-08:00",
"enabled": true,
"valid": true
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\\"id\\\":*****,\\\"name\\\":\\\"Update Master Repository\\\",\\\"description\\\":\\\"This default task updates the Master Repository from the McAfee update site (McAfeeHttp).\\\",\\\"startDate\\\":\\\"2022-04-21T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:09:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Telemetry\\\",\\\"description\\\":\\\"TIE Server telemetry process to collect and transmit data from remote points.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Synchronize Topology\\\",\\\"description\\\":\\\"It manages the synchronization of the TIE Server Topology in a multi-ePO environment.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Synchronize CA\\\",\\\"description\\\":\\\"It manages the synchronization of the TIE Server CAs in a multi-ePO environment.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true}}]\\r\\n\"",
"description": "\"[\\r\\n \\r\\n \\\"This default task updates the master repository from the McAfee update site (McAfeeHttp).\\\",\\r\\n \\r\\n \\\"TIE Server telemetry process to collect and transmit data from remote points.\\\",\\r\\n \\r\\n \\\"It manages the synchronization of the TIE Server Topology in a multi-ePO environment.\\\",\\r\\n \\r\\n \\\"It manages the synchronization of the TIE Server CAs in a multi-ePO environment.\\\",\\r\\n \\r\\n \\\"TIE Server monitoring mechanism to save events.\\\",\\r\\n \\r\\n \\\"TIE Server Database Maintenance trigger.\\\",\\r\\n \\r\\n \\\"TIE Server Data Management cleanup trigger.\\\",\\r\\n \\r\\n \\\"Synchronize client tasks among designated registered servers.\\\",\\r\\n \\r\\n \\\"Synchronize policies among designated registered servers.\\\",\\r\\n \\r\\n \\\"Send the current DXL State event to the DXL Fabric\\\",\\r\\n \\r\\n \\\"Sends the full list of certificates revoked by the administrator. This task should be run after every new broker deployment.\\\",\\r\\n \\r\\n \\\"This default task creates roll-up data for this ePO server for inclusion in multi-server reporting.\\\",\\r\\n \\r\\n \\\"Delete Threat and Client event records older than 90 days.\\\",\\r\\n \\r\\n \\\"Purges obsolete Appliance Management data from the McAfee ePO database.\\\",\\r\\n \\r\\n \\\"Migrate data from old database tables to new database tables. As this activity will consume high database system resources, McAfee recommends administrator to run this task during low Agent-Server communication time (preferably over weekends).\\\",\\r\\n \\r\\n \\\"Evaluate each system against the DXLBROKER tag criteria and update DXL Broker Policies\\\",\\r\\n \\r\\n \\\"Refresh required Tags on Active Response servers\\\",\\r\\n \\r\\n \\\"Syncs users from an LDAP server to the database\\\",\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"This default task stores the results of the 'McAfee Agent Compliance Summary' query for use in reporting on compliance history.\\\",\\r\\n \\r\\n \\\"ePO Database Index Maintenance and statistics update\\\",\\r\\n \\r\\n \\\"Process properties received from client and convert them into rules.\\\",\\r\\n \\r\\n \\\"Delete systems whose sequence error count has exceeded the threshold and add Agent GUID to duplicate list.\\\",\\r\\n \\r\\n \\\"Clear Sequence Error Count for systems who have not recently reported duplicate activities.\\\",\\r\\n \\r\\n \\\"Downloads the list of software your license key has access to.\\\",\\r\\n \\r\\n \\\"Runs the set reviewer task\\\",\\r\\n \\r\\n \\\"Runs the send email task (before each run it will execute: set reviewer task)\\\",\\r\\n \\r\\n \\\"Deletes events and incidents from the LIVE database tables. Evidence files are not deleted since they associated with the event or incidents in the HISTORY lists.\\\",\\r\\n \\r\\n \\\"Deletes events and incidents from the HISTORY database tables and mark evidence files for deletion. If the event or incident are still in the LIVE incidents and operational events list tables this task will delete them from the LIVE tables.\\\",\\r\\n \\r\\n \\\"Delete evidence files that were marked for deletion. Recommended to run on weekly basis.\\\",\\r\\n \\r\\n \\\"DLP policy conversion from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n \\\"This task migrates operational events from old 9.3.x schema to 9.4.100 schema and above\\\",\\r\\n \\r\\n \\\"This task migrates incident events from 9.3 schema to the latest DLP database schema.\\\\nThis task must be run as long as you have McAfee DLP Endpoint 9.3.x agent. Version 9.3.x reports incidents into a legacy DLP database schema.\\\",\\r\\n \\r\\n \\\"DLP Import MVision Cloud Events\\\",\\r\\n \\r\\n \\\"This task converts operational events and incidents from 9.4 and above to the latest schema. Run this task once after upgrading from 9.4 and above\\\",\\r\\n \\r\\n \\\"DLP delete unassociated evidence files\\\",\\r\\n \\r\\n \\\"Deletes DLP system information and user session information for systems that were removed from ePO system tree\\\",\\r\\n \\r\\n \\\"Built-in Disaster Recovery Snapshot Server Task (disabled by default for Microsoft SQL Server Express)\\\",\\r\\n \\r\\n \\\"Detects newly installed discovery servers and enabled them to run discovery scans\\\",\\r\\n \\r\\n \\\"Data Center: Compute Endpoint Reports\\\",\\r\\n \\r\\n \\\"Data Center: Compute Dashboard data\\\",\\r\\n \\r\\n \\\"Runs every 30 minutes and gathers threats for workloads from Point products ENS, ENSL or Solidcore.\\\",\\r\\n \\r\\n \\\"Deletes seven days old threat events data from CWS_THREATEVENTS_LIST table once every 24 hours.\\\",\\r\\n \\r\\n \\\"Evaluate each system against the TIESERVER tag criteria and tag the appropriate systems.\\\",\\r\\n \\r\\n \\\"Synchronizes data between the Active Response Workspace and the cloud platform.\\\"\\r\\n \\r\\n ]\"",
"enabled": "\"[\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true\\r\\n \\r\\n ]\"",
"endDate": "\"[\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\"\\r\\n \\r\\n ]\"",
"id": "\"[\\r\\n \\r\\n *****,\\r\\n \\r\\n ***** ]\"",
"name": "\"[\\r\\n \\r\\n \\\"Update Master Repository\\\",\\r\\n \\r\\n \\\"TIE Server Telemetry\\\",\\r\\n \\r\\n \\\"TIE Server Synchronize Topology\\\",\\r\\n \\r\\n \\\"TIE Server Synchronize CA\\\",\\r\\n \\r\\n \\\"TIE Server Monitoring\\\",\\r\\n \\r\\n \\\"TIE Server Database Maintenance\\\",\\r\\n \\r\\n \\\"TIE Server Data Management\\\",\\r\\n \\r\\n \\\"Synchronize Shared Tasks\\\",\\r\\n \\r\\n \\\"Synchronize Shared Policies\\\",\\r\\n \\r\\n \\\"Send DXL State Event\\\",\\r\\n \\r\\n \\\"Send DXL Certificate Revocations\\\",\\r\\n \\r\\n \\\"Roll Up Data (Local ePO Server)\\\",\\r\\n \\r\\n \\\"Purge Threat and Client Events Older than 90 Days\\\",\\r\\n \\r\\n \\\"Purge Obsolete Appliance Management Data\\\",\\r\\n \\r\\n \\\"Migrate Data to New Tables\\\",\\r\\n \\r\\n \\\"Manage DXL Brokers\\\",\\r\\n \\r\\n \\\"Manage Active Response Servers\\\",\\r\\n \\r\\n \\\"LdapSync: Sync across users from LDAP\\\",\\r\\n \\r\\n \\\"Inactive Agent Cleanup Task\\\",\\r\\n \\r\\n \\\"Generate Records for McAfee Agent Compliance History Reporting\\\",\\r\\n \\r\\n \\\"ePO Database Index Maintenance\\\",\\r\\n \\r\\n \\\"Endpoint Security Firewall Property Translator\\\",\\r\\n \\r\\n \\\"Duplicate Agent GUID - remove systems with potentially duplicated GUIDs\\\",\\r\\n \\r\\n \\\"Duplicate Agent GUID - clear error count\\\",\\r\\n \\r\\n \\\"Download Software Product List\\\",\\r\\n \\r\\n \\\"DLP Set Reviewer for Operational Events and Incidents\\\",\\r\\n \\r\\n \\\"DLP Send Email for Operational Events and Incidents\\\",\\r\\n \\r\\n \\\"DLP Purge Operational Events and Incidents\\\",\\r\\n \\r\\n \\\"DLP Purge History of Operational Events and Incidents\\\",\\r\\n \\r\\n \\\"DLP purge evidences\\\",\\r\\n \\r\\n \\\"DLP Policy Conversion from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n \\\"DLP operational events migration from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n \\\"DLP incident migration from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n \\\"DLP Import MVision Cloud Events\\\",\\r\\n \\r\\n \\\"DLP events conversion 9.4 and above\\\",\\r\\n \\r\\n \\\"DLP delete unassociated evidence files\\\",\\r\\n \\r\\n \\\"DLP delete systems that were removed from ePO system tree\\\",\\r\\n \\r\\n \\\"Disaster Recovery Snapshot Server\\\",\\r\\n \\r\\n \\\"Detect Discovery Servers\\\",\\r\\n \\r\\n \\\"Data Center: Compute Endpoint Reports\\\",\\r\\n \\r\\n \\\"Data Center: Compute Dashboard data\\\",\\r\\n \\r\\n \\\"CWS threat events sync task\\\",\\r\\n \\r\\n \\\"CWS threat events deleter\\\",\\r\\n \\r\\n \\\"Apply TIESERVER Tags to TIE Servers\\\",\\r\\n \\r\\n \\\"Active Response Workspace synchronization\\\"\\r\\n \\r\\n ]\"",
"nextRunTime": "\"[\\r\\n \\r\\n \\\"2019-12-24T01:41:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-29T02:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:30:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-24T00:00:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-24T00:10:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-24T00:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:30:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-29T01:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-29T04:00:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-24T01:42:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T22:30:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-27T23:30:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-28T04:00:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-23T22:00:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-27T04:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T01:59:00-08:00\\\",\\r\\n \\r\\n \\\"None\\\",\\r\\n \\r\\n \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-23T23:00:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n \\\"2019-12-24T00:00:00-08:00\\\"\\r\\n \\r\\n ]\"",
"startDate": "\"[\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-10T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-10-22T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2012-01-01T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2012-01-01T00:00:01-08:00\\\",\\r\\n \\r\\n \\\"2018-06-28T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2018-06-28T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n \\\"2019-06-05T00:00:01-07:00\\\"\\r\\n \\r\\n ]\"",
"valid": "\"[\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n false,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true,\\r\\n \\r\\n true\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
id | name | description | startDate | endDate | nextRunTime | enabled | valid |
*** | Update Master Repository | This default task updates the master repository from the McAfee update site (McAfeeHttp). | 2/14/2018 12:00:01 AM | None | 1/7/2020 1:41:00 AM | True | True |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List All Server Task failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List All Server Task failed. Status Code: 401. Message: Unauthorized. |
List Database
Retrieves a list of all databases.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"name": "ePO",
"databaseType": ""
},
{
"name": "TIE Server 1.1.1.1",
"databaseType": "TieServerSchema"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"name": "ePO",
"databaseType": ""
},
{
"name": "TIE Server 1.1.1.1",
"databaseType": "TieServerSchema"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[\\r\\n {\\r\\n \\\"name\\\": \\\"ePO\\\",\\r\\n \\\"databaseType\\\": \\\"\\\"\\r\\n },\\r\\n {\\r\\n \\\"name\\\": \\\"TIE Server 192.168.88.152\\\",\\r\\n \\\"databaseType\\\": \\\"TieServerSchema\\\"\\r\\n }\\r\\n]\"",
"databaseType": "\"[\\r\\n \\r\\n \\\"\\\",\\r\\n \\r\\n \\\"TieServerSchema\\\"\\r\\n \\r\\n ]\"",
"name": "\"[\\r\\n \\r\\n \\\"ePO\\\",\\r\\n \\r\\n \\\"TIE Server 1.1.1.1\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
name | databaseType |
ePO | |
TIE Server 1.1.1.1 | TieServerSchema |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Database failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Database failed. Status Code: 401. Message: Unauthorized. |
List Data Type
Retrieves all data types.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"type": "udlp_redacted_text",
"operations": [
{
"name": "udlp_eq_redaction_op",
"description": "udlp_eq_redaction_op"
},
{
"name": "not_isBlank",
"description": "Value is not blank"
}
]
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"type": "udlp_redacted_text",
"operations": [
{
"name": "udlp_eq_redaction_op",
"description": "udlp_eq_redaction_op"
},
{
"name": "not_isBlank",
"description": "Value is not blank"
}
]
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\r\\n\\t\\t\\\"type\\\": \\\"udlp_redacted_text\\\",\\r\\n\\t\\t\\\"operations\\\": [\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_eq_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_eq_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"not_isBlank\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"Value is not blank\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_not_contains_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_not_contains_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"isBlank\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"Value is blank\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_contains_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_contains_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_ne_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_ne_redaction_op\\\"\\r\\n\\t\\t\\t}\\r\\n\\t\\t]\\r\\n\\t}]\"",
"operations": "\"[\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_redaction_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_redaction_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_not_contains_redaction_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_not_contains_redaction_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_contains_redaction_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_contains_redaction_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_redaction_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_redaction_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"childOf\\\",\\r\\n \\r\\n \\\"description\\\": \\\"childOf\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"descendsFrom\\\",\\r\\n \\r\\n \\\"description\\\": \\\"descendsFrom\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"withinRepositoryDatVersion\\\",\\r\\n \\r\\n \\\"description\\\": \\\"withinRepositoryDatVersion\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_withinRepositoryDatVersion\\\",\\r\\n \\r\\n \\\"description\\\": \\\"not_withinRepositoryDatVersion\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absNewerThanAbsolute_withoffset_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absNewerThanAbsolute_withoffset_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absOlderThanAbsolute_withoffset_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absOlderThanAbsolute_withoffset_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absBetween_withoffset_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absBetween_withoffset_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_localized_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_localized_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_localized_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_localized_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"childOf\\\",\\r\\n \\r\\n \\\"description\\\": \\\"childOf\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"descendsFrom\\\",\\r\\n \\r\\n \\\"description\\\": \\\"descendsFrom\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isNotNullTrueFalse\\\",\\r\\n \\r\\n \\\"description\\\": \\\"isNotNullTrueFalse\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"in\\\",\\r\\n \\r\\n \\\"description\\\": \\\"in\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_oneToManySingleSelect_not_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_oneToManySingleSelect_not_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_oneToManySingleSelect_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_oneToManySingleSelect_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absOlderThanAbsolute_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absOlderThanAbsolute_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absBetween_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absBetween_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absNewerThanAbsolute_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absNewerThanAbsolute_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_many2many_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_many2many_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_many2many_not_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_many2many_not_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"policynodeDescendsFrom\\\",\\r\\n \\r\\n \\\"description\\\": \\\"policynodeDescendsFrom\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_oneToMany_not_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_oneToMany_not_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_oneToMany_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_oneToMany_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_oneToMany_isNull_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_oneToMany_isNull_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"in\\\",\\r\\n \\r\\n \\\"description\\\": \\\"in\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_rule_id_contains_sexp\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_rule_id_contains_sexp\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_rule_id_not_equals_sexp\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_rule_id_not_equals_sexp\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_rule_id_not_contains_sexp\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_rule_id_not_contains_sexp\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_rule_id_equals_sexp\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_rule_id_equals_sexp\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"hasTagExcluded\\\",\\r\\n \\r\\n \\\"description\\\": \\\"hasTagExcluded\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"hasTag\\\",\\r\\n \\r\\n \\\"description\\\": \\\"hasTag\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"containsTag\\\",\\r\\n \\r\\n \\\"description\\\": \\\"containsTag\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"doesNotHaveTag\\\",\\r\\n \\r\\n \\\"description\\\": \\\"doesNotHaveTag\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"doesNotHaveAnyTag\\\",\\r\\n \\r\\n \\\"description\\\": \\\"doesNotHaveAnyTag\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_localized_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_localized_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_localized_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_localized_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"mac_not_match_any\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not match any of the following\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"mac_match_any\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notBetween\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is not between\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"in_subnet\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Matches subnet mask\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"match_any\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_in_subnet\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not match subnet mask\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_match_any\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not match any of the following\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_in_ipv6_subnet\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not match subnet mask\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notBetween\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is not between\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"match_any\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"in_ipv6_subnet\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Matches subnet mask\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_gt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_ge\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_ne\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_equals\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_mega_le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_mega_le\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"olderThanAbsolute\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is earlier than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"newerThanFull\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is within the last full\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"newerThanAbsolute\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is later than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absNewerThanAbsolute_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absNewerThanAbsolute_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absOlderThanAbsolute_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absOlderThanAbsolute_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_absBetween_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_absBetween_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"discovery_inventory_with_classification_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"discovery_inventory_with_classification_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_many2many_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_many2many_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_many2many_not_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_many2many_not_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"discovery_inventory_without_classification_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"discovery_inventory_without_classification_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_resolution_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_resolution_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_resolution_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_resolution_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_gt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_equals\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_le\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_ne\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_kilo_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_kilo_ge\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_epo_user_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_epo_user_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_epo_user_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_epo_user_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_contains_words_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_contains_words_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"threatcategory_belongs\\\",\\r\\n \\r\\n \\\"description\\\": \\\"threatcategory_belongs\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"threatcategory_not_belongs\\\",\\r\\n \\r\\n \\\"description\\\": \\\"threatcategory_not_belongs\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_reviewer_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_reviewer_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_reviewer_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_reviewer_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_status_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_status_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_status_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_status_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_InnerSelect_contains_all_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_InnerSelect_contains_all_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_InnerSelect_not_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_InnerSelect_not_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_InnerSelect_equal_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_InnerSelect_equal_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isNull\\\",\\r\\n \\r\\n \\\"description\\\": \\\"isNull\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_equals\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_equals\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_le\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_le\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_ne\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_ne\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_lt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_lt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_gt\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_gt\\\"\\r\\n \\r\\n },\\r\\n \\r\\n {\\r\\n \\r\\n \\\"name\\\": \\\"udlp_giga_ge\\\",\\r\\n \\r\\n \\\"description\\\": \\\"udlp_giga_ge\\\"\\r\\n \\r\\n }\\r\\n \\r\\n ]\"",
"type": "\"[\\r\\n \\r\\n \\\"udlp_redacted_text\\\",\\r\\n \\r\\n \\\"fileName\\\",\\r\\n \\r\\n \\\"udlp_opeScanRun_col\\\",\\r\\n \\r\\n \\\"multiselect_group\\\",\\r\\n \\r\\n \\\"megabytes\\\",\\r\\n \\r\\n \\\"file_parent_hash\\\",\\r\\n \\r\\n \\\"float\\\",\\r\\n \\r\\n \\\"productVersion\\\",\\r\\n \\r\\n \\\"list_tags\\\",\\r\\n \\r\\n \\\"optionGroup_enum\\\",\\r\\n \\r\\n \\\"datVersion\\\",\\r\\n \\r\\n \\\"percentage\\\",\\r\\n \\r\\n \\\"udlp_incident_justification_option_col\\\",\\r\\n \\r\\n \\\"text\\\",\\r\\n \\r\\n \\\"udlp_abstimestamp_withoffset_col\\\",\\r\\n \\r\\n \\\"string_enum\\\",\\r\\n \\r\\n \\\"policycolumn\\\",\\r\\n \\r\\n \\\"self_signed\\\",\\r\\n \\r\\n \\\"udlp_localized_lookup\\\",\\r\\n \\r\\n \\\"group\\\",\\r\\n \\r\\n \\\"isNotNull\\\",\\r\\n \\r\\n \\\"engineVersion\\\",\\r\\n \\r\\n \\\"udlp_string_enum\\\",\\r\\n \\r\\n \\\"eventId\\\",\\r\\n \\r\\n \\\"udlp_oneToManySingleSelect\\\",\\r\\n \\r\\n \\\"udlp_abstimestamp_col\\\",\\r\\n \\r\\n \\\"double\\\",\\r\\n \\r\\n \\\"roleuri\\\",\\r\\n \\r\\n \\\"compositeReputation\\\",\\r\\n \\r\\n \\\"certUpdatedRepSummaryPostgresBytea\\\",\\r\\n \\r\\n \\\"timespan\\\",\\r\\n \\r\\n \\\"enum\\\",\\r\\n \\r\\n \\\"udlp_durationMilliSeconds_col\\\",\\r\\n \\r\\n \\\"int_select\\\",\\r\\n \\r\\n \\\"udlp_ManyToMany\\\",\\r\\n \\r\\n \\\"non_arithmetic_int\\\",\\r\\n \\r\\n \\\"policynode\\\",\\r\\n \\r\\n \\\"udlp_oneToMany\\\",\\r\\n \\r\\n \\\"eventIdInt\\\",\\r\\n \\r\\n \\\"string_lookup\\\",\\r\\n \\r\\n \\\"udlp_ruleId_for_operational_116\\\",\\r\\n \\r\\n \\\"udlp_fk_lookup_col\\\",\\r\\n \\r\\n \\\"udlp_capture_search_col\\\",\\r\\n \\r\\n \\\"applied_tags\\\",\\r\\n \\r\\n \\\"percentagefromstring\\\",\\r\\n \\r\\n \\\"string\\\",\\r\\n \\r\\n \\\"children_count\\\",\\r\\n \\r\\n \\\"udlp_case_resolution_col\\\",\\r\\n \\r\\n \\\"udlp_string_lookup\\\",\\r\\n \\r\\n \\\"boolean_success\\\",\\r\\n \\r\\n \\\"non_summable_int\\\",\\r\\n \\r\\n \\\"long\\\",\\r\\n \\r\\n \\\"mac\\\",\\r\\n \\r\\n \\\"udlp_opeScan_col\\\",\\r\\n \\r\\n \\\"ipv4\\\",\\r\\n \\r\\n \\\"udlp_durationSeconds_col\\\",\\r\\n \\r\\n \\\"ipv6\\\",\\r\\n \\r\\n \\\"end_entity_certificate\\\",\\r\\n \\r\\n \\\"udlp_mega_col\\\",\\r\\n \\r\\n \\\"timestamp\\\",\\r\\n \\r\\n \\\"udlp_abstimestamp_endpoint_col\\\",\\r\\n \\r\\n \\\"certNewRepSummaryPostgresBytea\\\",\\r\\n \\r\\n \\\"rules_names\\\",\\r\\n \\r\\n \\\"discovery_inventory_classification\\\",\\r\\n \\r\\n \\\"list_col\\\",\\r\\n \\r\\n \\\"udlp_common_resolution_col\\\",\\r\\n \\r\\n \\\"udlp_kilo_col\\\",\\r\\n \\r\\n \\\"filePath\\\",\\r\\n \\r\\n \\\"udlp_incident_justification_action_label_col\\\",\\r\\n \\r\\n \\\"fileNewRepSummaryPostgresBytea\\\",\\r\\n \\r\\n \\\"issue_type\\\",\\r\\n \\r\\n \\\"udlp_epo_user_col\\\",\\r\\n \\r\\n \\\"udlp_discovery_fileType_col\\\",\\r\\n \\r\\n \\\"complianceQueryName\\\",\\r\\n \\r\\n \\\"udlp_contains_words_col\\\",\\r\\n \\r\\n \\\"int\\\",\\r\\n \\r\\n \\\"udlp_discovery_scanRunId_col\\\",\\r\\n \\r\\n \\\"threatcategory\\\",\\r\\n \\r\\n \\\"udlp_reviewer_col\\\",\\r\\n \\r\\n \\\"boolean\\\",\\r\\n \\r\\n \\\"bytes\\\",\\r\\n \\r\\n \\\"string_lookupWithResolver\\\",\\r\\n \\r\\n \\\"udlp_common_status_col\\\",\\r\\n \\r\\n \\\"udlp_searchable_text\\\",\\r\\n \\r\\n \\\"udlp_InnerSelect\\\",\\r\\n \\r\\n \\\"postgresBytea\\\",\\r\\n \\r\\n \\\"fileUpdatedRepSummaryPostgresBytea\\\",\\r\\n \\r\\n \\\"udlp_true_fileType_col\\\",\\r\\n \\r\\n \\\"cert_impact\\\",\\r\\n \\r\\n \\\"udlp_giga_col\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
