I have McAfee ePo with all the bells and whistles. My threat events are over 60 million. I did a purge task but didn’t delete enough. Most of the events are Solid Core events being File Solidified, Unsolidified and Registry Modification. Is there a way to tone down the events so I don’t get as many? I am running a SQL query to delete all before a detected UTC date which has been running for 5 days so. I know it will reduce my events but it will just keep building. Any thoughts or suggestions on how to reduce the number of events being recorded from my endpoints?
3 Spice ups
zuphzuph
(zuphzuph)
2
I’m guessing you’re talking about the threat event log correct?
zuphzuph
(zuphzuph)
4
You can purge within ePO itself and it shouldn’t take more than just a few seconds. What version of ePO are you on?
zuphzuph
(zuphzuph)
5
Honestly if this is something you wanna monitor effectively I would query ePO support and see if they have something you can schedule to clear out the specified events as a SQL job to run after X hours or during specified times.
I’ve done the purge already. It took about a week to finish but still have 60 million records. I have tasks to purge anything older than 6 months to run nightly but the events come in very quickly and fill up. I have gold support and will see what they can do to help, figured I would come here first. Thanks.
ePo 5.3.1
