To query the ePO database for Host IPS content signatures:
- Open SQL Server Query Analyzer or SQL Server Management Studio.
- Select the ePO database in the database drop-down list.
- Copy and paste the following SQL statement into the query window:
SELECT
sig.SignatureID,
sig.SignatureTypeID,
sig.Category,
sig.IsLogEnabled,
sig.IsCreateLocalExEnabled,
sig.SeverityLevel,
sig.CVECode,
sigName.SignatureName as SignatureName,
sigDesc.TextValue as SignatureDesc
FROM
HIP8_Signature as sig
LEFT JOIN HIP8_SigNameXlate as sigName ON sig.SignatureID=sigName.SignatureID and sigName.LanguageID=1033
LEFT JOIN HIP8_LongTextXlate as sigDesc ON sig.SignatureID=sigDesc.KeyID and sigDesc.KeyType='SD' and sigDesc.LanguageID=1033
where sig.CVECode <> 'NULL'
NOTE: To pull the details for all Host IPS signatures, including signatures without CVE numbers, remove the last line in the query:
where sig.CVECode <> 'NULL'
- Click Execute
- Right-click to save the results into the file format of your choice.
Column heading information for the results table:
- SignatureID = Signature ID number
- SignatureTypeID = Platform
1 = Windows
2 = Solaris
3 = Linux
- Category = Signature Type
0 = Host Intrusion Prevention signature
1 = Network IPS signature
- IsLogEnabled = Log Status
0 = Disabled
1 = Enabled
- IsCreateLocalExEnabled = Allow Client Rules
0 = Disabled
1 = Enabled
- SeverityLevel = Signature Severity Level
4 = High
3 = Medium
2 = Low
1 = Informational
0 = Disabled
- CVECode = Link to applicable CVE Vulnerability ID
- SignatureName = Signature Name
- SignatureDesc = Signature Description
NOTE: The .zip files attached to this article provide sample exports from the default Host IPS content signatures database.