type | operations |
udlp_redacted_text | [ { ";name";: ";udlp_eq_redaction_op";, ";description";: ";udlp_eq_redaction_op"; } ] |
fileName | [] |
udlp_opeScanRun_col | [ { ";name";: ";udlp_ne_formatted_op";, ";description";: ";udlp_ne_formatted_op"; } ] |
multiselect_group | [ { ";name";: ";childOf";, ";description";: ";childOf"; } ] |
megabytes | [ { ";name";: ";lt";, ";description";: ";Less than"; } ] |
file_parent_hash | [] |
float | [ { ";name";: ";lt";, ";description";: ";Less than"; } ] |
productVersion | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
list_tags | [] |
optionGroup_enum | [ { ";name";: ";eq";, ";description";: ";Equals"; } ] |
datVersion | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
percentage | [] |
udlp_incident_justification_option_col | [ { ";name";: ";udlp_ne_formatted_op";, ";description";: ";udlp_ne_formatted_op"; } ] |
text | [ { ";name";: ";endsWith";, ";description";: ";Ends with"; } ] |
udlp_abstimestamp_withoffset_col | [ { ";name";: ";udlp_absNewerThanAbsolute_withoffset_op";, ";description";: ";udlp_absNewerThanAbsolute_withoffset_op"; } ] |
string_enum | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; }, { ";name";: ";isBlank";, ";description";: ";Value is blank"; } ] |
policycolumn | [ { ";name";: ";eq";, ";description";: ";Equals"; }, { ";name";: ";ne";, ";description";: ";Does not equal"; } ] |
self_signed | [] |
udlp_localized_lookup | [ { ";name";: ";udlp_eq_localized_op";, ";description";: ";udlp_eq_localized_op"; } ] |
group | [ { ";name";: ";childOf";, ";description";: ";childOf"; } ] |
isNotNull | [ { ";name";: ";isNotNullTrueFalse";, ";description";: ";isNotNullTrueFalse"; } ] |
engineVersion | [ { ";name";: ";version_eq";, ";description";: ";version_eq"; } ] |
udlp_string_enum | [] |
eventId | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
udlp_oneToManySingleSelect | [ { ";name";: ";udlp_oneToManySingleSelect_not_equal_op";, ";description";: ";udlp_oneToManySingleSelect_not_equal_op"; } ] |
udlp_abstimestamp_col | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
double | [ { ";name";: ";lt";, ";description";: ";Less than"; } ] |
roleuri | [] |
compositeReputation | [] |
certUpdatedRepSummaryPostgresBytea | [] |
timespan | [] |
enum | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
udlp_durationMilliSeconds_col | [ { ";name";: ";le";, ";description";: ";Less than or equals"; } ] |
int_select | [ { ";name";: ";lt";, ";description";: ";Less than"; } ] |
udlp_ManyToMany | [ { ";name";: ";udlp_many2many_equal_op";, ";description";: ";udlp_many2many_equal_op"; } ] |
non_arithmetic_int | [] |
policynode | [ { ";name";: ";policynodeDescendsFrom";, ";description";: ";policynodeDescendsFrom"; } ] |
udlp_oneToMany | [ { ";name";: ";udlp_oneToMany_not_equal_op";, ";description";: ";udlp_oneToMany_not_equal_op"; }, { ";name";: ";udlp_oneToMany_equal_op";, ";description";: ";udlp_oneToMany_equal_op"; } ] |
eventIdInt | [ { ";name";: ";in";, ";description";: ";in"; } ] |
string_lookup | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
udlp_ruleId_for_operational_116 | [ { ";name";: ";udlp_rule_id_contains_sexp";, ";description";: ";udlp_rule_id_contains_sexp"; } ] |
udlp_fk_lookup_col | [ { ";name";: ";udlp_ne_formatted_op";, ";description";: ";udlp_ne_formatted_op"; }, { ";name";: ";udlp_eq_formatted_op";, ";description";: ";udlp_eq_formatted_op"; } ] |
udlp_capture_search_col | [ { ";name";: ";eq";, ";description";: ";Equals"; } ] |
applied_tags | [ { ";name";: ";hasTagExcluded";, ";description";: ";hasTagExcluded"; } ] |
percentagefromstring | [] |
string | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
children_count | [] |
udlp_case_resolution_col | [ { ";name";: ";udlp_ne_formatted_op";, ";description";: ";udlp_ne_formatted_op"; }, { ";name";: ";udlp_eq_formatted_op";, ";description";: ";udlp_eq_formatted_op"; } ] |
udlp_string_lookup | [ { ";name";: ";udlp_eq_localized_op";, ";description";: ";udlp_eq_localized_op"; } ] |
boolean_success | [ { ";name";: ";eq";, ";description";: ";Equals"; }, { ";name";: ";ne";, ";description";: ";Does not equal"; } ] |
non_summable_int | [] |
long | [ { ";name";: ";lt";, ";description";: ";Less than"; } ] |
mac | [ { ";name";: ";mac_not_match_any";, ";description";: ";Does not match any of the following"; } ] |
udlp_opeScan_col | [ { ";name";: ";udlp_ne_formatted_op";, ";description";: ";udlp_ne_formatted_op"; } ] |
ipv4 | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
udlp_durationSeconds_col | [ { ";name";: ";le";, ";description";: ";Less than or equals"; } ] |
ipv6 | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
end_entity_certificate | [] |
udlp_mega_col | [ { ";name";: ";udlp_mega_gt";, ";description";: ";udlp_mega_gt"; } ] |
timestamp | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } |
udlp_abstimestamp_endpoint_col | [ { ";name";: ";udlp_absNewerThanAbsolute_op";, ";description";: ";udlp_absNewerThanAbsolute_op"; } ] |
certNewRepSummaryPostgresBytea | [] |
rules_names | [] |
discovery_inventory_classification | [ { ";name";: ";discovery_inventory_with_classification_op";, ";description";: ";discovery_inventory_with_classification_op"; } ] |
list_col | [] |
udlp_common_resolution_col | [ { ";name";: ";udlp_eq_resolution_op";, ";description";: ";udlp_eq_resolution_op"; } ] |
udlp_kilo_col | [ { ";name";: ";udlp_kilo_gt";, ";description";: ";udlp_kilo_gt"; } ] |
filePath | [ { ";name";: ";not_isBlank";, ";description";: ";Value is not blank"; } ] |
udlp_incident_justification_action_label_col | [ |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Data Type failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Data Type failed. Status Code: 401. Message: Unauthorized. |
List Permission Set
Retrieves a list of permission sets.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
{
"list": {
"@id": "1",
"permissionSet": [
{
"@id": "2",
"name": "Global Reviewer",
"roles": {
"role": [
{
"roleUri": "role:ENDP_FW_META.ENDP_FW_META_FW.reviewer"
},
{
"roleUri": "role:EPOAGENTMETA.tasks.reviewer"
},
{
"roleUri": "role:MVEDR___META.MVEDR___META.reviewer"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
},
{
"roleUri": "role:MVEDR___META.tasks.reviewer"
},
{
"roleUri": "role:issue.auditor?type=issue.type.untyped"
},
{
"roleUri": "role:TIEMGMT_META.TIEMGMT_META.reviewer"
},
{
"roleUri": "role:MARCOBA_META.tasks.reviewer"
},
{
"roleUri": "role:DXLCLNT_META.DXLCLNT_META.reviewer"
},
{
"roleUri": "role:softman.viewOnly"
},
{
"roleUri": "role:ENDP_WP_1000.tasks.reviewer"
},
{
"roleUri": "role:ENDP_GS_1000.ENDP_GS_1000.reviewer"
},
{
"roleUri": "role:epo.dir.access",
"customRoleInfo": {
"@roleFactoryId": "epo.dir",
"systems": {
"system": "\\\\"
}
}
},
{
"roleUri": "role:ENDP_AM_1000.tasks.reviewer"
},
{
"roleUri": "role:response.rule.user"
},
{
"roleUri": "role:EPOAGENTMETA.EPOAGENTMETA.reviewer"
},
{
"roleUri": "role:ahRole.viewOnly"
},
{
"roleUri": "role:rs.user"
},
{
"roleUri": "role:core.audit.reviewer"
},
{
"roleUri": "role:DXLBROKRMETA.DXLBROKRMETA.reviewer"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:ENDP_AM_1000.ENDP_AM_1000.reviewer"
},
{
"roleUri": "role:TIEClientMETA.TIEClientMETA.reviewer"
},
{
"roleUri": "role:rollup.execute"
},
{
"roleUri": "role:UDLPSRVR2013.UDLPSRVR2013.reviewer"
},
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:MCPSRVER1000.MCPSRVER1000.reviewer"
},
{
"roleUri": "role:ENDP_WP_1000.ENDP_WP_1000.reviewer"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:ubpRole.viewOnly"
},
{
"roleUri": "role:repoRole.distViewOnly"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.viewOnly"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:repoRole.masterViewOnly"
},
{
"roleUri": "role:ENDP_GS_1000.tasks.reviewer"
}
]
}
},
{
"@id": "3",
"name": "Group Reviewer",
"roles": {
"role": [
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.viewOnly"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:response.rule.user"
}
]
}
},
{
"@id": "4",
"name": "Executive Reviewer",
"roles": {
"role": [
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:epo.dir.access",
"customRoleInfo": {
"@roleFactoryId": "epo.dir",
"systems": {
"system": "\\\\"
}
}
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:epo.event.view"
}
]
}
},
{
"@id": "5",
"name": "MCP Catalog Admin",
"roles": {
"role": [
{
"roleUri": "role:common.catalog.data.general?catalogId=69c1e34e-ede8-43ae-95b0-e731d177cdab&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
},
{
"roleUri": "role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
},
{
"roleUri": "role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile="
},
{
"roleUri": "role:MCPSRVER1000.MCPSRVER1000.admin"
}
]
}
},
{
"@id": "6",
"name": "Group Active Response Editor",
"roles": {
"role": [
{
"roleUri": "role:mar-server.reactionRole.write"
},
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.admin"
},
{
"roleUri": "role:mar-server.collectorRole.write"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:mar-server.triggerRole.write"
}
]
}
},
{
"@id": "7",
"name": "Group Active Response Responder",
"roles": {
"role": [
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
},
{
"roleUri": "role:mar-server.triggerRole.read"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:mar-server.reactionRole.read"
},
{
"roleUri": "role:mar-server.collectorRole.read"
}
]
}
},
{
"@id": "8",
"name": "Group Active Response Workspace Monitor",
"roles": {
"role": [
{
"roleUri": "role:mar-server.searchRole.read"
},
{
"roleUri": "role:mar-workspace.workspace.read"
},
{
"roleUri": "role:mar-server.collectorRole.read"
},
{
"roleUri": "role:tie.viewer"
}
]
}
},
{
"@id": "9",
"name": "Group Active Response Workspace Responder",
"roles": {
"role": [
{
"roleUri": "role:mar-server.triggerRole.write"
},
{
"roleUri": "role:mar-server.reactionRole.run"
},
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:mar-server.collectorRole.write"
},
{
"roleUri": "role:tie.manager"
},
{
"roleUri": "role:mar-workspace.workspace.write"
},
{
"roleUri": "role:mar-server.reactionRole.write"
}
]
}
},
{
"@id": "10",
"name": "Group MVISION EDR FW",
"roles": {
"role": {
"roleUri": "role:copperfieldFw.write"
}
}
},
{
"@id": "11",
"name": "Group Admin",
"roles": {
"role": [
{
"roleUri": "role:udlp.helpDesk.actions.agentOverrideKey.creator"
},
{
"roleUri": "role:UDLPSRVR2013.operational.reviewer.full"
},
{
"roleUri": "role:udlp.helpDesk.actions.agentUninstallKey.creator"
},
{
"roleUri": "role:core.addressbook.admin"
},
{
"roleUri": "role:core.dash.user"
},
{
"roleUri": "role:epo.core.modify.tree"
},
{
"roleUri": "role:UDLPSRVR2013.policy.list?masterPerm=VIEW"
},
{
"roleUri": "role:UDLPSRVR2013.incident.task?email=true&purge=true&setReviewer=true"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:epo.core.deploy.agent"
},
{
"roleUri": "role:UDLPSRVR2013.ruleSet.list?masterPerm=FULL"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.overRide"
},
{
"roleUri": "role:epo.core.tagcat.user"
},
{
"roleUri": "role:ubpRole.viewOnly"
},
{
"roleUri": "role:UDLPSRVR2013.definition.list?itemTypeId80=perm.FULL&itemTypeId81=perm.FULL&itemTypeId9=perm.FULL&itemTypeId82=perm.FULL&itemTypeId8=perm.FULL&itemTypeId83=perm.FULL&itemTypeId84=perm.FULL&itemTypeId85=perm.FULL&itemTypeId20=perm.FULL&itemTypeId86=perm.FULL&itemTypeId1000=perm.FULL&itemTypeId21=perm.FULL&itemTypeId87=perm.FULL&itemTypeId88=perm.FULL&itemTypeId23=perm.FULL&itemTypeId24=perm.FULL&itemTypeId26=perm.FULL&catalogId=d3ab4ed4-efab-48d2-840d-714cbf76b888&itemTypeId3=perm.FULL&itemTypeId2=perm.FULL&itemTypeId1=perm.FULL&itemTypeId0=perm.FULL&itemTypeId6=perm.FULL&itemTypeId5=perm.FULL&itemTypeId4=perm.FULL&itemTypeId90=perm.FULL&itemTypeId91=perm.FULL&itemTypeId92=perm.FULL&itemTypeId93=perm.FULL&itemTypeId94=perm.FULL&itemTypeId10=perm.FULL&itemTypeId2000=perm.FULL&itemTypeId11=perm.FULL&itemTypeId12=perm.FULL&itemTypeId103=perm.FULL&itemTypeId79=perm.FULL&itemTypeId15=perm.FULL&itemTypeId100=perm.FULL&itemTypeId16=perm.FULL&itemTypeId17=perm.FULL&itemTypeId102=perm.FULL&itemTypeId101=perm.FULL"
},
{
"roleUri": "role:ahRole.viewOnly"
},
{
"roleUri": "role:repoRole.distViewOnly"
},
{
"roleUri": "role:UDLPSRVR2013.incident.reviewer.full?skyhigh=true"
},
{
"roleUri": "role:UDLPSRVR2013.operational.task?email=true&purge=true&setReviewer=true"
},
{
"roleUri": "role:repoRole.masterViewOnly"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:UDLPSRVR2013.incident.redaction?view=true&reveal=true"
},
{
"roleUri": "role:epo.event.admin"
},
{
"roleUri": "role:UDLPSRVR2013.discover.main.full"
},
{
"roleUri": "role:UDLPSRVR2013.case.reviewer.full"
},
{
"roleUri": "role:response.rule.admin"
},
{
"roleUri": "role:UDLPSRVR2013.capture.main.full"
},
{
"roleUri": "role:UDLPSRVR2013.incident.evidence?viewFile=true&viewMatch=true"
},
{
"roleUri": "role:udlp.helpDesk.actions.agentReleaseFromQuarantineKey.creator"
},
{
"roleUri": "role:udlp.helpDesk.actions.masterReleaseKey.creator"
},
{
"roleUri": "role:notes.fullPerms"
},
{
"roleUri": "role:UDLPSRVR2013.classification.action?regDocsAndWhitelist=true&manualClassification=true"
},
{
"roleUri": "role:core.audit.reviewer"
},
{
"roleUri": "role:UDLPSRVR2013.incident.type?endpointDiscovery=true&data=true&device=true&discovery=true&skyhigh=true"
},
{
"roleUri": "role:epo.core.wakeup.agent"
},
{
"roleUri": "role:UDLPSRVR2013.classification.list?masterPerm=FULL"
},
{
"roleUri": "role:epo.core.tag.assign"
},
{
"roleUri": "role:UDLPSRVR2013.dlp.settings?advancedTab=true&skyhighTab=true&caseTab=true&backupRestoreTab=true&generalTab=true&incidentTab=true&operationalTab=true"
},
{
"roleUri": "role:UDLPSRVR2013.rule.type.full?data=true&device=true&discovery=true"
},
{
"roleUri": "role:core.query.user"
}
]
}
}
]
}
}
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"@id": "2",
"name": "Global Reviewer",
"roles": {
"role": [
{
"roleUri": "role:ENDP_FW_META.ENDP_FW_META_FW.reviewer"
},
{
"roleUri": "role:EPOAGENTMETA.tasks.reviewer"
},
{
"roleUri": "role:MVEDR___META.MVEDR___META.reviewer"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
},
{
"roleUri": "role:MVEDR___META.tasks.reviewer"
},
{
"roleUri": "role:issue.auditor?type=issue.type.untyped"
},
{
"roleUri": "role:TIEMGMT_META.TIEMGMT_META.reviewer"
},
{
"roleUri": "role:MARCOBA_META.tasks.reviewer"
},
{
"roleUri": "role:DXLCLNT_META.DXLCLNT_META.reviewer"
},
{
"roleUri": "role:softman.viewOnly"
},
{
"roleUri": "role:ENDP_WP_1000.tasks.reviewer"
},
{
"roleUri": "role:ENDP_GS_1000.ENDP_GS_1000.reviewer"
},
{
"roleUri": "role:epo.dir.access",
"customRoleInfo": {
"@roleFactoryId": "epo.dir",
"systems": {
"system": "\\"
}
}
},
{
"roleUri": "role:ENDP_AM_1000.tasks.reviewer"
},
{
"roleUri": "role:response.rule.user"
},
{
"roleUri": "role:EPOAGENTMETA.EPOAGENTMETA.reviewer"
},
{
"roleUri": "role:ahRole.viewOnly"
},
{
"roleUri": "role:rs.user"
},
{
"roleUri": "role:core.audit.reviewer"
},
{
"roleUri": "role:DXLBROKRMETA.DXLBROKRMETA.reviewer"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:ENDP_AM_1000.ENDP_AM_1000.reviewer"
},
{
"roleUri": "role:TIEClientMETA.TIEClientMETA.reviewer"
},
{
"roleUri": "role:rollup.execute"
},
{
"roleUri": "role:UDLPSRVR2013.UDLPSRVR2013.reviewer"
},
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:MCPSRVER1000.MCPSRVER1000.reviewer"
},
{
"roleUri": "role:ENDP_WP_1000.ENDP_WP_1000.reviewer"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:ubpRole.viewOnly"
},
{
"roleUri": "role:repoRole.distViewOnly"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.viewOnly"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:repoRole.masterViewOnly"
},
{
"roleUri": "role:ENDP_GS_1000.tasks.reviewer"
}
]
}
},
{
"@id": "3",
"name": "Group Reviewer",
"roles": {
"role": [
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.viewOnly"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:response.rule.user"
}
]
}
},
{
"@id": "4",
"name": "Executive Reviewer",
"roles": {
"role": [
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:core.query.guest"
},
{
"roleUri": "role:epo.dir.access",
"customRoleInfo": {
"@roleFactoryId": "epo.dir",
"systems": {
"system": "\\"
}
}
},
{
"roleUri": "role:core.dash.viewer"
},
{
"roleUri": "role:core.addressbook.guest"
},
{
"roleUri": "role:epo.event.view"
}
]
}
},
{
"@id": "5",
"name": "MCP Catalog Admin",
"roles": {
"role": [
{
"roleUri": "role:common.catalog.data.general?catalogId=69c1e34e-ede8-43ae-95b0-e731d177cdab&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
},
{
"roleUri": "role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
},
{
"roleUri": "role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile="
},
{
"roleUri": "role:MCPSRVER1000.MCPSRVER1000.admin"
}
]
}
},
{
"@id": "6",
"name": "Group Active Response Editor",
"roles": {
"role": [
{
"roleUri": "role:mar-server.reactionRole.write"
},
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.admin"
},
{
"roleUri": "role:mar-server.collectorRole.write"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:mar-server.triggerRole.write"
}
]
}
},
{
"@id": "7",
"name": "Group Active Response Responder",
"roles": {
"role": [
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
},
{
"roleUri": "role:mar-server.triggerRole.read"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:mar-server.reactionRole.read"
},
{
"roleUri": "role:mar-server.collectorRole.read"
}
]
}
},
{
"@id": "8",
"name": "Group Active Response Workspace Monitor",
"roles": {
"role": [
{
"roleUri": "role:mar-server.searchRole.read"
},
{
"roleUri": "role:mar-workspace.workspace.read"
},
{
"roleUri": "role:mar-server.collectorRole.read"
},
{
"roleUri": "role:tie.viewer"
}
]
}
},
{
"@id": "9",
"name": "Group Active Response Workspace Responder",
"roles": {
"role": [
{
"roleUri": "role:mar-server.triggerRole.write"
},
{
"roleUri": "role:mar-server.reactionRole.run"
},
{
"roleUri": "role:mar-server.searchRole.write"
},
{
"roleUri": "role:mar-server.collectorRole.write"
},
{
"roleUri": "role:tie.manager"
},
{
"roleUri": "role:mar-workspace.workspace.write"
},
{
"roleUri": "role:mar-server.reactionRole.write"
}
]
}
},
{
"@id": "10",
"name": "Group MVISION EDR FW",
"roles": {
"role": {
"roleUri": "role:copperfieldFw.write"
}
}
},
{
"@id": "11",
"name": "Group Admin",
"roles": {
"role": [
{
"roleUri": "role:udlp.helpDesk.actions.agentOverrideKey.creator"
},
{
"roleUri": "role:UDLPSRVR2013.operational.reviewer.full"
},
{
"roleUri": "role:udlp.helpDesk.actions.agentUninstallKey.creator"
},
{
"roleUri": "role:core.addressbook.admin"
},
{
"roleUri": "role:core.dash.user"
},
{
"roleUri": "role:epo.core.modify.tree"
},
{
"roleUri": "role:UDLPSRVR2013.policy.list?masterPerm=VIEW"
},
{
"roleUri": "role:UDLPSRVR2013.incident.task?email=true&purge=true&setReviewer=true"
},
{
"roleUri": "role:epo.productevents.view"
},
{
"roleUri": "role:scheduler.view"
},
{
"roleUri": "role:epo.core.deploy.agent"
},
{
"roleUri": "role:UDLPSRVR2013.ruleSet.list?masterPerm=FULL"
},
{
"roleUri": "role:epo.event.view"
},
{
"roleUri": "role:notes.overRide"
},
{
"roleUri": "role:epo.core.tagcat.user"
},
{
"roleUri": "role:ubpRole.viewOnly"
},
{
"roleUri": "role:UDLPSRVR2013.definition.list?itemTypeId80=perm.FULL&itemTypeId81=perm.FULL&itemTypeId9=perm.FULL&itemTypeId82=perm.FULL&itemTypeId8=perm.FULL&itemTypeId83=perm.FULL&itemTypeId84=perm.FULL&itemTypeId85=perm.FULL&itemTypeId20=perm.FULL&itemTypeId86=perm.FULL&itemTypeId1000=perm.FULL&itemTypeId21=perm.FULL&itemTypeId87=perm.FULL&itemTypeId88=perm.FULL&itemTypeId23=perm.FULL&itemTypeId24=perm.FULL&itemTypeId26=perm.FULL&catalogId=d3ab4ed4-efab-48d2-840d-714cbf76b888&itemTypeId3=perm.FULL&itemTypeId2=perm.FULL&itemTypeId1=perm.FULL&itemTypeId0=perm.FULL&itemTypeId6=perm.FULL&itemTypeId5=perm.FULL&itemTypeId4=perm.FULL&itemTypeId90=perm.FULL&itemTypeId91=perm.FULL&itemTypeId92=perm.FULL&itemTypeId93=perm.FULL&itemTypeId94=perm.FULL&itemTypeId10=perm.FULL&itemTypeId2000=perm.FULL&itemTypeId11=perm.FULL&itemTypeId12=perm.FULL&itemTypeId103=perm.FULL&itemTypeId79=perm.FULL&itemTypeId15=perm.FULL&itemTypeId100=perm.FULL&itemTypeId16=perm.FULL&itemTypeId17=perm.FULL&itemTypeId102=perm.FULL&itemTypeId101=perm.FULL"
},
{
"roleUri": "role:ahRole.viewOnly"
},
{
"roleUri": "role:repoRole.distViewOnly"
},
{
"roleUri": "role:UDLPSRVR2013.incident.reviewer.full?skyhigh=true"
},
{
"roleUri": "role:UDLPSRVR2013.operational.task?email=true&purge=true&setReviewer=true"
},
{
"roleUri": "role:repoRole.masterViewOnly"
},
{
"roleUri": "role:epo.core.view.tree"
},
{
"roleUri": "role:UDLPSRVR2013.incident.redaction?view=true&reveal=true"
},
{
"roleUri": "role:epo.event.admin"
},
{
"roleUri": "role:UDLPSRVR2013.discover.main.full"
},
{
"roleUri": "role:UDLPSRVR2013.case.reviewer.full"
},
{
"roleUri": "role:response.rule.admin"
},
{
"roleUri": "role:UDLPSRVR2013.capture.main.full"
},
{
"roleUri": "role:UDLPSRVR2013.incident.evidence?viewFile=true&viewMatch=true"
},
{
"roleUri": "role:udlp.helpDesk.actions.agentReleaseFromQuarantineKey.creator"
},
{
"roleUri": "role:udlp.helpDesk.actions.masterReleaseKey.creator"
},
{
"roleUri": "role:notes.fullPerms"
},
{
"roleUri": "role:UDLPSRVR2013.classification.action?regDocsAndWhitelist=true&manualClassification=true"
},
{
"roleUri": "role:core.audit.reviewer"
},
{
"roleUri": "role:UDLPSRVR2013.incident.type?endpointDiscovery=true&data=true&device=true&discovery=true&skyhigh=true"
},
{
"roleUri": "role:epo.core.wakeup.agent"
},
{
"roleUri": "role:UDLPSRVR2013.classification.list?masterPerm=FULL"
},
{
"roleUri": "role:epo.core.tag.assign"
},
{
"roleUri": "role:UDLPSRVR2013.dlp.settings?advancedTab=true&skyhighTab=true&caseTab=true&backupRestoreTab=true&generalTab=true&incidentTab=true&operationalTab=true"
},
{
"roleUri": "role:UDLPSRVR2013.rule.type.full?data=true&device=true&discovery=true"
},
{
"roleUri": "role:core.query.user"
}
]
}
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
No Sample Data
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
@ID | NAME | ROLES |
---|---|---|
2 | Global Reviewer | { |
3 | Group Reviewer | { |
4 | Executive Reviewer | { |
5 | MCP Catalog Admin | { |
6 | Group Active Response Editor | { |
7 | Group Active Response Responder | { |
8 | Group Active Response Workspace Monitor | { |
9 | Group Active Response Workspace Responder | { |
10 | Group MVISION EDR FW | { |
11 | Group Admin | { |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Permission Set failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Permission Set failed. Status Code: 401. Message: Unauthorized. |
List Query
Retrieves a list of all queries.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"id": 1,
"name": "Effective permissions for users",
"description": "Shows all permissions for each user",
"conditionSexp": "Permission Does not equal \"%%NOEPOROLES%%\"",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:39-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:39-08:00"
},
{
"id": 2,
"name": "Permission set details",
"description": "Shows the permissions associated with each permission set",
"conditionSexp": "",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:41-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:41-08:00"
},
{
"id": 3,
"name": "Permission set membership",
"description": "Shows the permission sets associated with each principal",
"conditionSexp": "",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:41-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:41-08:00"
},
{
"id": 4,
"name": "Failed User Actions in ePO Console within Last 30 Days",
"description": "Displays a table of all failed actions within the last 30 days from the Audit Log.",
"conditionSexp": "(Success Equals False and Start Time Is within the last 1 Months)",
"groupName": "User Auditing",
"userName": "Public",
"databaseType": "",
"target": "OrionAuditLog",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:19-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:19-08:00"
},
{
"id": 5,
"name": "Today's Detections per Product",
"description": "Displays a pie chart of detections within the last 24 hours organized by detecting product.",
"conditionSexp": "(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)",
"groupName": "Detections and Compliance",
"userName": "Public",
"databaseType": "",
"target": "EPOEvents",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:19-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:19-08:00"
},
{
"id": 6,
"name": "Systems per Top-Level Group",
"description": "Displays a bar chart of your managed systems organized by top-level System Tree group.",
"conditionSexp": "Managed State Equals Managed",
"groupName": "System Management",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2019-05-23T20:54:41-07:00",
"modifiedBy": "admin",
"modifiedOn": "2019-05-23T20:54:41-07:00"
},
{
"id": 7,
"name": "Duplicate Systems Names",
"description": "Lists all system names that appear in multiple System Tree locations.",
"conditionSexp": "System Name Is duplicated ",
"groupName": "System Management",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:20-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:20-08:00"
},
{
"id": 8,
"name": "McAfee Agent Compliance Summary",
"description": "Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.",
"conditionSexp": "Last Communication Is within the last 1 Days",
"groupName": "Detections and Compliance",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2019-05-23T20:54:40-07:00",
"modifiedBy": "admin",
"modifiedOn": "2019-05-23T20:54:40-07:00"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"id": 1,
"name": "Effective permissions for users",
"description": "Shows all permissions for each user",
"conditionSexp": "Permission Does not equal \"%%NOEPOROLES%%\"",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:39-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:39-08:00"
