Monitoring devices with Trellix ePolicy Orchestrator (ePO)

You can use Trellix’s ePolicy Orchestrator (ePO) to monitor the machines in your institution using custom queries and filters. You create queries for different criteria you’re interested in tracking. This could include OS versions build numbers and even machines that haven’t communicated with the service recently

You can use these reports to investigate machines using unsupported versions of Windows and in need of upgrades. You could also use the ePO to create an inventory of devices in your institution if you do not already have one.

You can do this in several ways:

• Add columns to your system tree view. This is less useful if you already have a lot of columns.
• Create custom filters for the system tree view. You can re-run these filters when needed. 
• Create custom queries. This allows you to export a report in different file formats.

For more information or help using the service, please contact anti-malware@uis.cam.ac.uk.

Add columns to your system tree view

1. Click the ‘Actions’ button. From the expanded menu select ‘Choose Columns’.
   actions_button.jpg

   
2. Select additional columns to add to your System Tree view:
   • OS Type
   • OS Version
   • OS Build Number
   • OS Service Pack Version
   choose_columns.jpg

   
        
   choose_OS_Type.jpg

   
3. Arrange the columns by dragging them or using the left and right arrows.
   drag_columns.jpg

   
   dragged_columns.jpg

   
4. Save your new column view.
   save_columns.jpg

   
5. Your new columns will now display.
   new_column_view.jpg

   

Custom filters can be created and saved for the system tree view

1. In the ‘System Tree’ view, click to expand the dropdown under ‘Custom’. Select ‘Add…’.
   add_custom_filters.jpg

   
2. Select the required properties from the ‘Available Properties’ menu. For example, OS Type. Select an ‘Existing Value’ for the comparisons by clicking on the three dots.
   add_custom_filters_OS_Type.jpg

   
3. Select the relevant OS type from the dropdown menu. Click ’OK’.
   add_custom_filters_Windows_11.jpg

   
4. Click ‘Update Filter’.
   update_custom_filters.jpg

   
5. The filter will show as ‘(unsaved)’ within the ‘Custom’ dropdown. Click the dropdown and select ‘Save’ to name it.
   save_custom_filters.jpg

   
6. Add a meaningful filter name. For example, ‘Win 11’. Click ‘OK’.
   name_custom_filters.jpg

   
7. The filter is now available to use as required.
   custom_filter_added.jpg

   

Custom queries can be created and saved

1. Select the ‘Queries & Reports’ tab and click the ‘New Query’ button.
   new_query.jpg

   
2. Select ‘System Management’ from the ‘Feature Group’ menu. Select ‘Systems’ on the ‘Result Type’ tab.
   system_management.jpg

   
3. Select the required chart type, bar labels and bar values. For example, you can select a bar chart with ‘OS Type’ as the bar labels and ‘Number of Systems’ as the bar values.
   queries_bar_chart.jpg

   
4. Select any additional columns you’re interested in from the ‘Available Columns’ menu. For example, ‘Last Communication’.
   queries_available_columns.jpg

   
5. Select the required filter options. For example, you can create a query that only returns Windows 10 machines. Or you could select machines that have not communicated with the service in the last week. If filters are not added, all systems will display.
   19_queries.jpg

   
6. Save the query, giving it a meaningful name. You can also add a description.
   save_queries.jpg

   
7. Run the query and check it displays as expected. You can edit queries following the same steps.
8. Export the report file if needed. You can choose between the following file formats:
   • csv
   • html
   • pdf
   • xhtml