Perform the following steps to query the ePO database for Host IPS content signatures:
- Open SQL Server Query Analyzer or SQL Server Management Studio.
- Select the ePO database in the database drop-down list.
- Copy and paste the following SQL statement into the query window:
SELECT
sig.SignatureID,
sig.SignatureTypeID,
sig.Category,
sig.IsLogEnabled,
sig.IsCreateLocalExEnabled,
sig.SeverityLevel,
sig.CVECode,
sigName.SignatureName as SignatureName,
sigDesc.TextValue as SignatureDesc
FROM
HIP8_Signature as sig
LEFT JOIN HIP8_SigNameXlate as sigName ON sig.SignatureID=sigName.SignatureID and sigName.LanguageID=1033
LEFT JOIN HIP8_LongTextXlate as sigDesc ON sig.SignatureID=sigDesc.KeyID and sigDesc.KeyType='SD' and sigDesc.LanguageID=1033
where sig.CVECode <> 'NULL'
NOTE: To pull the details for all Host IPS signatures, including signatures without CVE numbers, remove the last line in the query:
where sig.CVECode <> 'NULL'
- Select Results to File.
- Click Execute and specify the location for the results file.
You can view the results file in Microsoft Word or import it into Microsoft Excel.
Column heading information for the results table:
- SignatureID = Signature ID number
- SignatureTypeID = Platform
1 = Windows
2 = Solaris
3 = Linux
- Category = Signature Type
0 = Host Intrusion Prevention signature
1 = Network IPS signature
- IsLogEnabled = Log Status
0 = Disabled
1 = Enabled
- IsCreateLocalExEnabled = Allow Client Rules
0 = Disabled
1 = Enabled
- SeverityLevel = Signature Severity Level
4 = High
3 = Medium
2 = Low
1 = Informational
0 = Disabled
- CVECode = Link to applicable CVE Vulnerability ID
- SignatureName = Signature Name
- SignatureDesc = Signature Description
NOTE: The .zip files attached to this article provide sample exports from the default Host IPS content signatures database.