},
{
"id": 2,
"name": "Permission set details",
"description": "Shows the permissions associated with each permission set",
"conditionSexp": "",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:41-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:41-08:00"
},
{
"id": 3,
"name": "Permission set membership",
"description": "Shows the permission sets associated with each principal",
"conditionSexp": "",
"groupName": "Permissions",
"userName": "Public",
"databaseType": "",
"target": "EntitlementView",
"createdBy": "admin",
"createdOn": "2018-02-14T13:00:41-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:00:41-08:00"
},
{
"id": 4,
"name": "Failed User Actions in ePO Console within Last 30 Days",
"description": "Displays a table of all failed actions within the last 30 days from the Audit Log.",
"conditionSexp": "(Success Equals False and Start Time Is within the last 1 Months)",
"groupName": "User Auditing",
"userName": "Public",
"databaseType": "",
"target": "OrionAuditLog",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:19-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:19-08:00"
},
{
"id": 5,
"name": "Today's Detections per Product",
"description": "Displays a pie chart of detections within the last 24 hours organized by detecting product.",
"conditionSexp": "(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)",
"groupName": "Detections and Compliance",
"userName": "Public",
"databaseType": "",
"target": "EPOEvents",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:19-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:19-08:00"
},
{
"id": 6,
"name": "Systems per Top-Level Group",
"description": "Displays a bar chart of your managed systems organized by top-level System Tree group.",
"conditionSexp": "Managed State Equals Managed",
"groupName": "System Management",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2019-05-23T20:54:41-07:00",
"modifiedBy": "admin",
"modifiedOn": "2019-05-23T20:54:41-07:00"
},
{
"id": 7,
"name": "Duplicate Systems Names",
"description": "Lists all system names that appear in multiple System Tree locations.",
"conditionSexp": "System Name Is duplicated ",
"groupName": "System Management",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2018-02-14T13:04:20-08:00",
"modifiedBy": "admin",
"modifiedOn": "2018-02-14T13:04:20-08:00"
},
{
"id": 8,
"name": "McAfee Agent Compliance Summary",
"description": "Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.",
"conditionSexp": "Last Communication Is within the last 1 Days",
"groupName": "Detections and Compliance",
"userName": "Public",
"databaseType": "",
"target": "EPOLeafNode",
"createdBy": "admin",
"createdOn": "2019-05-23T20:54:40-07:00",
"modifiedBy": "admin",
"modifiedOn": "2019-05-23T20:54:40-07:00"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[{\\r\\n \\\"id\\\": 1,\\r\\n \\\"name\\\": \\\"Effective permissions for users\\\",\\r\\n \\\"description\\\": \\\"Shows all permissions for each user\\\",\\r\\n \\\"conditionSexp\\\": \\\"Permission Does not equal \\\\\\\"%%NOEPOROLES%%\\\\\\\"\\\",\\r\\n \\\"groupName\\\": \\\"Permissions\\\",\\r\\n \\\"userName\\\": \\\"Public\\\",\\r\\n \\\"databaseType\\\": \\\"\\\",\\r\\n \\\"target\\\": \\\"EntitlementView\\\",\\r\\n \\\"createdBy\\\": \\\"admin\\\",\\r\\n \\\"createdOn\\\": \\\"2022-04-21T16:10:53-07:00\\\",\\r\\n \\\"modifiedBy\\\": \\\"admin\\\",\\r\\n \\\"modifiedOn\\\": \\\"2022-04-21T16:10:53-07:00\\\"\\r\\n } ]\"",
"id": "\"[\\r\\n\\t\\t\\t1,\\r\\n\\t\\t\\t2,\\r\\n\\t\\t\\t3,\\r\\n\\t\\t\\t4,\\r\\n\\t\\t\\t5,\\r\\n\\t\\t\\t6,\\r\\n\\t\\t\\t7,\\r\\n\\t\\t\\t8,\\r\\n\\t\\t\\t9,\\r\\n\\t\\t\\t10,\\r\\n\\t\\t\\t11,\\r\\n\\t\\t\\t12,\\r\\n\\t\\t\\t13,\\r\\n\\t\\t\\t14,\\r\\n\\t\\t\\t15,\\r\\n\\t\\t\\t16,\\r\\n\\t\\t\\t17,\\r\\n\\t\\t\\t18,\\r\\n\\t\\t\\t19,\\r\\n\\t\\t\\t20,\\r\\n\\t\\t\\t21,\\r\\n\\t\\t\\t50,\\r\\n\\t\\t\\t51,\\r\\n\\t\\t\\t22,\\r\\n\\t\\t\\t23,\\r\\n\\t\\t\\t24,\\r\\n\\t\\t\\t25,\\r\\n\\t\\t\\t26,\\r\\n\\t\\t\\t27,\\r\\n\\t\\t\\t28,\\r\\n\\t\\t\\t29,\\r\\n\\t\\t\\t30,\\r\\n\\t\\t\\t31,\\r\\n\\t\\t\\t32,\\r\\n\\t\\t\\t33,\\r\\n\\t\\t\\t34,\\r\\n\\t\\t\\t35,\\r\\n\\t\\t\\t36,\\r\\n\\t\\t\\t37,\\r\\n\\t\\t\\t38,\\r\\n\\t\\t\\t40,\\r\\n\\t\\t\\t41,\\r\\n\\t\\t\\t42,\\r\\n\\t\\t\\t43,\\r\\n\\t\\t\\t39,\\r\\n\\t\\t\\t52,\\r\\n\\t\\t\\t53,\\r\\n\\t\\t\\t54,\\r\\n\\t\\t\\t55,\\r\\n\\t\\t\\t110,\\r\\n\\t\\t\\t111,\\r\\n\\t\\t\\t112,\\r\\n\\t\\t\\t113,\\r\\n\\t\\t\\t114,\\r\\n\\t\\t\\t115,\\r\\n\\t\\t\\t116,\\r\\n\\t\\t\\t117,\\r\\n\\t\\t\\t118,\\r\\n\\t\\t\\t119,\\r\\n\\t\\t\\t120,\\r\\n\\t\\t\\t121,\\r\\n\\t\\t\\t122,\\r\\n\\t\\t\\t123,\\r\\n\\t\\t\\t125,\\r\\n\\t\\t\\t126,\\r\\n\\t\\t\\t127,\\r\\n\\t\\t\\t124,\\r\\n\\t\\t\\t128,\\r\\n\\t\\t\\t129,\\r\\n\\t\\t\\t130,\\r\\n\\t\\t\\t131,\\r\\n\\t\\t\\t132,\\r\\n\\t\\t\\t133,\\r\\n\\t\\t\\t134,\\r\\n\\t\\t\\t135,\\r\\n\\t\\t\\t136,\\r\\n\\t\\t\\t137,\\r\\n\\t\\t\\t138,\\r\\n\\t\\t\\t139,\\r\\n\\t\\t\\t140,\\r\\n\\t\\t\\t141,\\r\\n\\t\\t\\t142,\\r\\n\\t\\t\\t143,\\r\\n\\t\\t\\t189,\\r\\n\\t\\t\\t286,\\r\\n\\t\\t\\t287,\\r\\n\\t\\t\\t56,\\r\\n\\t\\t\\t57,\\r\\n\\t\\t\\t58,\\r\\n\\t\\t\\t59,\\r\\n\\t\\t\\t60,\\r\\n\\t\\t\\t61,\\r\\n\\t\\t\\t62,\\r\\n\\t\\t\\t63,\\r\\n\\t\\t\\t64,\\r\\n\\t\\t\\t65,\\r\\n\\t\\t\\t66,\\r\\n\\t\\t\\t67,\\r\\n\\t\\t\\t68,\\r\\n\\t\\t\\t69,\\r\\n\\t\\t\\t70,\\r\\n\\t\\t\\t71,\\r\\n\\t\\t\\t72,\\r\\n\\t\\t\\t73,\\r\\n\\t\\t\\t74,\\r\\n\\t\\t\\t75,\\r\\n\\t\\t\\t76,\\r\\n\\t\\t\\t77,\\r\\n\\t\\t\\t78,\\r\\n\\t\\t\\t79,\\r\\n\\t\\t\\t80,\\r\\n\\t\\t\\t81,\\r\\n\\t\\t\\t82,\\r\\n\\t\\t\\t83,\\r\\n\\t\\t\\t84,\\r\\n\\t\\t\\t85,\\r\\n\\t\\t\\t86,\\r\\n\\t\\t\\t87,\\r\\n\\t\\t\\t88,\\r\\n\\t\\t\\t89,\\r\\n\\t\\t\\t90,\\r\\n\\t\\t\\t91,\\r\\n\\t\\t\\t92,\\r\\n\\t\\t\\t93,\\r\\n\\t\\t\\t94,\\r\\n\\t\\t\\t95,\\r\\n\\t\\t\\t96,\\r\\n\\t\\t\\t281,\\r\\n\\t\\t\\t282,\\r\\n\\t\\t\\t296,\\r\\n\\t\\t\\t297,\\r\\n\\t\\t\\t298,\\r\\n\\t\\t\\t97,\\r\\n\\t\\t\\t98,\\r\\n\\t\\t\\t99,\\r\\n\\t\\t\\t100,\\r\\n\\t\\t\\t101,\\r\\n\\t\\t\\t102,\\r\\n\\t\\t\\t103,\\r\\n\\t\\t\\t104,\\r\\n\\t\\t\\t105,\\r\\n\\t\\t\\t106,\\r\\n\\t\\t\\t107,\\r\\n\\t\\t\\t108,\\r\\n\\t\\t\\t109,\\r\\n\\t\\t\\t316,\\r\\n\\t\\t\\t317,\\r\\n\\t\\t\\t321,\\r\\n\\t\\t\\t322,\\r\\n\\t\\t\\t323,\\r\\n\\t\\t\\t324,\\r\\n\\t\\t\\t325,\\r\\n\\t\\t\\t144,\\r\\n\\t\\t\\t145,\\r\\n\\t\\t\\t146,\\r\\n\\t\\t\\t147,\\r\\n\\t\\t\\t148,\\r\\n\\t\\t\\t149,\\r\\n\\t\\t\\t150,\\r\\n\\t\\t\\t151,\\r\\n\\t\\t\\t152,\\r\\n\\t\\t\\t153,\\r\\n\\t\\t\\t154,\\r\\n\\t\\t\\t155,\\r\\n\\t\\t\\t156,\\r\\n\\t\\t\\t188,\\r\\n\\t\\t\\t326,\\r\\n\\t\\t\\t327,\\r\\n\\t\\t\\t331,\\r\\n\\t\\t\\t333,\\r\\n\\t\\t\\t334,\\r\\n\\t\\t\\t335,\\r\\n\\t\\t\\t283,\\r\\n\\t\\t\\t288,\\r\\n\\t\\t\\t289,\\r\\n\\t\\t\\t290,\\r\\n\\t\\t\\t291,\\r\\n\\t\\t\\t292,\\r\\n\\t\\t\\t293,\\r\\n\\t\\t\\t301,\\r\\n\\t\\t\\t302,\\r\\n\\t\\t\\t304,\\r\\n\\t\\t\\t305,\\r\\n\\t\\t\\t306,\\r\\n\\t\\t\\t328,\\r\\n\\t\\t\\t185,\\r\\n\\t\\t\\t186,\\r\\n\\t\\t\\t187,\\r\\n\\t\\t\\t329,\\r\\n\\t\\t\\t330,\\r\\n\\t\\t\\t361,\\r\\n\\t\\t\\t362,\\r\\n\\t\\t\\t363,\\r\\n\\t\\t\\t364,\\r\\n\\t\\t\\t365,\\r\\n\\t\\t\\t366,\\r\\n\\t\\t\\t367,\\r\\n\\t\\t\\t368,\\r\\n\\t\\t\\t369,\\r\\n\\t\\t\\t370,\\r\\n\\t\\t\\t371,\\r\\n\\t\\t\\t372,\\r\\n\\t\\t\\t373,\\r\\n\\t\\t\\t374,\\r\\n\\t\\t\\t375,\\r\\n\\t\\t\\t376,\\r\\n\\t\\t\\t377,\\r\\n\\t\\t\\t378,\\r\\n\\t\\t\\t380,\\r\\n\\t\\t\\t382,\\r\\n\\t\\t\\t332,\\r\\n\\t\\t\\t336,\\r\\n\\t\\t\\t337,\\r\\n\\t\\t\\t338,\\r\\n\\t\\t\\t339,\\r\\n\\t\\t\\t340,\\r\\n\\t\\t\\t341,\\r\\n\\t\\t\\t342,\\r\\n\\t\\t\\t343,\\r\\n\\t\\t\\t344,\\r\\n\\t\\t\\t345,\\r\\n\\t\\t\\t346,\\r\\n\\t\\t\\t347,\\r\\n\\t\\t\\t348,\\r\\n\\t\\t\\t349,\\r\\n\\t\\t\\t276,\\r\\n\\t\\t\\t277,\\r\\n\\t\\t\\t350,\\r\\n\\t\\t\\t351,\\r\\n\\t\\t\\t352,\\r\\n\\t\\t\\t353,\\r\\n\\t\\t\\t354,\\r\\n\\t\\t\\t355,\\r\\n\\t\\t\\t356,\\r\\n\\t\\t\\t357,\\r\\n\\t\\t\\t358,\\r\\n\\t\\t\\t359,\\r\\n\\t\\t\\t360,\\r\\n\\t\\t\\t278,\\r\\n\\t\\t\\t279,\\r\\n\\t\\t\\t280,\\r\\n\\t\\t\\t284,\\r\\n\\t\\t\\t285,\\r\\n\\t\\t\\t275,\\r\\n\\t\\t\\t294,\\r\\n\\t\\t\\t295,\\r\\n\\t\\t\\t299,\\r\\n\\t\\t\\t300,\\r\\n\\t\\t\\t303,\\r\\n\\t\\t\\t307,\\r\\n\\t\\t\\t308,\\r\\n\\t\\t\\t309,\\r\\n\\t\\t\\t310,\\r\\n\\t\\t\\t311,\\r\\n\\t\\t\\t312,\\r\\n\\t\\t\\t313,\\r\\n\\t\\t\\t314,\\r\\n\\t\\t\\t315,\\r\\n\\t\\t\\t318,\\r\\n\\t\\t\\t319,\\r\\n\\t\\t\\t320,\\r\\n\\t\\t\\t379,\\r\\n\\t\\t\\t381,\\r\\n\\t\\t\\t383,\\r\\n\\t\\t\\t384,\\r\\n\\t\\t\\t385,\\r\\n\\t\\t\\t386,\\r\\n\\t\\t\\t387,\\r\\n\\t\\t\\t388\\r\\n\\t\\t]\"",
"name": "\"[\\r\\n\\t\\t\\t\\\"Effective permissions for users\\\",\\r\\n\\t\\t\\t\\\"Permission set details\\\",\\r\\n\\t\\t\\t\\\"Permission set membership\\\",\\r\\n\\t\\t\\t\\\"Failed User Actions in ePO Console within Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Today's Detections per Product\\\",\\r\\n\\t\\t\\t\\\"Systems per Top-Level Group\\\",\\r\\n\\t\\t\\t\\\"Duplicate Systems Names\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent Compliance Summary\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent Compliance History\\\",\\r\\n\\t\\t\\t\\\"Multi-server McAfee Agent Compliance Summary\\\",\\r\\n\\t\\t\\t\\\"Multi-server McAfee Agent Compliance History\\\",\\r\\n\\t\\t\\t\\\"Repository Replication Trend for 2 Months\\\",\\r\\n\\t\\t\\t\\\"Failed logon Attempts in Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Successful logon Attempts in Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Server Configurations by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Software Configurations by user (30 days)\\\",\\r\\n\\t\\t\\t\\\"Configuration Changes by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Malware Detection History\\\",\\r\\n\\t\\t\\t\\\"Applied Policies for McAfee Agent \\\",\\r\\n\\t\\t\\t\\\"Applied Policies by Policy Name\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Change History by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Agent Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Agent Communication Summary\\\",\\r\\n\\t\\t\\t\\\"Systems with High Sequence Errors\\\",\\r\\n\\t\\t\\t\\\"Systems with no Recent Sequence Errors\\\",\\r\\n\\t\\t\\t\\\"Unmanaged Systems\\\",\\r\\n\\t\\t\\t\\\"Software Manager Failed Installs\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"Client Task Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Product Deployment in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Agent Uninstalls Attempted in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Failed Product Deployment in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Failed Product Updates in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Product Updates in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Distributed Repository Status\\\",\\r\\n\\t\\t\\t\\\"New Agents Added to ePO per Week\\\",\\r\\n\\t\\t\\t\\\"Most Numerous Threat Event Descriptions\\\",\\r\\n\\t\\t\\t\\\"Threat Events by System Tree Group\\\",\\r\\n\\t\\t\\t\\\"Threat Event Descriptions in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Product Update Successes and Failures Trend for the last 2 Months\\\",\\r\\n\\t\\t\\t\\\"Inactive Agents\\\",\\r\\n\\t\\t\\t\\\"Systems per Agent Handler\\\",\\r\\n\\t\\t\\t\\\"Agent Handler Status\\\",\\r\\n\\t\\t\\t\\\"Threat Events in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"Managed Nodes Having Point Product Policy Enforcement Failures\\\",\\r\\n\\t\\t\\t\\\"Managed Nodes Having Point Product Property Collection Failures\\\",\\r\\n\\t\\t\\t\\\"Repository Usage Based On DAT and Engine Pulling\\\",\\r\\n\\t\\t\\t\\\"Repositories and Percentage Utilization\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Web Content Categories that Caused the Most Infections in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Rating\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Downloads by Rating\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Red Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Yellow Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Unrated Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Blocked Red Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Warned-Continued Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Blocked Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Sites on Block List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Sites on Allow List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visit Log\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Downloads by Action\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Download Log\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Red Sites on Allow List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top Sites Grouped by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Warned-Cancelled Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Action\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Red Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Yellow Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Unrated Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Action Grouped by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Failed User Actions in McAfee ePO Console within Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per type (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per rule set (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Installation Status Report\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Threats Detected in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Threats Detected in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Summary of Threats Detected in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Summary of Threats Detected in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Primary Vectors of Attack in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top Infected Users in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top Threats in the Last 48 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Duration before Detection on Endpoints in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top 10 Attacking Systems in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Currently Enabled Technology\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Self Protection Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Policy Compliance by Computer Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Policy Compliance by Policy Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Applications with the Most Exploits in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Duration of Completed Full Scans in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Duration of Completed Quick Scans in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last Month\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Access Protection Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: AMCore Content Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Exploit Prevention Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Access Scan Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Exploit Prevention Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Detection Response Summary\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Threats Detected Over the Previous 2 Quarters\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Computers with the Most Detections\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Detected Threats\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Access Protection Rules Broken\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Threat Count by Severity\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Users with the Most Detections\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Threats Per Threat Category\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Threat Sources\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Exploits Prevented\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Access Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Demand Full Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Demand Quick Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Right-Click Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"DLP: Distribution of DLP products on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Storage Scan Current Status\\\",\\r\\n\\t\\t\\t\\\"DLP: Policy distribution\\\",\\r\\n\\t\\t\\t\\\"DLP: Enforced Rule Sets per endpoint computers\\\",\\r\\n\\t\\t\\t\\\"DLP: Bypassed users\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Intrusion events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events from McAfee GTI in the last 6 months\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Traffic block events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Count of Firewall Client Rules\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process/Port Range\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process/User\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Protocol/System Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Errors\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Executions Deleting Items\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Items Deleted By Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Used Suspicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Suspicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Suspicious Files Created\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Used Monitored Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Monitored Files\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: False Positive Mitigation Events\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Monitored Files Created\\\",\\r\\n\\t\\t\\t\\\"Recently Used ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"TIE Server Connectivity\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Server Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Agent Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Platform Version\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Current Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Sensitive Files\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Errors\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Sensitive Files\\\",\\r\\n\\t\\t\\t\\\"DLP: Privileged Users\\\",\\r\\n\\t\\t\\t\\\"DLP: Chrome Support Summary\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Certificates by GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Malicious or Unidentified Certificates by GTI Reputation from Last Month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Certificates by Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"Recently Used CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Client Interface Logon Audit Log \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Locked Client Systems Due to Failed Password Attempts\\\",\\r\\n\\t\\t\\t\\\"MCP: Endpoint Install Success/Failed events in last month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Broker Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Recently Used Overrides\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events in the last 24 hours- copy\\\",\\r\\n\\t\\t\\t\\\"Security Incidents (last 14 days) \\\",\\r\\n\\t\\t\\t\\\"OS Distribution\\\",\\r\\n\\t\\t\\t\\\"Data Centers\\\",\\r\\n\\t\\t\\t\\\"Application Reputation\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Boot Attestation Status of Hypervisors\\\",\\r\\n\\t\\t\\t\\\"AV protection by product \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Report\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan Report\\\",\\r\\n\\t\\t\\t\\\"Security Incidents (last 14 days) \\\",\\r\\n\\t\\t\\t\\\"OS Distribution\\\",\\r\\n\\t\\t\\t\\\"Data Centers\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Instance Assessment Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"vCenter Asset Management Report\\\",\\r\\n\\t\\t\\t\\\"TIE Server GTI Refresh\\\",\\r\\n\\t\\t\\t\\\"TIE Server Database Size\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Overrides\\\",\\r\\n\\t\\t\\t\\\"ATD Reputations\\\",\\r\\n\\t\\t\\t\\\"ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"Most Prevalent ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"New ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"CTD Reputations\\\",\\r\\n\\t\\t\\t\\\"CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Most Prevalent CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"New CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Redundant Trusted Overrides\\\",\\r\\n\\t\\t\\t\\\"Redundant Suspicious Overrides\\\",\\r\\n\\t\\t\\t\\\"Conflicting Suspicious Overrides\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Operational events per day\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Version\\\",\\r\\n\\t\\t\\t\\\"Conflicting Trusted Overrides\\\",\\r\\n\\t\\t\\t\\\"Unsigned Unknown Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Unsigned Unknown Files Usage\\\",\\r\\n\\t\\t\\t\\\"Unsigned Unknown Files by Company\\\",\\r\\n\\t\\t\\t\\\"Most Active Parents of Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Most Monitored Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Most Active Endpoints\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files per Certificate Subject\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files by Company\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files by Product\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Status\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Operation mode\\\",\\r\\n\\t\\t\\t\\\"DLP: Operational events per type\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per day (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per severity (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"TIETest01\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Errors\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP: Undefined Device Classes (for Windows Devices)\\\",\\r\\n\\t\\t\\t\\\"DLP: Policy revision distribution\\\",\\r\\n\\t\\t\\t\\\"DLP: Chrome unsupported versions \\\",\\r\\n\\t\\t\\t\\\"TIE Server Certificates with Changed GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Top 10 Systems with New Certificates from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Files by GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Malicious or Unidentified Files by GTI Reputation from Last Month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Files by Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"TIE Server Files with Changed GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Top 10 Systems with New Files from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Trending Summary\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Criteria Effectiveness\\\",\\r\\n\\t\\t\\t\\\"TIE Server Used Malicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Malicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Malicious Files Created\\\",\\r\\n\\t\\t\\t\\\"Usage Metering Report\\\",\\r\\n\\t\\t\\t\\\"Data Protection Per Cloud VM\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Extra.DAT Signatures\\\"\\r\\n\\t\\t]\"",
"description": "\"[\\r\\n\\t\\t\\t\\\"Shows all permissions for each user\\\",\\r\\n\\t\\t\\t\\\"Shows the permissions associated with each permission set\\\",\\r\\n\\t\\t\\t\\\"Shows the permission sets associated with each principal\\\",\\r\\n\\t\\t\\t\\\"Displays a table of all failed actions within the last 30 days from the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of detections within the last 24 hours organized by detecting product.\\\",\\r\\n\\t\\t\\t\\\"Displays a bar chart of your managed systems organized by top-level System Tree group.\\\",\\r\\n\\t\\t\\t\\\"Lists all system names that appear in multiple System Tree locations.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.\\\",\\r\\n\\t\\t\\t\\\"Displays the percentage of systems (over time) in your environment which are compliant. Uses the \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" query to determine compliance. The \\\\\\\"Generate Records for McAfee Compliance History Reporting\\\\\\\" server task is used to record the daily compliance percentage.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of systems across all registered servers which are compliant or noncompliant by version of McAfee Agent.\\\",\\r\\n\\t\\t\\t\\\"Displays the percentage of systems (over time) across all registered server which are compliant.\\\",\\r\\n\\t\\t\\t\\\"Shows a multi-line chart with the total number of successful and unsuccessful replications per week for the last 2 months.\\\",\\r\\n\\t\\t\\t\\\"Displays a list grouped by user of all failed logon attempts in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a list grouped by user of all successful logon attempts in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all server configuration actions in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all software configuration actions in the last 30 days as recorded in the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all actions considered configuration changes in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a line chart of the number of internal virus detections over the past quarter.\\\",\\r\\n\\t\\t\\t\\\"Displays a group summary table of all applied policies for McAfee agent grouped by category.\\\",\\r\\n\\t\\t\\t\\\"Displays a list of all applied policies and the number of times each policy has been applied.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all policy assignments in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.\\\",\\r\\n\\t\\t\\t\\\"Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.\\\",\\r\\n\\t\\t\\t\\\"Lists the systems with sequence errors older than 1 week. These systems probably do not have duplicate agent GUIDs and can have their error count reset.\\\",\\r\\n\\t\\t\\t\\\"List all unmanaged systems.\\\",\\r\\n\\t\\t\\t\\\"Lists all Software Manager failed installs.\\\",\\r\\n\\t\\t\\t\\\"Lists all points of broken inheritance for policy assignments other than My Organization. \\\",\\r\\n\\t\\t\\t\\\"List all applied client tasks grouped by product.\\\",\\r\\n\\t\\t\\t\\\"Lists all points in the tree where client task assignment inheritance has been broken, grouped by task name.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart of all product deployments in the last 24 hours. Successful deployments are shown in green.\\\",\\r\\n\\t\\t\\t\\\"Displays a single line chart grouped by day of all Agent uninstall client events in the last 7 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a bar chart grouped by hour all the failed product deployments in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart off all product updates in the last 24 hours. Successful updates are shown in green.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.\\\",\\r\\n\\t\\t\\t\\\"Great query during a rollout or tracking the number of new agents showing up in ePO on daily, weekly or monthly basis.\\\",\\r\\n\\t\\t\\t\\\"Shows the most numerous threat events found.\\\",\\r\\n\\t\\t\\t\\\"This is a breakdown of threat events by where they reside in the system tree. The goal is to show an admin what groups are being hit with malware more than others are. This can help pinpoint where an organization needs to improve their security strategy.\\\",\\r\\n\\t\\t\\t\\\"Groups, totals, and charts the number of different threat events that occurred in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Shows multi-line chart of the total number of product updates successes and failures on a weekly basis for the last 2 months.\\\",\\r\\n\\t\\t\\t\\\"McAfee Agents that have not communicated with the ePolicy Orchestrator Server in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of managed systems each slice representing an agent handler.\\\",\\r\\n\\t\\t\\t\\\"Agent handler communication status within the last hour.\\\",\\r\\n\\t\\t\\t\\\"This chart shows the trend of threat event generation for the last 2 weeks.\\\",\\r\\n\\t\\t\\t\\\"Displays a single group bar chart showing all managed nodes where policy enforcement is failing for at least one of the point products.\\\",\\r\\n\\t\\t\\t\\\"Displays a single group bar chart showing all managed nodes where property collection is failing for at least one of the point products.\\\",\\r\\n\\t\\t\\t\\\"Displays the amount of DAT and Engine pulling per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.\\\",\\r\\n\\t\\t\\t\\\"This is the Web Control Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Web Content Categories with the most infections in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Web Control.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of visits over the last 30 days, grouped by site rating.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of visits over the last 30 days, grouped by site content.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of downloads over the last 30 days, grouped by file rating.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 yellow sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 unrated sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites that were blocked over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were warned-continued over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were blocked over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites blocked because of Block List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites allowed because of Allow List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Detailed event log of site navigation activity over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of downloads over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Detailed event log of download activity over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites allowed because of Allow List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top sites grouped by content over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were warned-cancelled over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of visits over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 yellow downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 unrated downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of visits to each content category over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Displays a table of all failed actions within the last 30 days from the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per type\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per rule set\\\",\\r\\n\\t\\t\\t\\\"This is a stacked bar chart of multiple modules and their installation status\\\",\\r\\n\\t\\t\\t\\\"The number of threat events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"The number of threat events in the last seven days.\\\",\\r\\n\\t\\t\\t\\\"Summary of threats that have been detected in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Summary of threats that have been detected in the last seven days.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Primary Vectors of Attack in the last 7 days.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Top Infected Users in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Top Threats in the Last 48 Hours\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration before Detection on Endpoints in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"This report lists the top 10 attacking systems in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the technologies that are currently enabled on each system\\\",\\r\\n\\t\\t\\t\\\"This is the Self Protection Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"Displays two lists of computers which do and do not have the latest policies applied.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart showing which policies have and have not been updated on the clients.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Endpoint Security Platform.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Applications with the Most Exploits in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration of Completed Full Scans in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration of Completed Quick Scans in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the number of systems that have not completed a Full Scan in the last 7 days but within the last month\\\",\\r\\n\\t\\t\\t\\\"This report lists the number of systems that have not completed a Full Scan in the last month\\\",\\r\\n\\t\\t\\t\\\"This is the Access Protection Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the AMCore Content Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the Exploit Prevention Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the On-Access Scan Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the Content Status Report for Threat Prevention.\\\",\\r\\n\\t\\t\\t\\\"This is the Content Status Report for the Exploit Prevention feature.\\\",\\r\\n\\t\\t\\t\\\"Displays the number of threats on which an action was taken (cleaned, deleted) versus the number of threats on which no action was taken, in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the threats detected over the previous two quarters. No cookies.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten computers with the most detections in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten detected threats in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten most frequently broken access protection rules in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Slice count is the number of events. Slices are the different event severities. All in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Top 10 user with the most detections in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten threats per threat category over the last three months. Grouped by threat category, then threat name.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten computers which are the source of a threat in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten exploits prevented in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Threat Prevention.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Access Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Demand Full Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Demand Quick Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for Right-Click Scans.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the Distribution of DLP products on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the current status of Local Email Storage endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes policy distribution\\\",\\r\\n\\t\\t\\t\\\"This report summarizes enforced Rule Sets per endpoint computer\\\",\\r\\n\\t\\t\\t\\\"This report lists Bypassed users\\\",\\r\\n\\t\\t\\t\\\"The number of intrusion events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"The number of firewall events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Displays events generated by system within McAfee GTI in the last 6 months.\\\",\\r\\n\\t\\t\\t\\\"The number of traffic block events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Status\\\",\\r\\n\\t\\t\\t\\\"Displays where Firewall protection is enabled or disabled on managed systems.\\\",\\r\\n\\t\\t\\t\\\"Displays the number of Firewall client rules created over time.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process and port range.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process and user.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by protocol and system name.\\\",\\r\\n\\t\\t\\t\\\"Displays managed systems where the Firewall feature is enabled by policy but didn't start successfully.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Firewall.\\\",\\r\\n\\t\\t\\t\\\"Summarize how many cleanup executions deleted items.\\\",\\r\\n\\t\\t\\t\\\"Summary of the number of items deleted by week during cleanup executions.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious most used files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recently used suspicious files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent suspicious files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Find monitored files most used from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recently used monitored files from last month.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"False Positive Mitigation Events for the last 30 days\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent monitored files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Find used ATD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by DXL connectivity.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by TIE server version.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by agent version.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by TIE platform version.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the current status of Local File System endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest status of Local File System endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans sensitive files\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans errors\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans classifications\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest status of Local Email endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans sensitive files\\\",\\r\\n\\t\\t\\t\\\"This report summarizes privileged users\\\",\\r\\n\\t\\t\\t\\\"This report summarizes Chrome support\\\",\\r\\n\\t\\t\\t\\\"Find all certificates created last week and aggregate by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all Malicious or Unidentified Certificates by GTI Reputation from Last Month.\\\",\\r\\n\\t\\t\\t\\\"Find all certificates and aggregate by enterprise reputation.\\\",\\r\\n\\t\\t\\t\\\"Find used CTD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Lists the failed client interface logon attempts by user for all managed systems.\\\",\\r\\n\\t\\t\\t\\\"Lists locked client systems due to multiple failed password attempts.\\\",\\r\\n\\t\\t\\t\\\"This query displays computers which successfully installed the MCP Endpoint or failed installing the MCP Endpoint in the last month\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by DXL broker version.\\\",\\r\\n\\t\\t\\t\\\"Find used overridden files from last month.\\\",\\r\\n\\t\\t\\t\\\"The number of firewall events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Security Incidents in last 14 days\\\",\\r\\n\\t\\t\\t\\\"OS Distribution for VMs discovered by McAfee Data Center\\\",\\r\\n\\t\\t\\t\\\"All registered Data Centers\\\",\\r\\n\\t\\t\\t\\\"Application Reputation\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Boot Attestation Status of all ESX Hypervisors in the Data Center\\\",\\r\\n\\t\\t\\t\\\"AV protection by product\\\",\\r\\n\\t\\t\\t\\\"Specifies the protection status of the endpoints.\\\",\\r\\n\\t\\t\\t\\\"Specifies the last scan details of the endpoints.\\\",\\r\\n\\t\\t\\t\\\"Security Incidents in last 14 days\\\",\\r\\n\\t\\t\\t\\\"OS Distribution for VMs discovered by McAfee Data Center\\\",\\r\\n\\t\\t\\t\\\"All registered Data Centers\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Instance assessment based on Agentless Firewall\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"Specifies the protection status of vSphere endpoints\\\",\\r\\n\\t\\t\\t\\\"Find refreshed files from last month.\\\",\\r\\n\\t\\t\\t\\\"Shows database size from last month.\\\",\\r\\n\\t\\t\\t\\\"Find new files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find new overrides from last month.\\\",\\r\\n\\t\\t\\t\\\"Find ATD submissions split by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find ATD sample submissions during last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent ATD submissions.\\\",\\r\\n\\t\\t\\t\\\"Find new ATD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find CTD submissions split by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find CTD sample submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent CTD submissions.\\\",\\r\\n\\t\\t\\t\\\"Find new CTD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find trusted file overrides having similar GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious file overrides having similar GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious file overrides with conflicting GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of operational events per day\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client version installed on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"Find trusted file overrides with conflicting GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find unknown files that are not signed from last month.\\\",\\r\\n\\t\\t\\t\\\"Find unsigned unknown files per composite reputation and group them by their first and last access.\\\",\\r\\n\\t\\t\\t\\\"Find Unsigned Unknown Files by company from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the most active parent Files of Unknown Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the 10 most monitored Unknown Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the 10 systems that reported the largest number of New Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find signed unknown files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find files split by certificate subject and SHA-1.\\\",\\r\\n\\t\\t\\t\\\"Find signed Unknown Files by company from last month.\\\",\\r\\n\\t\\t\\t\\\"Find signed Unknown Files by product from last month.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client status on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client operational mode on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the number of DLP operational events per type\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per day\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per severity\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans errors\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans classifications\\\",\\r\\n\\t\\t\\t\\\"This report summarizes undefined device classes for windows devices only\\\",\\r\\n\\t\\t\\t\\\"This report summarizes policy revision distribution\\\",\\r\\n\\t\\t\\t\\\"This report displays unsupported Chrome versions\\\",\\r\\n\\t\\t\\t\\\"Find all certificates where the GTI reputation changed last week.\\\",\\r\\n\\t\\t\\t\\\"Find top 10 systems with new certificates last week.\\\",\\r\\n\\t\\t\\t\\\"Find all files created last week and aggregate by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all Malicious or Unidentified Files by GTI Reputation from Last Month.\\\",\\r\\n\\t\\t\\t\\\"Find all files and aggregate by enterprise reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all files where the GTI reputation changed last week.\\\",\\r\\n\\t\\t\\t\\\"Find top 10 systems with new files last week.\\\",\\r\\n\\t\\t\\t\\\"Show cleanup trending summary.\\\",\\r\\n\\t\\t\\t\\\"Display the number of executions that delete items versus those that don't delete items.\\\",\\r\\n\\t\\t\\t\\\"Find malicious files by composite reputation from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recent malicious files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent malicious files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Provides McAfee product usage report.\\\",\\r\\n\\t\\t\\t\\\"The number data protected v/s unprotected volumes attached to per VM.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events in Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last Quarter\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Content Status\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Extra.DAT Signature Names\\\"\\r\\n\\t\\t]\"",
"conditionSexp": "\"[\\r\\n\\t\\t\\t\\\"Permission Does not equal \\\\\\\"%%NOEPOROLES%%\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Managed\\\",\\r\\n\\t\\t\\t\\\"System Name Is duplicated \\\",\\r\\n\\t\\t\\t\\\"Last Communication Is within the last 1 Days\\\",\\r\\n\\t\\t\\t\\\"(Query Used to Generate Compliance Event Equals \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" and Compliance Check Time Is within the last 1 Years)\\\",\\r\\n\\t\\t\\t\\\"Last Communication Is within the last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"(Query Used to Generate Compliance Event Equals \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" and Compliance Check Time Is within the last 1 Years)\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"Repository Replication\\\\\\\" and Completion Time Is within the last 2 Months)\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"Logon attempt\\\\\\\" and Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Completion Time Is within the last 1 Months and Action Equals \\\\\\\"Logon attempt\\\\\\\" and Success Equals True)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Add Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Add License Key\\\\\\\" or Action Equals \\\\\\\"Backup Keystore\\\\\\\" or Action Equals \\\\\\\"Change Password\\\\\\\" or Action Equals \\\\\\\"Change Registered Server\\\\\\\" or Action Equals \\\\\\\"Create Key\\\\\\\" or Action Equals \\\\\\\"Delete Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Delete Key\\\\\\\" or Action Equals \\\\\\\"Delete Server\\\\\\\" or Action Equals \\\\\\\"Download Keystore File\\\\\\\" or Action Equals \\\\\\\"Edit Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Edit event filtering settings\\\\\\\" or Action Equals \\\\\\\"Export Agent Handler Rule\\\\\\\" or Action Equals \\\\\\\"Export Key\\\\\\\" or Action Equals \\\\\\\"Export Public Key\\\\\\\" or Action Equals \\\\\\\"Import Agent Handler Rule\\\\\\\" or Action Equals \\\\\\\"Import Key\\\\\\\" or Action Equals \\\\\\\"Modify server ports\\\\\\\" or Action Equals \\\\\\\"New Server\\\\\\\" or Action Equals \\\\\\\"Restore Keystore\\\\\\\" or Action Equals \\\\\\\"Set master key\\\\\\\" or Action Equals \\\\\\\"Update Server Certificate\\\\\\\") and Completion Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Upload Extension\\\\\\\" or Action Equals \\\\\\\"Uninstall Extension\\\\\\\" or Action Equals \\\\\\\"Install Extension\\\\\\\" or Action Equals \\\\\\\"Check-in package\\\\\\\" or Action Equals \\\\\\\"Delete package\\\\\\\" or Action Equals \\\\\\\"Repository Pull\\\\\\\" or Action Equals \\\\\\\"Add repository\\\\\\\" or Action Equals \\\\\\\"Edit repository\\\\\\\" or Action Equals \\\\\\\"Delete repository\\\\\\\" or Action Equals \\\\\\\"Repository Replication\\\\\\\" or Action Equals \\\\\\\"Change credentials\\\\\\\" or Action Equals \\\\\\\"Import repository\\\\\\\" or Action Equals \\\\\\\"Check in software package\\\\\\\" or Action Equals \\\\\\\"Delete Software Package\\\\\\\") and Completion Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Backup Keystore\\\\\\\" or Action Equals \\\\\\\"Export Key\\\\\\\" or Action Equals \\\\\\\"Import Key\\\\\\\" or Action Equals \\\\\\\"Add Permission Set\\\\\\\" or Action Equals \\\\\\\"Duplicate Permission Set\\\\\\\" or Action Equals \\\\\\\"Modify Permission Set\\\\\\\" or Action Equals \\\\\\\"New User\\\\\\\" or Action Equals \\\\\\\"Update User\\\\\\\" or Action Equals \\\\\\\"Change Password\\\\\\\" or Action Equals \\\\\\\"Remove User\\\\\\\" or Action Equals \\\\\\\"Change Permission Sets for User\\\\\\\" or Action Equals \\\\\\\"Purge Audit Log\\\\\\\" or Action Equals \\\\\\\"Purge Threat Event Log\\\\\\\") and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event Category Belongs to Malware and Event Generated Time Is within the last 1 Quarters)\\\",\\r\\n\\t\\t\\t\\\"Product Equals McAfee Agent \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Assign policy\\\\\\\" or Action Equals \\\\\\\"Remove policy assignment\\\\\\\" or Action Equals \\\\\\\"Add policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Delete policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Edit policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Edit Policy Assignment Rule Priority\\\\\\\") and Start Time Is within the last 1 Months and User Name Does not equal \\\\\\\"system\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Sequence Errors Greater than 25 \\\",\\r\\n\\t\\t\\t\\\"(Last Sequence Error Is not within the last 1 Weeks and Sequence Errors Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Unmanaged\\\",\\r\\n\\t\\t\\t\\\"((Status Equals Failed or Status Equals ?) and Name Starts with \\\\\\\"Check In Components\\\\\\\" and Source Equals Software Catalog)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Event ID Equals 2411 or Event ID Equals 2412 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2413 and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2412 and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2402 and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Event ID Equals 2401 or Event ID Equals 2402 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"Type Equals Distributed\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"New system\\\\\\\" and Completion Time Is before now)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Event Category Does not belong to Operational\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 2402 , 2401 and Event Generated Time Is within the last 2 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last Communication Is not within the last 1 Months and Managed State Equals Managed)\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Managed\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Category Does not belong to Operational and Event Received Time Is within the last 2 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Policy Enforcement Status Equals 0 and Event ID Equals 2422 )\\\",\\r\\n\\t\\t\\t\\\"(Property Collection Status Equals 0 and Event ID Equals 2427 )\\\",\\r\\n\\t\\t\\t\\\"(Event Type Equals \\\\\\\"DAT\\\\\\\" or Event Type Equals \\\\\\\"Engine\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"((Event Type Does not equal \\\\\\\"Plugin\\\\\\\" and Event Type Does not equal \\\\\\\"Uninstall\\\\\\\") and Error Code Equals Deployment/Update Successful and Site Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Web Control Hotfixes Value is not blank \\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan))\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Yellow and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Unknown rating type and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Action Equals Blocked and Rating Equals Red and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and Action Equals Warned-continued and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Action Equals Blocked and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Reason Equals On a list and List Type Equals Prohibited and Action Equals Blocked and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Reason Equals On a list and List Type Equals Authorized and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued) and Reason Equals On a list and List Type Equals Authorized and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Action Equals Warned-cancelled and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Yellow and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Unknown rating type and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35104 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35105 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35107 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Blocked and Event ID Is any of 35104 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Allowed and Event ID Is any of 35105 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Cleaned and Event ID Is any of 35107 )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35102 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35103 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35106 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 ) and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Threat Name Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Threat Name Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Does not equal 34928 and Event Generated Time Is within the last 2 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Product Equals Endpoint Security Common or Product Equals Endpoint Security Threat Prevention or Product Equals Endpoint Security Firewall or Product Equals Endpoint Security Web Control )\\\",\\r\\n\\t\\t\\t\\\"(Product Equals Endpoint Security Common or Product Equals Endpoint Security Threat Prevention or Product Equals Endpoint Security Firewall or Product Equals Endpoint Security Web Control )\\\",\\r\\n\\t\\t\\t\\\"ESP Hotfix Value is not blank \\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Is any of 18051 , 18052 , 18053 , 18054 , 18055 , 18056 )\\\",\\r\\n\\t\\t\\t\\\"On-Demand Full Scan Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"On-Demand Quick Scan Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"(On-Demand Full Scan Date Is not within the last 1 Weeks and On-Demand Full Scan Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(On-Demand Full Scan Date Is not within the last 1 Months or On-Demand Full Scan Date Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(OS Type Starts with \\\\\\\"Windows\\\\\\\" or OS Type Starts with \\\\\\\"Linux\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"OS Type Starts with \\\\\\\"Windows\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"OS Type Starts with \\\\\\\"Windows\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 3 Months and Event Category Does not belong to Operational and Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Does not equal 34928 and Module Name Equals Threat Prevention)\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 2 Quarters and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Event ID Equals 1092 or Event ID Equals 1095 ))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Threat Source Host Name Does not equal \\\\\\\"_\\\\\\\" and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Event ID Equals 18051 or Event ID Equals 18052 or Event ID Equals 18053 or Event ID Equals 18054 or Event ID Equals 18055 or Event ID Equals 18056 ))\\\",\\r\\n\\t\\t\\t\\\"Threat Prevention Hotfix Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Policy Enforcement Mode Equals Policy Bypassed\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Equals 35001 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Is any of 35000 , 35001 , 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Analyzer McAfee GTI Query Equals True and Module Name Equals Firewall) and Event Generated Time Is within the last 6 Months)\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Equals 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(LeafNodeId Greater than or equals 1 and Last Changed Is before now)\\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"Firewall Status Equals Enabled\\\",\\r\\n\\t\\t\\t\\\"Firewall Hotfixes Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Cleanup Date Is before now\\\",\\r\\n\\t\\t\\t\\\"((Composite Reputation Equals Most Likely Malicious or Composite Reputation Equals Might be Malicious) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and (Composite Reputation Equals Might be Malicious or Composite Reputation Equals Most Likely Malicious))\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and (Composite Reputation Equals Might be Malicious or Composite Reputation Equals Most Likely Malicious))\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and Composite Reputation Equals Unknown)\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Would Block and Event ID Is any of 35102 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Allowed and Event ID Is any of 35103 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Would Clean and Event ID Is any of 35106 )\\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35105 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35103 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35107 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35106 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 , 35105 , 35107 , 35112 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 , 35103 , 35106 , 35111 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 , 35105 , 35107 , 35112 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 , 35103 , 35106 , 35111 \\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 34928 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and Composite Reputation Equals Unknown)\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"User Privileged Permissions Equals Monitor Only\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI Certificate and Created Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"((Reputation Equals Known Malicious or Reputation Equals Might be Malicious or Reputation Equals Most Likely Malicious or Reputation Equals Unknown or Reputation Equals Not Set) and Created Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals Enterprise Certificate and Reputation Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Max Fail Attempt Count Does not equal 0 and Count of Failed Attempts Does not equal 0 )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 2412 , 2411 and Event Type Equals \\\\\\\"Install\\\\\\\" and Product Name Equals \\\\\\\"MCPAGENT1000\\\\\\\" and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\" and Product Version (McAfee DXL Broker) Greater than or equals \\\\\\\"1\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Value is not blank and Enterprise Reputation Does not equal Not Set) and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Is any of 35000 , 35001 , 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Tags Tag Contains \\\\\\\"dc_vm_auto\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Has tag \\\\\\\"\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"(Node Type Equals \\\\\\\"Hypervisor\\\\\\\" and Property Name Equals \\\\\\\"trustattestation\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"AV Protection By Does not equal Unprotected\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Tags Tag Contains \\\\\\\"dc_vm_auto\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Vendor Equals VMware vSphere\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Value is not blank and GTI Reputation Does not equal Not Set) and Refresh Date Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"Cleanup Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"First contact Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Value is not blank and Enterprise Reputation Does not equal Not Set) and Refresh Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"ATD Reputation Value is not blank \\\",\\r\\n\\t\\t\\t\\\"Refresh Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and Refresh Date Is within the last 3 Months)\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"CTD Reputation Value is not blank \\\",\\r\\n\\t\\t\\t\\\"Refresh Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and Refresh Date Is within the last 3 Months)\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Equals Known Trusted Installer or GTI Reputation Equals Known Trusted or GTI Reputation Equals Most Likely Trusted or GTI Reputation Equals Might be Trusted) and (Enterprise Reputation Equals Known Trusted Installer or Enterprise Reputation Equals Known Trusted or Enterprise Reputation Equals Most Likely Trusted or Enterprise Reputation Equals Might be Trusted))\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Equals Known Malicious or GTI Reputation Equals Most Likely Malicious or GTI Reputation Equals Might be Malicious) and (Enterprise Reputation Equals Known Malicious or Enterprise Reputation Equals Most Likely Malicious or Enterprise Reputation Equals Might be Malicious))\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Equals Known Malicious or Enterprise Reputation Equals Most Likely Malicious or Enterprise Reputation Equals Might be Malicious) and (GTI Reputation Equals Known Trusted Installer or GTI Reputation Equals Known Trusted or GTI Reputation Equals Most Likely Trusted or GTI Reputation Equals Might be Trusted))\\\",\\r\\n\\t\\t\\t\\\"Insertion Time (UTC) Is within the last 4 Weeks\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Equals Known Trusted Installer or Enterprise Reputation Equals Known Trusted or Enterprise Reputation Equals Most Likely Trusted or Enterprise Reputation Equals Might be Trusted) and (GTI Reputation Equals Might be Malicious or GTI Reputation Equals Most Likely Malicious or GTI Reputation Equals Known Malicious))\\\",\\r\\n\\t\\t\\t\\\"(((Composite Reputation Equals Unknown or Composite Reputation Equals Not Set) and Certificate SHA-1 Value is blank ) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 6 Months and Composite Reputation Equals Unknown and Last access Is within the last 1 Weeks and Certificate SHA-1 Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(File Parent Value is not blank and Composite Reputation Equals Unknown and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Local Reputation Count Greater than 10 )\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(((Composite Reputation Equals Unknown or Composite Reputation Equals Not Set) and Certificate SHA-1 Value is not blank and Enterprise Count Greater than 0 ) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank and Composite Reputation Equals Unknown and Enterprise Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Undefined Device Classes List Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Is Chrome Version supported Equals Unsupported\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI Certificate and Modified Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI File and Create Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(((Reputation Equals Known Malicious or Reputation Equals Might be Malicious or Reputation Equals Most Likely Malicious or Reputation Equals Unknown or Reputation Equals Not Set) and Reputation Provider Equals GTI File) and Create Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals Enterprise File and Reputation Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI File and Modified Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Executed Equals 1 \\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Known Malicious and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and Composite Reputation Equals Known Malicious)\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Known Malicious and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Usage Month Is within the last 6 Months and Cloud Provider Does not equal \\\\\\\"vCenter.vendor\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Days and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Weeks and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Months and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Quarters and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\"",
"groupName": "\"[\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"New Group\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"New Group\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\"\\r\\n\\t\\t]\"",
"userName": "\"[\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\"\\r\\n\\t\\t]\"",
"databaseType": "\"[\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\"",
"target": "\"[\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EpoComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_Computers\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_ComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTask\\\",\\r\\n\\t\\t\\t\\\"EPOBrokenInherintanceView\\\",\\r\\n\\t\\t\\t\\\"EPOTaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"EPOTaskBrokenInheritAssignments\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPORepositoryStatus\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOAgentHandlers\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EndpointInstallationStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"AM_EndpointTechnologyStatus_View\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ProductDistributionAllView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"ClientUILockOutStatusTable_view\\\",\\r\\n\\t\\t\\t\\\"ClientUICurrentLockOutStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"SCOR_VW_INV_APPS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SCAN_REPORT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"ASSESSMENT_DASHBOARD_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_certificate_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"USAGE_METERING_ALF_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_DPC_VM_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\"\\r\\n\\t\\t]\"",
"createdBy": "\"[\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\"\\r\\n\\t\\t]\"",
"createdOn": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:41-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:37-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:39-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:49-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:58:11-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:58:08-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:59-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:00-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:44-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:18:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T11:48:13-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:40-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:40-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:41-08:00\\\"\\r\\n\\t\\t]\"",
"modifiedBy": "\"[\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\"\\r\\n\\t\\t]\"",
"modifiedOn": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:41-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
ID | NAME | DESCRIPTION | CONDITIONSEXP | GROUPNAME | USERNAME | DATABASETYPE | TARGET | CREATEDBY | CREATEDON | MODIFIEDBY | MODIFIEDON |
---|---|---|---|---|---|---|---|---|---|---|---|
1 | Effective permissions for users | Shows all permissions for each user | Permission Does not equal ";%%NOEPOROLES%%"; | Permissions | Public | EntitlementView | admin | 2/14/2018 1:00:39 PM | admin | 2/14/2018 1:00:39 PM | |
2 | Permission set details | Shows the permissions associated with each permission set | Permissions | Public | EntitlementView | admin | 2/14/2018 1:00:41 PM | admin | 2/14/2018 1:00:41 PM | ||
3 | Permission set membership | Shows the permission sets associated with each principal | Permissions | Public | EntitlementView | admin | 2/14/2018 1:00:41 PM | admin | 2/14/2018 1:00:41 PM | ||
4 | Failed User Actions in ePO Console within Last 30 Days | Displays a table of all failed actions within the last 30 days from the Audit Log. | (Success Equals False and Start Time Is within the last 1 Months) | User Auditing | Public | OrionAuditLog | admin | 2/14/2018 1:04:19 PM | admin | 2/14/2018 1:04:19 PM | |
5 | Today's Detections per Product | Displays a pie chart of detections within the last 24 hours organized by detecting product. | (Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational) | Detections and Compliance | Public | EPOEvents | admin | 2/14/2018 1:04:19 PM | admin | 2/14/2018 1:04:19 PM | |
6 | Systems per Top-Level Group | Displays a bar chart of your managed systems organized by top-level System Tree group. | Managed State Equals Managed | System Management | Public | EPOLeafNode | admin | 5/23/2019 8:54:41 PM | admin | 5/23/2019 8:54:41 PM | |
7 | Duplicate Systems Names | Lists all system names that appear in multiple System Tree locations. | System Name Is duplicated | System Management | Public | EPOLeafNode | admin | 2/14/2018 1:04:20 PM | admin | 2/14/2018 1:04:20 PM | |
8 | McAfee Agent Compliance Summary | Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent. | Last Communication Is within the last 1 Days | Detections and Compliance | Public | EPOLeafNode | admin | 5/23/2019 8:54:40 PM | admin | 5/23/2019 8:54:40 PM |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Query failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Query failed. Status Code: 401. Message: Unauthorized. |
List Repository
Retrieves a list of all repositories.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "*****-AD",
"spipeServerName": "*****-AD",
"uploadCredDomain": "",
"repositoryPort": *****,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "*****-AD",
"repositoryType": 2,
"location": "D3Lab-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"SAServerDNS": "",
"disableV1DATReplication": false,
"spipeServerDNS": null,
"repositoryTypeString": "master",
"useAnonCreds": false,
"downloadCredPassword": "",
"downloadCredDomain": "",
"lockType": 0,
"enabled": true,
"uncUseLoggedOnUser": false,
"uncOrder": "1",
"protocol": 1,
"lockedBy": "",
"softwareInclusionList": [],
"uploadCredUsername": "",
"spipeVersion": "4.5.0",
"SAServerNetbios": "",
"protocolString": "SpipeSite",
"disableFullDATReplication": false,
"replicationUNC": "",
"SAServerIP": "",
"addressType": null,
"autoID": 3,
"softwareExclusionList": null,
"repositoryTypeAsString": null,
"repositoryName": "*****-AD",
"spipeServerName": "*****-AD",
"uploadCredDomain": "",
"repositoryPort": 80,
"downloadPasswordEncrypted": true,
"httpUseAuth": false,
"downloadCredUsername": "",
"includeAllSoftware": true,
"repositoryId": "*****-AD",
"repositoryType": 2,
"location": "D3Lab-AD/Software",
"updateExclusionList": true,
"spipeServerIP": "1.1.1.1",
"uploadCredPassword": "",
"fallback": false,
"repliPasswordEncrypted": true
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[\\r\\n {\\r\\n \\\"SAServerDNS\\\": \\\"\\\",\\r\\n \\\"disableV1DATReplication\\\": false,\\r\\n \\\"spipeServerDNS\\\": null,\\r\\n \\\"repositoryTypeString\\\": \\\"master\\\",\\r\\n \\\"useAnonCreds\\\": false,\\r\\n \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n \\\"lockType\\\": 0,\\r\\n \\\"enabled\\\": true,\\r\\n \\\"uncUseLoggedOnUser\\\": false,\\r\\n \\\"uncOrder\\\": \\\"1\\\",\\r\\n \\\"protocol\\\": 1,\\r\\n \\\"lockedBy\\\": \\\"\\\",\\r\\n \\\"softwareInclusionList\\\": [],\\r\\n \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n \\\"protocolString\\\": \\\"SpipeSite\\\",\\r\\n \\\"disableFullDATReplication\\\": false,\\r\\n \\\"replicationUNC\\\": \\\"\\\",\\r\\n \\\"SAServerIP\\\": \\\"\\\",\\r\\n \\\"addressType\\\": null,\\r\\n \\\"autoID\\\": 3,\\r\\n \\\"softwareExclusionList\\\": null,\\r\\n \\\"repositoryTypeAsString\\\": null,\\r\\n \\\"repositoryName\\\": \\\"ePO_McAfeeEPO510\\\",\\r\\n \\\"spipeServerName\\\": \\\"McAfeeEPO510\\\",\\r\\n \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n \\\"repositoryPort\\\": 80,\\r\\n \\\"downloadPasswordEncrypted\\\": true,\\r\\n \\\"httpUseAuth\\\": false,\\r\\n \\\"downloadCredUsername\\\": \\\"\\\",\\r\\n \\\"includeAllSoftware\\\": true,\\r\\n \\\"repositoryId\\\": \\\"ePO_McAfeeEPO510\\\",\\r\\n \\\"repositoryType\\\": 2,\\r\\n \\\"location\\\": \\\"McAfeeEPO510/Software\\\",\\r\\n \\\"updateExclusionList\\\": true,\\r\\n \\\"spipeServerIP\\\": \\\"192.168.87.109\\\",\\r\\n \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n \\\"fallback\\\": false,\\r\\n \\\"repliPasswordEncrypted\\\": true\\r\\n }\\r\\n]\"",
"disableV1DATReplication": "\"[\\r\\n \\r\\n false\\r\\n \\r\\n ]\"",
"location": "\"[\\r\\n \\r\\n \\\"*****-AD/Software\\\"\\r\\n \\r\\n ]\"",
"protocolString": "\"[\\r\\n \\r\\n \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
"repositoryId": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryName": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"repositoryPort": "\"[\\r\\n \\r\\n 80\\r\\n \\r\\n ]\"",
"repositoryType": "\"[\\r\\n \\r\\n 2\\r\\n \\r\\n ]\"",
"spipeServerIP": "\"[\\r\\n \\r\\n \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
"spipeServerName": "\"[\\r\\n \\r\\n \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
"spipeVersion": "\"\\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
SAServerDNS | disableV1DATReplication | spipeServerDNS | repositoryTypeString | useAnonCreds | downloadCredPassword | downloadCredDomain | lockType | enabled | uncUseLoggedOnUser | uncOrder | protocol | lockedBy | softwareInclusionList | uploadCredUsername | spipeVersion | SAServerNetbios | protocolString | disableFullDATReplication | replicationUNC | SAServerIP | addressType | autoID | softwareExclusionList | repositoryTypeAsString | repositoryName | spipeServerName | uploadCredDomain | repositoryPort | downloadPasswordEncrypted | httpUseAuth | downloadCredUsername | includeAllSoftware | repositoryId | repositoryType | location | updateExclusionList | spipeServerIP | uploadCredPassword | fallback | repliPasswordEncrypted |
False | master | False | 0 | True | False | 1 | 1 | [] | 4.5.0 | SpipeSite | False | 3 | ***-AD | ***-AD | 80 | True | False | True | ***-AD | 2 | ***-AD/Software | True | 1.1.1.1 | False | Tru |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Repository failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Repository failed. Status Code: 401. Message: Unauthorized. |
List Running Server Task
Retrieves a list of running server tasks.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
"<list id=""1""> <permissionSet id=""2"">
<name>Group Admin</name>
<roles>
<role>
<roleUri>role:repoRole.masterViewOnly</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.admin</roleUri>
</role>
<role>
<roleUri>role:core.dash.user</roleUri>
</role>
<role>
<roleUri>role:epo.core.modify.tree</roleUri>
</role>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:notes.fullPerms</roleUri>
</role>
<role>
<roleUri>role:epo.core.deploy.agent</roleUri>
</role>
<role>
<roleUri>role:core.audit.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:epo.core.wakeup.agent</roleUri>
</role>
<role>
<roleUri>role:epo.core.tag.assign</roleUri>
</role>
<role>
<roleUri>role:notes.overRide</roleUri>
</role>
<role>
<roleUri>role:epo.core.tagcat.user</roleUri>
</role>
<role>
<roleUri>role:core.query.user</roleUri>
</role>
<role>
<roleUri>role:ubpRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:ahRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:repoRole.distViewOnly</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""3"">
<name>Group Reviewer</name>
<roles>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:notes.viewOnly</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:response.rule.user</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""4"">
<name>Executive Reviewer</name>
<roles>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:epo.dir.access</roleUri>
<customRoleInfo roleFactoryId=""epo.dir"">
<systems>
<system>\</system>
</systems>
</customRoleInfo>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""5"">
<name>Group McAfee Investigator FW</name>
<roles>
<role>
<roleUri>role:copperfieldFw.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""6"">
<name>MCP Catalog Admin</name>
<roles>
<role>
<roleUri>role:MCPSRVER1000.MCPSRVER1000.admin</roleUri>
</role>
<role>
<roleUri>role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT</roleUri>
</role>
<role>
<roleUri>role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT</roleUri>
</role>
<role>
<roleUri>role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile=</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""7"">
<name>Group Active Response Editor</name>
<roles>
<role>
<roleUri>role:mar-server.collectorRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.admin</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""8"">
<name>Group Active Response Responder</name>
<roles>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""9"">
<name>Group Active Response Workspace Monitor</name>
<roles>
<role>
<roleUri>role:mar-server.searchRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-workspace.workspace.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.read</roleUri>
</role>
<role>
<roleUri>role:tie.viewer</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""10"">
<name>Group Active Response Workspace Responder</name>
<roles>
<role>
<roleUri>role:mar-server.reactionRole.write</roleUri>
</role>
<role>
<roleUri>role:tie.manager</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-workspace.workspace.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.run</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""11"">
<name>Global Reviewer</name>
<roles>
<role>
<roleUri>role:ENDP_FW_META.ENDP_FW_META_FW.reviewer</roleUri>
</role>
<role>
<roleUri>role:EPOAGENTMETA.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MVEDR___META.MVEDR___META.reviewer</roleUri>
</role>
<role>
<roleUri>role:DLPPS___1000.DLPPS___1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:MVEDR___META.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
<role>
<roleUri>role:issue.auditor?type=issue.type.untyped</roleUri>
</role>
<role>
<roleUri>role:TIEMGMT_META.TIEMGMT_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:assessment.assessment.reviewer</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:DXLCLNT_META.DXLCLNT_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:softman.viewOnly</roleUri>
</role>
<role>
<roleUri>role:ENDP_WP_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:ENDP_GS_1000.ENDP_GS_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.dir.access</roleUri>
<customRoleInfo roleFactoryId=""epo.dir"">
<systems>
<system>\</system>
</systems>
</customRoleInfo>
</role>
<role>
<roleUri>role:ENDP_AM_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:EPOAGENTMETA.EPOAGENTMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:ahRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:rs.user</roleUri>
</role>
<role>
<roleUri>role:core.audit.reviewer</roleUri>
</role>
<role>
<roleUri>role:DXLBROKRMETA.DXLBROKRMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:ENDP_AM_1000.ENDP_AM_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:TIEClientMETA.TIEClientMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:rollup.execute</roleUri>
</role>
<role>
<roleUri>role:UDLPSRVR2013.UDLPSRVR2013.reviewer</roleUri>
</role>
<role>
<roleUri>role:TELEMTRY1000.TELEMTRY1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:MCPSRVER1000.MCPSRVER1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:ENDP_WP_1000.ENDP_WP_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:ubpRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:repoRole.distViewOnly</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:notes.viewOnly</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:repoRole.masterViewOnly</roleUri>
</role>
<role>
<roleUri>role:ENDP_GS_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MCA_____1000.MCA_____1000.reviewer</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""12"">
<name>TestPermissonSets</name>
<roles>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
</roles>
</permissionSet>
</list>
"
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
"<list id=""1""> <permissionSet id=""2"">
<name>Group Admin</name>
<roles>
<role>
<roleUri>role:repoRole.masterViewOnly</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.admin</roleUri>
</role>
<role>
<roleUri>role:core.dash.user</roleUri>
</role>
<role>
<roleUri>role:epo.core.modify.tree</roleUri>
</role>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:notes.fullPerms</roleUri>
</role>
<role>
<roleUri>role:epo.core.deploy.agent</roleUri>
</role>
<role>
<roleUri>role:core.audit.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:epo.core.wakeup.agent</roleUri>
</role>
<role>
<roleUri>role:epo.core.tag.assign</roleUri>
</role>
<role>
<roleUri>role:notes.overRide</roleUri>
</role>
<role>
<roleUri>role:epo.core.tagcat.user</roleUri>
</role>
<role>
<roleUri>role:core.query.user</roleUri>
</role>
<role>
<roleUri>role:ubpRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:ahRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:repoRole.distViewOnly</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""3"">
<name>Group Reviewer</name>
<roles>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:notes.viewOnly</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:response.rule.user</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""4"">
<name>Executive Reviewer</name>
<roles>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:epo.dir.access</roleUri>
<customRoleInfo roleFactoryId=""epo.dir"">
<systems>
<system>\</system>
</systems>
</customRoleInfo>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""5"">
<name>Group McAfee Investigator FW</name>
<roles>
<role>
<roleUri>role:copperfieldFw.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""6"">
<name>MCP Catalog Admin</name>
<roles>
<role>
<roleUri>role:MCPSRVER1000.MCPSRVER1000.admin</roleUri>
</role>
<role>
<roleUri>role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT</roleUri>
</role>
<role>
<roleUri>role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT</roleUri>
</role>
<role>
<roleUri>role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile=</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""7"">
<name>Group Active Response Editor</name>
<roles>
<role>
<roleUri>role:mar-server.collectorRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.admin</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""8"">
<name>Group Active Response Responder</name>
<roles>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""9"">
<name>Group Active Response Workspace Monitor</name>
<roles>
<role>
<roleUri>role:mar-server.searchRole.read</roleUri>
</role>
<role>
<roleUri>role:mar-workspace.workspace.read</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.read</roleUri>
</role>
<role>
<roleUri>role:tie.viewer</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""10"">
<name>Group Active Response Workspace Responder</name>
<roles>
<role>
<roleUri>role:mar-server.reactionRole.write</roleUri>
</role>
<role>
<roleUri>role:tie.manager</roleUri>
</role>
<role>
<roleUri>role:mar-server.collectorRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.triggerRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-workspace.workspace.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.searchRole.write</roleUri>
</role>
<role>
<roleUri>role:mar-server.reactionRole.run</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""11"">
<name>Global Reviewer</name>
<roles>
<role>
<roleUri>role:ENDP_FW_META.ENDP_FW_META_FW.reviewer</roleUri>
</role>
<role>
<roleUri>role:EPOAGENTMETA.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MVEDR___META.MVEDR___META.reviewer</roleUri>
</role>
<role>
<roleUri>role:DLPPS___1000.DLPPS___1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.core.view.tree</roleUri>
</role>
<role>
<roleUri>role:core.dash.viewer</roleUri>
</role>
<role>
<roleUri>role:MVEDR___META.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
<role>
<roleUri>role:issue.auditor?type=issue.type.untyped</roleUri>
</role>
<role>
<roleUri>role:TIEMGMT_META.TIEMGMT_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:assessment.assessment.reviewer</roleUri>
</role>
<role>
<roleUri>role:MARCOBA_META.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:DXLCLNT_META.DXLCLNT_META.reviewer</roleUri>
</role>
<role>
<roleUri>role:softman.viewOnly</roleUri>
</role>
<role>
<roleUri>role:ENDP_WP_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:ENDP_GS_1000.ENDP_GS_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.dir.access</roleUri>
<customRoleInfo roleFactoryId=""epo.dir"">
<systems>
<system>\</system>
</systems>
</customRoleInfo>
</role>
<role>
<roleUri>role:ENDP_AM_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:EPOAGENTMETA.EPOAGENTMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:ahRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:rs.user</roleUri>
</role>
<role>
<roleUri>role:core.audit.reviewer</roleUri>
</role>
<role>
<roleUri>role:DXLBROKRMETA.DXLBROKRMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:core.query.guest</roleUri>
</role>
<role>
<roleUri>role:ENDP_AM_1000.ENDP_AM_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:TIEClientMETA.TIEClientMETA.reviewer</roleUri>
</role>
<role>
<roleUri>role:rollup.execute</roleUri>
</role>
<role>
<roleUri>role:UDLPSRVR2013.UDLPSRVR2013.reviewer</roleUri>
</role>
<role>
<roleUri>role:TELEMTRY1000.TELEMTRY1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:core.addressbook.guest</roleUri>
</role>
<role>
<roleUri>role:MCPSRVER1000.MCPSRVER1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:ENDP_WP_1000.ENDP_WP_1000.reviewer</roleUri>
</role>
<role>
<roleUri>role:epo.productevents.view</roleUri>
</role>
<role>
<roleUri>role:ubpRole.viewOnly</roleUri>
</role>
<role>
<roleUri>role:repoRole.distViewOnly</roleUri>
</role>
<role>
<roleUri>role:epo.event.view</roleUri>
</role>
<role>
<roleUri>role:notes.viewOnly</roleUri>
</role>
<role>
<roleUri>role:scheduler.view</roleUri>
</role>
<role>
<roleUri>role:repoRole.masterViewOnly</roleUri>
</role>
<role>
<roleUri>role:ENDP_GS_1000.tasks.reviewer</roleUri>
</role>
<role>
<roleUri>role:MCA_____1000.MCA_____1000.reviewer</roleUri>
</role>
</roles>
</permissionSet>
<permissionSet id=""12"">
<name>TestPermissonSets</name>
<roles>
<role>
<roleUri>role:response.rule.admin</roleUri>
</role>
</roles>
</permissionSet>
</list>
"
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[]\"",
"description": "\"[]\"",
"enabled": "\"[]\"",
"endDate": "\"[]\"",
"id": "\"[]\"",
"name": "\"[]\"",
"nextRunTime": "\"[]\"",
"startDate": "\"[]\"",
"valid": "\"[]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
"; Group Admin role:repoRole.masterViewOnly role:epo.core.view.tree role:core.addressbook.admin role:core.dash.user role:epo.core.modify.tree role:response.rule.admin role:epo.productevents.view role:scheduler.view role:notes.fullPerms role:epo.core.deploy.agent role:core.audit.reviewer role:epo.event.view role:epo.core.wakeup.agent role:epo.core.tag.assign role:notes.overRide role:epo.core.tagcat.user role:core.query.user role:ubpRole.viewOnly role:ahRole.viewOnly role:repoRole.distViewOnly Group Reviewer role:core.addressbook.guest role:core.dash.viewer role:epo.productevents.view role:scheduler.view role:epo.event.view role:notes.viewOnly role:core.query.guest role:epo.core.view.tree role:response.rule.user Executive Reviewer role:epo.productevents.view role:core.query.guest role:epo.dir.access \ role:core.dash.viewer role:core.addressbook.guest role:epo.event.view Group McAfee Investigator FW role:copperfieldFw.write MCP Catalog Admin role:MCPSRVER1000.MCPSRVER1000.admin role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile= Group Active Response Editor role:mar-server.collectorRole.write role:mar-server.triggerRole.write role:mar-server.searchRole.write role:MARCOBA_META.MARCOBA_META.admin role:mar-server.reactionRole.write Group Active Response Responder role:MARCOBA_META.MARCOBA_META.reviewer role:mar-server.reactionRole.read role:mar-server.collectorRole.read role:mar-server.triggerRole.read role:mar-server.searchRole.write Group Active Response Workspace Monitor role:mar-server.searchRole.read role:mar-workspace.workspace.read role:mar-server.collectorRole.read role:tie.viewer Group Active Response Workspace Responder role:mar-server.reactionRole.write role:tie.manager role:mar-server.collectorRole.write role:mar-server.triggerRole.write role:mar-workspace.workspace.write role:mar-server.searchRole.write role:mar-server.reactionRole.run Global Reviewer role:ENDP_FW_META.ENDP_FW_META_FW.reviewer role:EPOAGENTMETA.tasks.reviewer role:MVEDR___META.MVEDR___META.reviewer role:DLPPS___1000.DLPPS___1000.reviewer role:epo.core.view.tree role:core.dash.viewer role:MVEDR___META.tasks.reviewer role:MARCOBA_META.MARCOBA_META.reviewer role:response.rule.admin role:issue.auditor?type=issue.type.untyped role:TIEMGMT_META.TIEMGMT_META.reviewer role:assessment.assessment.reviewer role:MARCOBA_META.tasks.reviewer role:DXLCLNT_META.DXLCLNT_META.reviewer role:softman.viewOnly role:ENDP_WP_1000.tasks.reviewer role:ENDP_GS_1000.ENDP_GS_1000.reviewer role:epo.dir.access \ role:ENDP_AM_1000.tasks.reviewer role:EPOAGENTMETA.EPOAGENTMETA.reviewer role:ahRole.viewOnly role:rs.user role:core.audit.reviewer role:DXLBROKRMETA.DXLBROKRMETA.reviewer role:core.query.guest role:ENDP_AM_1000.ENDP_AM_1000.reviewer role:TIEClientMETA.TIEClientMETA.reviewer role:rollup.execute role:UDLPSRVR2013.UDLPSRVR2013.reviewer role:TELEMTRY1000.TELEMTRY1000.reviewer role:core.addressbook.guest role:MCPSRVER1000.MCPSRVER1000.reviewer role:ENDP_WP_1000.ENDP_WP_1000.reviewer role:epo.productevents.view role:ubpRole.viewOnly role:repoRole.distViewOnly role:epo.event.view role:notes.viewOnly role:scheduler.view role:repoRole.masterViewOnly role:ENDP_GS_1000.tasks.reviewer role:MCA_____1000.MCA_____1000.reviewer TestPermissonSets
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Running Server Task failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Running Server Task failed. Status Code: 401. Message: Unauthorized. |
List Sub Task History
Retrieves a list of subtask history based on the provided task log ID.
Reader Note
Task Log ID is a required parameter to run this command.
Run the List Running Server Task command to obtain Task Log ID. Task Log IDs can be found in the returned raw data at the path $[*].taskLogId.
Input
Input Parameter | Required/Optional | Description | Example |
Task Log ID | Required | The ID of the task log to retrieve corresponding subtask history. Task log IDs can be obtained using the List Running Server Task command. | 8*****7 |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"name": "Send DXL Event",
"startDate": "2019-11-25T14:07:50-08:00",
"endDate": "2019-11-25T14:07:50-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"name": "Send Email",
"startDate": "2019-11-25T14:07:50-08:00",
"endDate": "2019-11-25T14:07:50-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"name": "Send DXL Event",
"startDate": "2019-11-25T14:07:50-08:00",
"endDate": "2019-11-25T14:07:50-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"name": "Send Email",
"startDate": "2019-11-25T14:07:50-08:00",
"endDate": "2019-11-25T14:07:50-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[\\r\\n {\\r\\n \\\"name\\\": \\\"Computer Name: DXL\\\",\\r\\n \\\"startDate\\\": \\\"2022-12-06T13:08:48-08:00\\\",\\r\\n \\\"endDate\\\": \\\"2022-12-08T14:00:01-08:00\\\",\\r\\n \\\"userName\\\": \\\"admin\\\",\\r\\n \\\"status\\\": \\\"Failed\\\",\\r\\n \\\"taskSource\\\": \\\"runNowTaskSource\\\",\\r\\n \\\"duration\\\": \\\"48 hours 51 minutes\\\"\\r\\n }\\r\\n]\"",
"duration": "\"[\\r\\n \\r\\n \\\"Less than a minute\\\",\\r\\n \\r\\n \\\"Less than a minute\\\"\\r\\n \\r\\n ]\"",
"endDate": "\"[\\r\\n \\r\\n \\\"2019-11-25T14:07:50-08:00\\\",\\r\\n \\r\\n \\\"2019-11-25T14:07:50-08:00\\\"\\r\\n \\r\\n ]\"",
"name": "\"[\\r\\n \\r\\n \\\"Send DXL Event\\\",\\r\\n \\r\\n \\\"Send Email\\\"\\r\\n \\r\\n ]\"",
"startDate": "\"[\\r\\n \\r\\n \\\"2019-11-25T14:07:50-08:00\\\",\\r\\n \\r\\n \\\"2019-11-25T14:07:50-08:00\\\"\\r\\n \\r\\n ]\"",
"status": "\"[\\r\\n \\r\\n \\\"Completed\\\",\\r\\n \\r\\n \\\"Completed\\\"\\r\\n \\r\\n ]\"",
"taskSource": "\"[\\r\\n \\r\\n \\\"response\\\",\\r\\n \\r\\n \\\"response\\\"\\r\\n \\r\\n ]\"",
"userName": "\"[\\r\\n \\r\\n \\\"system\\\",\\r\\n \\r\\n \\\"system\\\"\\r\\n \\r\\n ]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
name | startDate | endDate | userName | status | taskSource | duration |
Send Email | 11/25/2019 2:07:50 PM | 11/25/2019 2:07:50 PM | system | Completed | response | Less than a minute |
Send DXL Event | 11/25/2019 2:07:50 PM | 11/25/2019 2:07:50 PM | system | Completed | response | Less than a minute |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Sub Task History failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: 'taskLogId' must be an integer less than 9223372036854775808. |
Error Sample Data List Sub Task History failed. Status Code: 400. Message: 'taskLogId' must be an integer less than 9223372036854775808. |
List Table
Retrieves a list of all tables.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"name": "workloaddetailVcenter.table.name",
"target": "workloaddetailVcenter",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------ ------- ---------- -------- ------ -------\r\n id int True True False True True \r\n ePOLeafNodeId int True True False True True \r\n status string True True False True False \r\n",
"relatedTables": "\r\n Name\r\n -------------\r\n sasvmsetting\r\n vminfovcenter\r\n ePOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \r\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \r\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \r\n"
},
{
"name": "Network discovery scan error",
"target": "UDLP_Operational_NetworkDiscoveryFailure_Archive",
"type": "join",
"databaseType": "",
"description": "Network discovery scan error details",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- -------------------- ------- ---------- -------- ------ -------\r\n EventID long False False False True True \r\n ScanUsername udlp_searchable_text True True True True False \r\n Reason enum True True True True False \r\n ReasonDetails string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "DLP Data at Rest (Endpoint) Incidents History",
"target": "UDLP_EPD_Incidents_Archive",
"type": "join",
"databaseType": "",
"description": "All incidents related to data at rest (Endpoint)",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------------ -------------------------------- ------- ---------- -------- ------ -------\r\n IncidentId long True True True True True \r\n OriginalIncidentId long True True True True True \r\n IncidentType enum True True True True False \r\n ViolationLocalTime udlp_abstimestamp_endpoint_col True True True True False \r\n ViolationTimezone string_lookup True True True True False \r\n ViolationUTCTime udlp_abstimestamp_col True True True True False \r\n ViolationCustomTime udlp_abstimestamp_withoffset_col True True True True False \r\n ComputerID int False False False True True \r\n UserID int False False False True True \r\n Severity enum True True True True False \r\n StatusId udlp_common_status_col True True True True False \r\n ResolutionId udlp_common_resolution_col True True True True False \r\n Reviewer udlp_reviewer_col True True True True False \r\n McAfeeAgentGuid udlp_searchable_text True True True True False \r\n DlpAgentVersion string_lookup True True True True False \r\n EvidenceCount int True True True True True \r\n TotalMatchCount int True True True True True \r\n TotalContentSize udlp_kilo_col True True True True True \r\n PolicyInfoId int False False False True True \r\n ClassificationsToDisplay string True False False True False \r\n RulesToDisplay string True False True True False \r\n RuleSetToDisplay string True False True True False \r\n ConnectivityState enum True True True True False \r\n ActualAction enum True True True True False \r\n ExpectedAction enum True True True True False \r\n FailureReason enum True True True True False \r\n LastUpdateTimestamp udlp_abstimestamp_col True True True True False \r\n ReportingProduct enum True True True True False \r\n ShortMatchString udlp_contains_words_col True False False True False \r\n",
"relatedTables": "\r\n Name\r\n -----------------------------------------\r\n UDLP_EPD_IncidentDiscoverySummary_Archive\r\n UDLP_EventComputers\r\n UDLP_EventUsers\r\n UDLP_EPD_IncidentLabelsView_Archive\r\n UDLP_EPD_IncidentRules_Archive\r\n UDLP_EPD_IncidentEvidences_Archive\r\n UDLP_IncidentResolutions\r\n UDLP_EPD_IncidentExport\r\n UDLP_IncidentStatuses\r\n UDLP_EventPolicyInfo\r\n UDLP_EPD_IncidentClassification_Archive\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------------- ------------------- --------------- ----------- ------------\r\n UDLP_EPD_Incidents_Archive ComputerID UDLP_EventComputers ID False False True \r\n UDLP_EPD_Incidents_Archive UserID UDLP_EventUsers UserId False False True \r\n UDLP_EPD_Incidents_Archive StatusId UDLP_IncidentStatuses StatusID False False True \r\n UDLP_EPD_Incidents_Archive ResolutionId UDLP_IncidentResolutions ResolutionID False False True \r\n UDLP_EPD_Incidents_Archive PolicyInfoId UDLP_EventPolicyInfo PolicyInfoId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentRules_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentLabelsView_Archive LabelIncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentDiscoverySummary_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentEvidences_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentClassification_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentExport IncidentId False False True \r\n"
},
{
"name": "groupinfo.table.name",
"target": "groupinfo",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------ ------- ---------- -------- ------ -------\r\n GROUP_NAME string True False False True False \r\n AUTO_ID int True True False True True \r\n PARENT_ID int False True False True True \r\n ACCOUNT_ID int False True False True True \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "epoproductproperties.table.name",
"target": "epoproductproperties",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------ ------- ---------- -------- ------ -------\r\n ParentID int True True False True True \r\n ProductCode string True True False True False \r\n ProductVersion string True True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "McAfee Active Response Server Properties",
"target": "EPOProdPropsView_MARSERVER",
"type": "join",
"databaseType": "",
"description": "McAfee Active Response Server Properties",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------- -------------- ------- ---------- -------- ------ -------\r\n LeafNodeID int False False False True True \r\n ProductPropertiesID int False False False True True \r\n ProductFamily string False False False True False \r\n FamilyDispName string False False False True False \r\n ProductCode string False False False True False \r\n productversion productVersion True True True True False \r\n language string_enum True True True True False \r\n hotfix string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -----------\r\n EPOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n EPOProdPropsView_MARSERVER LeafNodeID EPOLeafNode AutoID False True False \r\n"
},
{
"name": "Resolutions",
"target": "UDLP_IncidentResolutions",
"type": "join",
"databaseType": "",
"description": "Resolutions",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------------------ ------- ---------- -------- ------ -------\r\n ResolutionID long False False False True True \r\n ResolutionKey udlp_fk_lookup_col True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "DLP Discovery Scans",
"target": "UDLP_DiscoveryScansRegDocView",
"type": "join",
"databaseType": "",
"description": "Status of Discovery scans",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- --------------------- ------- ---------- -------- ------ -------\r\n ScanId string False False False True False \r\n Name string_lookup True True True True False \r\n ServerName string_lookup False True False True False \r\n ServerMachineName string_lookup False True False True False \r\n StartTime udlp_abstimestamp_col True True True True False \r\n EndTime udlp_abstimestamp_col True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Mobile Device Information",
"target": "UDLP_IncidentMobileDevice_Archive",
"type": "join",
"databaseType": "",
"description": "Mobile Device Information",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------------- -------------------- ------- ---------- -------- ------ -------\r\n IncidentId long False False False True True \r\n MobileDeviceID udlp_searchable_text True True True True False \r\n MobileOs enum True True True True False \r\n MobileUserAgent udlp_searchable_text True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Manual Registration Documents Classification",
"target": "UDLP_RegisterDocumentsClassification",
"type": "join",
"databaseType": "",
"description": "Manual Registration Documents Classification",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------ ------------- ------- ---------- -------- ------ -------\r\n RegDocID int False False False True True \r\n ClassificationID string False False False True False \r\n ClassificationName string_lookup False True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "McAfee Threat Intelligence Exchange Server Roll-up Properties",
"target": "EPORollup_ProductPropertiesTIE",
"type": "join",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------------------ ------- ---------- -------- ------ -------\r\n ServerId non_arithmetic_int False False False True False \r\n ParentId non_arithmetic_int False False False True False \r\n ExternalId non_arithmetic_int False False False True False \r\n productversion productVersion True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -------------------\r\n EpoRollup_Computers\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------------------------ ----------------- ------------------- ------------------- --------------- ----------- ------------\r\n EPORollup_ProductPropertiesTIE ServerId,ParentId EpoRollup_Computers ServerId,ExternalId False True False \r\n"
},
{
"name": "vpcflowLog.table.name",
"target": "vpcflowLog",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------------- ------ ------- ---------- -------- ------ -------\r\n AUTO_ID int True True False True True \r\n LATEST_TRAFFIC_END_TIME string True True False True False \r\n EPO_LEAF_NODE_ID int True True False True True \r\n ANALYSIS int True True False True True \r\n FROMTO_ADDRESS string True True False True False \r\n FROMTO_PORT int True True False True True \r\n NUMBER_OF_OCCURANCES int True True False True True \r\n TRAFFIC_TYPE int True True False True True \r\n TRAFFIC_ACTION int True True False True True \r\n IS_NEW int True True False True True \r\n",
"relatedTables": "\r\n Name\r\n --------------\r\n gridthreatlist\r\n ePOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------ -------------- ----------------- ------------------- --------------- ----------- ------------\r\n vpcflowLog EPO_LEAF_NODE_ID ePOLeafNode AutoID False False True \r\n vpcflowLog AUTO_ID gridthreatlist VPC_FLOWLOG_ID False False True \r\n"
},
{
"name": "AWS Volume Properties",
"target": "MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid",
"type": "target",
"databaseType": "",
"description": "Volume properties specific to Volume from Amazon Web Service ",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- ------ ------- ---------- -------- ------ -------\r\n VOLUME_AUTO_ID int False False False True True \r\n instance_device string True True True True False \r\n reserved_for_root string True True True True False \r\n snapshot_id string True True True True False \r\n tags string True True True True False \r\n volume_size string True True True True False \r\n volume_state string True True True True False \r\n create_time string True True True True False \r\n volume_type string True True True True False \r\n encryption_status string True True True True False \r\n alias_key_name string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -----------\r\n MDCC_VOLUME\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid VOLUME_AUTO_ID MDCC_VOLUME AUTO_ID False True False \r\n"
},
{
"name": "Events received from managed systems",
"target": "EPOEventFilterDesc",
"type": "join",
"databaseType": "",
"description": "Retrieves information about Threat Events sent from managed systems.",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------- ------------------------- ------- ---------- -------- ------ -------\r\n EventId eventIdInt False False False True True \r\n Name string_lookupWithResolver True True True True False \r\n Language string False False False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Label ",
"target": "UDLP_OperationalLabelInfoView_Archive",
"type": "join",
"databaseType": "",
"description": "Label ",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------- -------------- ------- ---------- -------- ------ -------\r\n EventId long True False False True True \r\n LabelName udlp_oneToMany False True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Task Log Entries",
"target": "OrionTaskLogTask",
"type": "target",
"databaseType": "",
"description": "Allows you to query upon log entries created by a top-level task.",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------------- ------- ---------- -------- ------ -------\r\n Id long False False False True True \r\n Name string_lookup True True True True False \r\n StartDate timestamp True True True True False \r\n EndDate timestamp True True True True False \r\n UserName string_lookup True True True True False \r\n Status enum True True True True False \r\n TaskSource string_enum True True True True False \r\n Duration long True False False True False \r\n TenantId int False False False True True \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"name": "workloaddetailVcenter.table.name",
"target": "workloaddetailVcenter",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------ ------- ---------- -------- ------ -------\r\n id int True True False True True \r\n ePOLeafNodeId int True True False True True \r\n status string True True False True False \r\n",
"relatedTables": "\r\n Name\r\n -------------\r\n sasvmsetting\r\n vminfovcenter\r\n ePOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \r\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \r\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \r\n"
},
{
"name": "Network discovery scan error",
"target": "UDLP_Operational_NetworkDiscoveryFailure_Archive",
"type": "join",
"databaseType": "",
"description": "Network discovery scan error details",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- -------------------- ------- ---------- -------- ------ -------\r\n EventID long False False False True True \r\n ScanUsername udlp_searchable_text True True True True False \r\n Reason enum True True True True False \r\n ReasonDetails string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "DLP Data at Rest (Endpoint) Incidents History",
"target": "UDLP_EPD_Incidents_Archive",
"type": "join",
"databaseType": "",
"description": "All incidents related to data at rest (Endpoint)",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------------ -------------------------------- ------- ---------- -------- ------ -------\r\n IncidentId long True True True True True \r\n OriginalIncidentId long True True True True True \r\n IncidentType enum True True True True False \r\n ViolationLocalTime udlp_abstimestamp_endpoint_col True True True True False \r\n ViolationTimezone string_lookup True True True True False \r\n ViolationUTCTime udlp_abstimestamp_col True True True True False \r\n ViolationCustomTime udlp_abstimestamp_withoffset_col True True True True False \r\n ComputerID int False False False True True \r\n UserID int False False False True True \r\n Severity enum True True True True False \r\n StatusId udlp_common_status_col True True True True False \r\n ResolutionId udlp_common_resolution_col True True True True False \r\n Reviewer udlp_reviewer_col True True True True False \r\n McAfeeAgentGuid udlp_searchable_text True True True True False \r\n DlpAgentVersion string_lookup True True True True False \r\n EvidenceCount int True True True True True \r\n TotalMatchCount int True True True True True \r\n TotalContentSize udlp_kilo_col True True True True True \r\n PolicyInfoId int False False False True True \r\n ClassificationsToDisplay string True False False True False \r\n RulesToDisplay string True False True True False \r\n RuleSetToDisplay string True False True True False \r\n ConnectivityState enum True True True True False \r\n ActualAction enum True True True True False \r\n ExpectedAction enum True True True True False \r\n FailureReason enum True True True True False \r\n LastUpdateTimestamp udlp_abstimestamp_col True True True True False \r\n ReportingProduct enum True True True True False \r\n ShortMatchString udlp_contains_words_col True False False True False \r\n",
"relatedTables": "\r\n Name\r\n -----------------------------------------\r\n UDLP_EPD_IncidentDiscoverySummary_Archive\r\n UDLP_EventComputers\r\n UDLP_EventUsers\r\n UDLP_EPD_IncidentLabelsView_Archive\r\n UDLP_EPD_IncidentRules_Archive\r\n UDLP_EPD_IncidentEvidences_Archive\r\n UDLP_IncidentResolutions\r\n UDLP_EPD_IncidentExport\r\n UDLP_IncidentStatuses\r\n UDLP_EventPolicyInfo\r\n UDLP_EPD_IncidentClassification_Archive\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------------- ------------------- --------------- ----------- ------------\r\n UDLP_EPD_Incidents_Archive ComputerID UDLP_EventComputers ID False False True \r\n UDLP_EPD_Incidents_Archive UserID UDLP_EventUsers UserId False False True \r\n UDLP_EPD_Incidents_Archive StatusId UDLP_IncidentStatuses StatusID False False True \r\n UDLP_EPD_Incidents_Archive ResolutionId UDLP_IncidentResolutions ResolutionID False False True \r\n UDLP_EPD_Incidents_Archive PolicyInfoId UDLP_EventPolicyInfo PolicyInfoId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentRules_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentLabelsView_Archive LabelIncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentDiscoverySummary_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentEvidences_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentClassification_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentExport IncidentId False False True \r\n"
},
{
"name": "groupinfo.table.name",
"target": "groupinfo",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------ ------- ---------- -------- ------ -------\r\n GROUP_NAME string True False False True False \r\n AUTO_ID int True True False True True \r\n PARENT_ID int False True False True True \r\n ACCOUNT_ID int False True False True True \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "epoproductproperties.table.name",
"target": "epoproductproperties",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------ ------- ---------- -------- ------ -------\r\n ParentID int True True False True True \r\n ProductCode string True True False True False \r\n ProductVersion string True True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "McAfee Active Response Server Properties",
"target": "EPOProdPropsView_MARSERVER",
"type": "join",
"databaseType": "",
"description": "McAfee Active Response Server Properties",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------- -------------- ------- ---------- -------- ------ -------\r\n LeafNodeID int False False False True True \r\n ProductPropertiesID int False False False True True \r\n ProductFamily string False False False True False \r\n FamilyDispName string False False False True False \r\n ProductCode string False False False True False \r\n productversion productVersion True True True True False \r\n language string_enum True True True True False \r\n hotfix string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -----------\r\n EPOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n EPOProdPropsView_MARSERVER LeafNodeID EPOLeafNode AutoID False True False \r\n"
},
{
"name": "Resolutions",
"target": "UDLP_IncidentResolutions",
"type": "join",
"databaseType": "",
"description": "Resolutions",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------------------ ------- ---------- -------- ------ -------\r\n ResolutionID long False False False True True \r\n ResolutionKey udlp_fk_lookup_col True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "DLP Discovery Scans",
"target": "UDLP_DiscoveryScansRegDocView",
"type": "join",
"databaseType": "",
"description": "Status of Discovery scans",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- --------------------- ------- ---------- -------- ------ -------\r\n ScanId string False False False True False \r\n Name string_lookup True True True True False \r\n ServerName string_lookup False True False True False \r\n ServerMachineName string_lookup False True False True False \r\n StartTime udlp_abstimestamp_col True True True True False \r\n EndTime udlp_abstimestamp_col True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Mobile Device Information",
"target": "UDLP_IncidentMobileDevice_Archive",
"type": "join",
"databaseType": "",
"description": "Mobile Device Information",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------------- -------------------- ------- ---------- -------- ------ -------\r\n IncidentId long False False False True True \r\n MobileDeviceID udlp_searchable_text True True True True False \r\n MobileOs enum True True True True False \r\n MobileUserAgent udlp_searchable_text True True True True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Manual Registration Documents Classification",
"target": "UDLP_RegisterDocumentsClassification",
"type": "join",
"databaseType": "",
"description": "Manual Registration Documents Classification",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------ ------------- ------- ---------- -------- ------ -------\r\n RegDocID int False False False True True \r\n ClassificationID string False False False True False \r\n ClassificationName string_lookup False True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "McAfee Threat Intelligence Exchange Server Roll-up Properties",
"target": "EPORollup_ProductPropertiesTIE",
"type": "join",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------------------ ------- ---------- -------- ------ -------\r\n ServerId non_arithmetic_int False False False True False \r\n ParentId non_arithmetic_int False False False True False \r\n ExternalId non_arithmetic_int False False False True False \r\n productversion productVersion True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -------------------\r\n EpoRollup_Computers\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------------------------ ----------------- ------------------- ------------------- --------------- ----------- ------------\r\n EPORollup_ProductPropertiesTIE ServerId,ParentId EpoRollup_Computers ServerId,ExternalId False True False \r\n"
},
{
"name": "vpcflowLog.table.name",
"target": "vpcflowLog",
"type": "target",
"databaseType": "",
"description": null,
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------------- ------ ------- ---------- -------- ------ -------\r\n AUTO_ID int True True False True True \r\n LATEST_TRAFFIC_END_TIME string True True False True False \r\n EPO_LEAF_NODE_ID int True True False True True \r\n ANALYSIS int True True False True True \r\n FROMTO_ADDRESS string True True False True False \r\n FROMTO_PORT int True True False True True \r\n NUMBER_OF_OCCURANCES int True True False True True \r\n TRAFFIC_TYPE int True True False True True \r\n TRAFFIC_ACTION int True True False True True \r\n IS_NEW int True True False True True \r\n",
"relatedTables": "\r\n Name\r\n --------------\r\n gridthreatlist\r\n ePOLeafNode\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------ -------------- ----------------- ------------------- --------------- ----------- ------------\r\n vpcflowLog EPO_LEAF_NODE_ID ePOLeafNode AutoID False False True \r\n vpcflowLog AUTO_ID gridthreatlist VPC_FLOWLOG_ID False False True \r\n"
},
{
"name": "AWS Volume Properties",
"target": "MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid",
"type": "target",
"databaseType": "",
"description": "Volume properties specific to Volume from Amazon Web Service ",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- ------ ------- ---------- -------- ------ -------\r\n VOLUME_AUTO_ID int False False False True True \r\n instance_device string True True True True False \r\n reserved_for_root string True True True True False \r\n snapshot_id string True True True True False \r\n tags string True True True True False \r\n volume_size string True True True True False \r\n volume_state string True True True True False \r\n create_time string True True True True False \r\n volume_type string True True True True False \r\n encryption_status string True True True True False \r\n alias_key_name string True True True True False \r\n",
"relatedTables": "\r\n Name\r\n -----------\r\n MDCC_VOLUME\r\n",
"foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid VOLUME_AUTO_ID MDCC_VOLUME AUTO_ID False True False \r\n"
},
{
"name": "Events received from managed systems",
"target": "EPOEventFilterDesc",
"type": "join",
"databaseType": "",
"description": "Retrieves information about Threat Events sent from managed systems.",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------- ------------------------- ------- ---------- -------- ------ -------\r\n EventId eventIdInt False False False True True \r\n Name string_lookupWithResolver True True True True False \r\n Language string False False False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Label ",
"target": "UDLP_OperationalLabelInfoView_Archive",
"type": "join",
"databaseType": "",
"description": "Label ",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------- -------------- ------- ---------- -------- ------ -------\r\n EventId long True False False True True \r\n LabelName udlp_oneToMany False True False True False \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
},
{
"name": "Task Log Entries",
"target": "OrionTaskLogTask",
"type": "target",
"databaseType": "",
"description": "Allows you to query upon log entries created by a top-level task.",
"columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------------- ------- ---------- -------- ------ -------\r\n Id long False False False True True \r\n Name string_lookup True True True True False \r\n StartDate timestamp True True True True False \r\n EndDate timestamp True True True True False \r\n UserName string_lookup True True True True False \r\n Status enum True True True True False \r\n TaskSource string_enum True True True True False \r\n Duration long True False False True False \r\n TenantId int False False False True True \r\n",
"relatedTables": "\r\n Name\r\n ----\r\n",
"foreignKeys": "None"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Output": "\"[[\\r\\n {\\r\\n \\\"name\\\": \\\"workloaddetailVcenter.table.name\\\",\\r\\n \\\"target\\\": \\\"workloaddetailVcenter\\\",\\r\\n \\\"type\\\": \\\"target\\\",\\r\\n \\\"databaseType\\\": \\\"\\\",\\r\\n \\\"description\\\": null,\\r\\n \\\"columns\\\": \\\"\\\\r\\\\n Name Type Select? Condition? GroupBy? Order? Number? \\\\r\\\\n ------------- ------ ------- ---------- -------- ------ -------\\\\r\\\\n id int True True False True True \\\\r\\\\n ePOLeafNodeId int True True False True True \\\\r\\\\n status string True True False True False \\\\r\\\\n\\\",\\r\\n \\\"relatedTables\\\": \\\"\\\\r\\\\n Name\\\\r\\\\n -------------\\\\r\\\\n sasvmsetting\\\\r\\\\n vminfovcenter\\\\r\\\\n ePOLeafNode\\\\r\\\\n\\\",\\r\\n \\\"foreignKeys\\\": \\\"\\\\r\\\\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \\\\r\\\\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\\\\r\\\\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \\\\r\\\\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \\\\r\\\\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \\\\r\\\\n\\\"\\r\\n }]\"",
"name": "\"[\\r\\n\\t\\t\\t\\\"workloaddetailVcenter.table.name\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"groupinfo.table.name\\\",\\r\\n\\t\\t\\t\\\"epoproductproperties.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"vpcflowLog.table.name\\\",\\r\\n\\t\\t\\t\\\"AWS Volume Properties\\\",\\r\\n\\t\\t\\t\\\"Events received from managed systems\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Task Log Entries\\\",\\r\\n\\t\\t\\t\\\"Discovery Scan Info\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Applied Policies\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Installations\\\",\\r\\n\\t\\t\\t\\\"Tag Usage\\\",\\r\\n\\t\\t\\t\\\"mgi1.table.name\\\",\\r\\n\\t\\t\\t\\\"Groups\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"DXL Client Status\\\",\\r\\n\\t\\t\\t\\\"Active Response System\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"epoTagAssignment.table.name\\\",\\r\\n\\t\\t\\t\\\"Computer Properties\\\",\\r\\n\\t\\t\\t\\\"sasvmsetting.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"DXLProdPropsView_DXLCLIENT.table.name\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Amazon Network Traffic Logs\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Servers\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents\\\",\\r\\n\\t\\t\\t\\\"kubelabelinfo.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Broker Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Systems\\\",\\r\\n\\t\\t\\t\\\"Amazon Web Service System Properties\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"vminfo.table.name\\\",\\r\\n\\t\\t\\t\\\"Azure Discovery Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Tag Restrictions\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"ePOLeafNode.table.name\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Events\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"DLP Endpoint Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Rules\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Instances\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Applied Policies\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents \\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"vminfoVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"OpenStack Cloud (Generic) system properties\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents History\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Rules\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Active Response Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Remediation Event Table\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Properties\\\",\\r\\n\\t\\t\\t\\\"workloadalerts.table.name\\\",\\r\\n\\t\\t\\t\\\"vmInfokubernetes.table.name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Repositories\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Properties\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Systems\\\",\\r\\n\\t\\t\\t\\\"Firewall Rule\\\",\\r\\n\\t\\t\\t\\\"Security Incidents\\\",\\r\\n\\t\\t\\t\\\"Web Control Events\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Systems\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedTargetsView\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Systems\\\",\\r\\n\\t\\t\\t\\\"DLP Case Management\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"VMware System Properties\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Scan Information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Properties\\\",\\r\\n\\t\\t\\t\\\"Agent Handlers\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Rolled-Up Events\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Systems\\\",\\r\\n\\t\\t\\t\\\"Registered Servers\\\",\\r\\n\\t\\t\\t\\\"Subtask Log Entries\\\",\\r\\n\\t\\t\\t\\\"discovery_file_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Firewall Client Rule Executables\\\",\\r\\n\\t\\t\\t\\\"workloaddetail_1.table.name\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Registered Cloud Account\\\",\\r\\n\\t\\t\\t\\\"Cloud system vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"RelayServer and SuperAgent Statistics Entries\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Endpoint Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Compliance History\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedSourcesView\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"discovery_classification_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Products Property\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"workloadDetailAwsAzure.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"Client Task Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Policies\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"Cloud system properties\\\",\\r\\n\\t\\t\\t\\\"Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.LocalNetwork\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Managed Systems\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Properties\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"System Health Indicator\\\",\\r\\n\\t\\t\\t\\\"Data at Rest (Endpoint) Incidents Rollup\\\",\\r\\n\\t\\t\\t\\\"Active Response Custom Events\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventResolution_Rollup\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"tagIssueCount.table.name\\\",\\r\\n\\t\\t\\t\\\"Client Events\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Properties\\\",\\r\\n\\t\\t\\t\\\"sassettingstatus.table.name\\\",\\r\\n\\t\\t\\t\\\"Capture search list\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"groupproperty.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Client interface logon audit log\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"mginf.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.RemoteNetwork\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Issues\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Properties\\\",\\r\\n\\t\\t\\t\\\"vmproperty.table.name\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"DLP Monitor Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Rolled-Up Threat Events\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Systems Per Product\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"epoTagVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Client Events\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Systems\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Azure Discovery Properties\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignmentVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_name\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Tag Groups\\\",\\r\\n\\t\\t\\t\\\"DLP Case Endpoint Discovery Incidents (Hidden)\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Properties\\\",\\r\\n\\t\\t\\t\\\"Server Keys\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"vmInfoawsazure.table.name\\\",\\r\\n\\t\\t\\t\\\"vminfoDetail.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Task Log Messages\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_name\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Tag Type\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents Rollup\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Monitor Properties\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Microsoft Azure System Properties.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Status Events\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Application\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Custom Events\\\",\\r\\n\\t\\t\\t\\\"IP address List\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume Properties \\\",\\r\\n\\t\\t\\t\\\"Exploit Prevention Events\\\",\\r\\n\\t\\t\\t\\\"Agent Enforcement Status\\\",\\r\\n\\t\\t\\t\\\"vminfo1.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR System\\\",\\r\\n\\t\\t\\t\\\"Event Product\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Properties\\\",\\r\\n\\t\\t\\t\\\"issueDetailCount.table.name\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXLBroker Properties \\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"epoevents4.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Capture Results\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"accountdetails.table.name\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"LDAP Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Audit Log Entries\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management\\\",\\r\\n\\t\\t\\t\\\"Usage Metering Report\\\",\\r\\n\\t\\t\\t\\\"Application\\\",\\r\\n\\t\\t\\t\\\"ePOComputerProperties.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Agent Properties\\\",\\r\\n\\t\\t\\t\\\"epoevents.table.name\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Product Status\\\",\\r\\n\\t\\t\\t\\\"Roles and Permissions\\\",\\r\\n\\t\\t\\t\\\"gridthreatlist.table.name\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"DXL Broker Systems\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"Agent Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"DXL Client Systems\\\",\\r\\n\\t\\t\\t\\\"Active Response Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"Hyper-V System Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Properties\\\",\\r\\n\\t\\t\\t\\\"eventlist4.table.name\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"DLP Server Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Threat Events\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Endpoint Systems\\\",\\r\\n\\t\\t\\t\\\"Client Interface Locked Machines\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Host Cache Item Table\\\",\\r\\n\\t\\t\\t\\\"Cache Info Table\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"workloaddetailKubernetes.table.name\\\",\\r\\n\\t\\t\\t\\\"Subtask Log Messages\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfovcenter.table.name\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Compliance History\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Properties\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Kubernetes Service System Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"account.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"DLP Case Management\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Scan Info\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Scan Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Servers\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"DLP User Session Rules\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents \\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Policies\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents History\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"File Paths\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"tieserver.fileParent.tableInfo.name\\\",\\r\\n\\t\\t\\t\\\"File Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"New Certificate References\\\",\\r\\n\\t\\t\\t\\\"Certificate Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"MWG Reputations\\\",\\r\\n\\t\\t\\t\\\"Certificate Reputation\\\",\\r\\n\\t\\t\\t\\\"Certificate GTI Reputation\\\",\\r\\n\\t\\t\\t\\\"Files\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"New Certificates on Systems\\\",\\r\\n\\t\\t\\t\\\"Files\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise_parent.table.name\\\",\\r\\n\\t\\t\\t\\\"New Files on Systems\\\",\\r\\n\\t\\t\\t\\\"GTI Reputations\\\",\\r\\n\\t\\t\\t\\\"GTI Reputations\\\",\\r\\n\\t\\t\\t\\\"Certificate Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"certificate_rep.table.name\\\",\\r\\n\\t\\t\\t\\\"File Names\\\",\\r\\n\\t\\t\\t\\\"Enterprise Reputations\\\",\\r\\n\\t\\t\\t\\\"Enterprise Reputations\\\",\\r\\n\\t\\t\\t\\\"Reputations\\\",\\r\\n\\t\\t\\t\\\"CTD Reputations\\\",\\r\\n\\t\\t\\t\\\"Cleanup Trending Summary\\\",\\r\\n\\t\\t\\t\\\"ATD Reputations\\\",\\r\\n\\t\\t\\t\\\"New File References\\\"\\r\\n\\t\\t]\"",
"target": "\"[\\r\\n\\t\\t\\t\\\"workloaddetailVcenter\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"groupinfo\\\",\\r\\n\\t\\t\\t\\\"epoproductproperties\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARSERVER\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansRegDocView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_RegisterDocumentsClassification\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTIE\\\",\\r\\n\\t\\t\\t\\\"vpcflowLog\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid\\\",\\r\\n\\t\\t\\t\\\"EPOEventFilterDesc\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView_Archive\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTask\\\",\\r\\n\\t\\t\\t\\\"UDLP_EP_Scans\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORollUp_AssignedPolicyView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Rollup\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseExport\\\",\\r\\n\\t\\t\\t\\\"issueDetailGroup1\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional\\\",\\r\\n\\t\\t\\t\\\"EndpointInstallationStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOTagUsage\\\",\\r\\n\\t\\t\\t\\\"mgi1\\\",\\r\\n\\t\\t\\t\\\"EPOBranchNode\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Archive\\\",\\r\\n\\t\\t\\t\\\"DXLClientEpoProps\\\",\\r\\n\\t\\t\\t\\\"MarProperties\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidencesQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Archive\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignment\\\",\\r\\n\\t\\t\\t\\\"EPOComputerProperties\\\",\\r\\n\\t\\t\\t\\\"sasvmsetting\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTELEMETRY\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Rollup\\\",\\r\\n\\t\\t\\t\\\"threateventdetails\\\",\\r\\n\\t\\t\\t\\\"DXLProdPropsView_DXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"threatinstance\\\",\\r\\n\\t\\t\\t\\\"MDCC_VPCFLOW_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryServersView\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode\\\",\\r\\n\\t\\t\\t\\\"UDLP_AutoRegisterDocuments\\\",\\r\\n\\t\\t\\t\\\"kubelabelinfo\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLBROKER\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_awsSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfo\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesAZURE_META\\\",\\r\\n\\t\\t\\t\\\"EPOTagRestrictionsCS\\\",\\r\\n\\t\\t\\t\\\"mdccvminfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENTJ\\\",\\r\\n\\t\\t\\t\\\"ePOLeafNode\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MVEDR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Archive\\\",\\r\\n\\t\\t\\t\\\"FW_NamedNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_RulesPerUser\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Capture\\\",\\r\\n\\t\\t\\t\\\"ASSESSMENT_DASHBOARD_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesPCR\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_CAPTURE\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications\\\",\\r\\n\\t\\t\\t\\\"EPOBrokenInherintanceView\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"vminfoVendortag\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_openstackPrivateCloudSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MATD\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummaryForMaReport\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_Archive\\\",\\r\\n\\t\\t\\t\\\"mdccaccountinfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_ENDPOINTSECURITYPLATFORM\\\",\\r\\n\\t\\t\\t\\\"JTIClientRulesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMAR\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Archive\\\",\\r\\n\\t\\t\\t\\\"MARRemediationEvent\\\",\\r\\n\\t\\t\\t\\\"ESPRollup_GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TIECLIENTMETA\\\",\\r\\n\\t\\t\\t\\\"workloadalerts\\\",\\r\\n\\t\\t\\t\\\"vmInfokubernetes\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesWEBCONTROL\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORepositoryStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_RegisterDocuments\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidencesQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationBoxView\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_FIREWALL\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesFIREWALL\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SCAN_REPORT\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_TaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedTargetsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMCA\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Archive\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseManagement\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EPOMasterCatalog\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_vcenterSquid\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_DISCOVERY_OCR\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentScan\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_VISUALIZATION\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MCPAGENT\\\",\\r\\n\\t\\t\\t\\\"EPOAgentHandlers\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo_Rollup\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"OrionRegisteredServers\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogSubtask\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryInventoryFactsView\\\",\\r\\n\\t\\t\\t\\\"FW_ClientRuleExecutableView\\\",\\r\\n\\t\\t\\t\\\"workloaddetail_1\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseToLabels\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PROPERTY\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTHREATPREVENTION\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage_Archive\\\",\\r\\n\\t\\t\\t\\\"issueGroup\\\",\\r\\n\\t\\t\\t\\\"StatisticsTable_EPOAgent3000\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTIECLIENTMETA\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_ComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedSourcesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryClassificationFactsView\\\",\\r\\n\\t\\t\\t\\\"EPOProductPropertyProducts\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExportEventDetails\\\",\\r\\n\\t\\t\\t\\\"TIEServerCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesENDPOINTSECURITYPLATFORM\\\",\\r\\n\\t\\t\\t\\\"workloadDetailAwsAzure\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfo\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_CAPTURE\\\",\\r\\n\\t\\t\\t\\\"EPOTag\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EPOTaskBrokenInheritAssignments\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENTJ1\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventStatus_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMCPAGENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"EPOExtendedComputerProperties\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_LocalNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_Computers\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TELEMETRY\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Archive\\\",\\r\\n\\t\\t\\t\\\"TIEServerIOCState\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Rollup\\\",\\r\\n\\t\\t\\t\\\"MarCustomEvent\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventResolution_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey\\\",\\r\\n\\t\\t\\t\\\"tagIssueCount\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_PCR\\\",\\r\\n\\t\\t\\t\\\"sassettingstatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureSearchView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"groupproperty\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"ClientUILockOutStatusTable_view\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENTJ1\\\",\\r\\n\\t\\t\\t\\\"mginf\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoSharePointView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications_Rollup\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_RemoteNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOSysTreePathsView\\\",\\r\\n\\t\\t\\t\\\"OrionIssues\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENTJ\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TIE\\\",\\r\\n\\t\\t\\t\\\"vmproperty\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_MONITOR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoDatabaseView\\\",\\r\\n\\t\\t\\t\\\"ESPRollup_EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"epocomputerprops\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseResolution\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoBoxView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo\\\",\\r\\n\\t\\t\\t\\\"EPOSystemProductVersionInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel\\\",\\r\\n\\t\\t\\t\\\"epoTagVendortag\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARPLAT\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Rollup\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARPLAT\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_AZURE_META\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignmentVendortag\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureAppliances\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Destination\\\",\\r\\n\\t\\t\\t\\\"EPOTagGroup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_DISCOVERY_OCR\\\",\\r\\n\\t\\t\\t\\\"EPOServerKeys\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_THREATPREVENTION\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Rollup\\\",\\r\\n\\t\\t\\t\\\"vmInfoawsazure\\\",\\r\\n\\t\\t\\t\\\"vminfoDetail\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"epoleafnode\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTaskMessage\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureDataSetView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"EPOComputerExtendedProperties\\\",\\r\\n\\t\\t\\t\\\"vmpropertiestf\\\",\\r\\n\\t\\t\\t\\\"EPOTagType\\\",\\r\\n\\t\\t\\t\\\"EPOTagAssignment\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView_Destination\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesVISUALIZATION\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_AutoRegisterDocumentsClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDLPPS\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_MONITOR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_azurermSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"EPOServerEvents\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExactDataFingerprints\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint\\\",\\r\\n\\t\\t\\t\\\"FW_Application\\\",\\r\\n\\t\\t\\t\\\"MVEDRCustomEvent\\\",\\r\\n\\t\\t\\t\\\"OrionBlockedIpAddress\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"MDCC_VOLUME\\\",\\r\\n\\t\\t\\t\\\"TP_Events\\\",\\r\\n\\t\\t\\t\\\"MAEnforcementStatusView\\\",\\r\\n\\t\\t\\t\\\"vminfo1\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"mdccgroupinfo\\\",\\r\\n\\t\\t\\t\\\"MVEDRProperties\\\",\\r\\n\\t\\t\\t\\\"EPOSoftwareView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_PREVENT\\\",\\r\\n\\t\\t\\t\\\"issueDetailCount\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLBROKER\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOTagsView\\\",\\r\\n\\t\\t\\t\\\"epoevents4\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView\\\",\\r\\n\\t\\t\\t\\\"accountdetails\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud\\\",\\r\\n\\t\\t\\t\\\"EPOComputerLdapProperties\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARAGG\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Rollup\\\",\\r\\n\\t\\t\\t\\\"mdccgroupproperty\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MCA\\\",\\r\\n\\t\\t\\t\\\"USAGE_METERING_ALF_VIEW\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_Application\\\",\\r\\n\\t\\t\\t\\\"ePOComputerProperties\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARSERVER\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMATD\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_EPOAGENT\\\",\\r\\n\\t\\t\\t\\\"epoevents\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesASSESSMENT\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_PREVENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"gridthreatlist\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions_Rollup\\\",\\r\\n\\t\\t\\t\\\"DXLBrokerCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"tagAssignmentList\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentExport\\\",\\r\\n\\t\\t\\t\\\"MDCC_VOLUME_PROPERTY\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesEPOAGENT\\\",\\r\\n\\t\\t\\t\\\"EPOTaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage\\\",\\r\\n\\t\\t\\t\\\"threateventlist\\\",\\r\\n\\t\\t\\t\\\"DXLClientCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MAR\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DLPPS\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_hyperVSquid\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_WEBCONTROL\\\",\\r\\n\\t\\t\\t\\\"eventlist4\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"MDCC_DPC_VM_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_DISCOVERY\\\",\\r\\n\\t\\t\\t\\\"EPORollup_Events\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Archive\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationDatabaseView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_ASSESSMENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"AM_EndpointTechnologyStatus_View\\\",\\r\\n\\t\\t\\t\\\"ClientUICurrentLockOutStatus_View\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied\\\",\\r\\n\\t\\t\\t\\\"MARHostCacheItem\\\",\\r\\n\\t\\t\\t\\\"MARCacheInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Rollup\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMVEDR\\\",\\r\\n\\t\\t\\t\\\"issueCount\\\",\\r\\n\\t\\t\\t\\\"workloaddetailKubernetes\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogSubtaskMessage\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationSharePointView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfovcenter\\\",\\r\\n\\t\\t\\t\\\"threatfilter\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"EpoComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARAGG\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_kubernetesSquid\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_DISCOVERY\\\",\\r\\n\\t\\t\\t\\\"account\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOTagsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseManagement\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EP_Scans\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentScan\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOSysTreePathsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryServersView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseResolution\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseToLabels\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRuleEvidencesQueriesView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Destination\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_RulesPerUser\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExportEventDetails\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRuleEvidencesQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView_Destination\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummaryForMaReport\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Archive\\\",\\r\\n\\t\\t\\t\\\"file_path\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_summaryFilter\\\",\\r\\n\\t\\t\\t\\\"file_parent\\\",\\r\\n\\t\\t\\t\\\"file_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_first_ref\\\",\\r\\n\\t\\t\\t\\\"associated_certificate_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"certificate\\\",\\r\\n\\t\\t\\t\\\"certificateJoined\\\",\\r\\n\\t\\t\\t\\\"file_rep_mwg\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"associated_certificate_rep_gti\\\",\\r\\n\\t\\t\\t\\\"file\\\",\\r\\n\\t\\t\\t\\\"file_rep_summaryFilter\\\",\\r\\n\\t\\t\\t\\\"agent_new_certificate_summary\\\",\\r\\n\\t\\t\\t\\\"fileJoined\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise_parent\\\",\\r\\n\\t\\t\\t\\\"agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_gti\\\",\\r\\n\\t\\t\\t\\\"file_rep_gti\\\",\\r\\n\\t\\t\\t\\\"certificate_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_rep\\\",\\r\\n\\t\\t\\t\\\"file_name\\\",\\r\\n\\t\\t\\t\\\"file_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"file_rep\\\",\\r\\n\\t\\t\\t\\\"file_rep_ctd\\\",\\r\\n\\t\\t\\t\\\"cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"file_rep_atd\\\",\\r\\n\\t\\t\\t\\\"file_first_ref\\\"\\r\\n\\t\\t]\"",
"type": "\"[\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"Left join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\"\\r\\n\\t\\t]\"",
"description": "\"[\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents Classification\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Volume properties specific to Volume from Amazon Web Service \\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon log entries created by a top-level task.\\\",\\r\\n\\t\\t\\t\\\"Info of Endpoint Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Rolled up Applied Policies from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Installations\\\",\\r\\n\\t\\t\\t\\\"Tag Usage Description\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information from Groups\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Shows ePO-based DXL Client related properties\\\",\\r\\n\\t\\t\\t\\\"Active Response System\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information from Computer Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"AWS VPC Flow Logs with IP Reputation\\\",\\r\\n\\t\\t\\t\\\"Table that holds the Discover Server Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Endpoint System Adaptive Threat Protection Custom Properties\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Amazon Web Service \\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Tag Restrictions\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Retrieves more detailed information on Threat Events sent from managed systems\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"MVISION EDR Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.NamedNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"SessionRules_table_desc\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Instance assessment based on Agentless Firewall\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about what policies are applied to what managed systems.\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"Retrieves information about what policy assignments are broken in the system hierarchy.\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"System properties specific to systems from OpenStack Cloud (Generic)\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Rules\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Remediation Event Description\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Platform properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Retrieves data on repositories and their status.\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Properties\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about Adaptive Threat Protection events from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan \\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Rolled up Applied Client Tasks from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about firewall rules created on client systems and in the catalog.\\\",\\r\\n\\t\\t\\t\\\"Security Incident Description\\\",\\r\\n\\t\\t\\t\\\"Web Control Events\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about systems that have been added to your System Tree.\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Cases related to DLP incidents\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Tags\\\",\\r\\n\\t\\t\\t\\\"VMware system properties are discovered by vSphere connector.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Scan Information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Agent Handlers.\\\",\\r\\n\\t\\t\\t\\\"Rolled Up Endpoint Security Web Control Events from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Servers from which data is rolled up and used in multi-server queries.\\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon log entries created by a task's subtask.\\\",\\r\\n\\t\\t\\t\\\"discovery_file_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about executables in firewall rules created on client systems.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Registered Cloud Accounts for all Cloud vendors\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for Cloud systems\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Agent Statistics Information\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Endpoint Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves compliance counts over time across registered servers. This query type and its results depend on running a roll up data: Compliance History server task on this McAfee ePO server, which in turn depends on running a Run Query: Generate Compliance Event server task on each of the registered servers. These tasks create and combine the database records for this type of query. Click \\\\\\\"?\\\\\\\" for more information.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"discovery_classification_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Contains a property with a comma-separated list of all products installed at the node.\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Shows Threat Intelligence Exchange related System Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about what client task assignments are broken in the system hierarchy.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Policies of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"Cloud system properties common to VMs belonging to any vendor\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.LocalNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves summary data on systems managed by the registered servers. This query type and its results depend on running a roll up data: Managed Systems server task on this McAfee ePO server. Click \\\\\\\"?\\\\\\\" for more information.\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Properties\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"System Health Indicator\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Incidents-related DLP data at rest. As received from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Table to show Active Response custom events\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about client events from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Capture search list\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Client interface logon audit log\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"fwClientRule.RemoteNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Select \\\\\\\"Issues\\\\\\\" to view issues created by users and reported by other extensions.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Threat Events from registered servers.\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Systems Per Product\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about client events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Endpoint System Threat Prevention Custom Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Azure Discovery Properties\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"capture_dataset_table_desc\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Tag Groups\\\",\\r\\n\\t\\t\\t\\\"DLP Case Endpoint Discovery Incidents (Hidden)\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Properties\\\",\\r\\n\\t\\t\\t\\\"Server Keys\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon messages logged by a top-level task.\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_desc\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Tag Type Description\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves information on DLP Data In-use/motion Incidents sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Monitor Properties\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Microsoft Azure.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about status events from McAfee ePO.\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.ApplicationDescription\\\",\\r\\n\\t\\t\\t\\\"Table to show MVISION EDR custom events\\\",\\r\\n\\t\\t\\t\\\"Retrieves the blocked and whitelisted IP addresses.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume belonging to any vendor\\\",\\r\\n\\t\\t\\t\\\"This is a combination of the ePO Threat Events data and the Endpoint Security Exploit Prevention Events data\\\",\\r\\n\\t\\t\\t\\\"Displays error conditions enforcing policy or collecting properties.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Properties of the DLP clients\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR System\\\",\\r\\n\\t\\t\\t\\\"Event Product\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXLBroker Properties \\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Capture search results list \\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Retrieves LDAP information about systems that have been added to your System Tree.\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about changes and actions made by users of this server.\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management\\\",\\r\\n\\t\\t\\t\\\"Statistics About McAfee Product Usage\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.ApplicationDescription\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Agent Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Status of products like VSE, Host IPS, Application Control etc. on the Cloud systems\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about users and permissions of this server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Shows DXL Broker related properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems.\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for cloud volume\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about what client tasks have been applied to what managed systems.\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Shows DXL Client related properties\\\",\\r\\n\\t\\t\\t\\\"Active Response Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Firewall properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Hyper-V system properties are discovered by Hyper-V connector.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for cloud volume\\\",\\r\\n\\t\\t\\t\\\"DLP Server Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Web Control properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves technology information about Endpoint Systems\\\",\\r\\n\\t\\t\\t\\\"List Of Client Interface Locked Machines\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Host Cache Item Description\\\",\\r\\n\\t\\t\\t\\\"Cache Info Description\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Threat Prevention properties from registered servers.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Allows you to query upon messages logged by a task's subtask.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about DLP Operational Events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Retrieves data on compliance counts over time. This query type and its results depend on a Run Query server task that generates compliance events from the results of a (Boolean pie chart) query. Also, when creating a Compliance History query, make sure that the time unit matches the schedule interval for the server task. McAfee recommends creating the Boolean pie chart query first, followed by the server task that generates the compliance events, and finally the Compliance History query.\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Properties\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Amazon Web Service \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Cases related to DLP incidents\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"Info of Endpoint Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Scan Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Table that holds the Discover Server Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"SessionRules_table_desc\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Policies of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP clients\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Retrieves file paths from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"tieserver.fileParent.tableInfo.desc\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized Enterprise Reputation for files\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves associated certificate enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from TIE Server\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from TIE Server\\\",\\r\\n\\t\\t\\t\\\"Retrieves file MWG reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for certificates from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves associated certificate GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file information from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about systems with new certificates.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file information from the TIE Server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about systems with new files.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificate GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves file names from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file Enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificate Enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file CTD reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"TIE Server cleanup trending summary\\\",\\r\\n\\t\\t\\t\\\"Retrieves file ATD reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves files from the TIE Server.\\\"\\r\\n\\t\\t]\""
}
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
Successful
Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No Sample Data
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Table failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data List Table failed. Status Code: 401. Message: Unauthorized. |
List Task History
Retrieves a list of all task histories.
Input
N/A
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:01:41-08:00",
"endDate": "2019-12-09T18:01:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "jhou Sync Status",
"startDate": "2019-12-09T18:05:36-08:00",
"endDate": "2019-12-09T18:06:02-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "accountSyncStatusTaskSource",
"duration": "Less than a minute"
},
{
"id": "966977",
"name": "Threat Detected",
"startDate": "2019-12-09T18:06:42-08:00",
"endDate": "2019-12-09T18:06:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
}
]
The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:01:41-08:00",
"endDate": "2019-12-09T18:01:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:03:42-08:00",
"endDate": "2019-12-09T18:03:42-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "jhou Sync Status",
"startDate": "2019-12-09T18:05:36-08:00",
"endDate": "2019-12-09T18:06:02-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "accountSyncStatusTaskSource",
"duration": "Less than a minute"
},
{
"id": "966977",
"name": "Threat Detected",
"startDate": "2019-12-09T18:06:42-08:00",
"endDate": "2019-12-09T18:06:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
},
{
"id": "*****",
"name": "Threat Detected",
"startDate": "2019-12-09T18:08:42-08:00",
"endDate": "2019-12-09T18:08:43-08:00",
"userName": "system",
"status": "Completed",
"taskSource": "response",
"duration": "Less than a minute"
}
]
Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores