You can create a direct SQL query to the backend database but I found this strange method work using VIM on Windows. Note: I have taught myself how to use VIM. It was not easy and has a huge learning curve. The hardest step was understanding how to change mode to exit the application. There are a lot of tutorials on the Internet but don't be surprised to feel very uncomfortable for a long time.
Add this to the end of your _vimrc file. (:e $HOME/_vimrc). I keep the same vimrc file uploaded to a network share and backed up.
<quote>
" Escape/unescape & ( ) McAfee query definition entities in range (default current line).
function! McAfeeEntities(line1, line2, action)
let search = @/
let range = 'silent ' . a:line1 . ',' . a:line2
if a:action == 0 " must convert & last
execute range . 'sno/+/ /eg'
execute range . 'sno/%22/"/eg'
execute range . 'sno/%28/(/eg'
execute range . 'sno/%29/)/eg'
else " must convert & first
execute range . 'sno/ /+/eg'
execute range . 'sno/"/%22/eg'
execute range . 'sno/(/%28/eg'
execute range . 'sno/)/%29/eg'
endif
nohl
let @/ = search
endfunction
command! -range -nargs=1 MEntities call McAfeeEntities(<line1>, <line2>, <args>)
noremap <silent> \m :MEntities 0<CR>
noremap <silent> \M :MEntities 1<CR>
</quote>
Steps to modify a McAfee report.
- Create a dummy report that does whatever you need and have it filter by system name matching 1-3 computers.
- Export report into xml format
- Edit in vim
- Around line 8
- Press keystroke from the original mode: \m
- That rewrites the line substituting %28 for (
- Insert a return on the part starting with: ( eq EPOLeafNode.NodeName
- Insert a return near the end of the line: ) )</property>
- Delete the line with all the computernames
- Insert and paste list of computers
- Search and replace to the end of the last computer in this example 589 is the last computer
- :8,589s/^/( eq EPOLeafNode.NodeName "/g
- :8,589s/\n/" ) /g
- Insert at the beginning of line 8 and merge with line 7 with a delete
- merge the end of the line with ) )</property>
- I found out that McAfee can handle the file without the correct %28 syntax. If necessary you can use \M to reset the line to the way it was before. Caution with the <property name="conditionURI"> tag, it will get the wrong output like this ++<property+name=%22conditionURI%22> and will have to be fixed.
- Import into McAfee
- If you don't import that list of computernames into the system as empty records then your report will only show found items follow the next step to fix that.
- Copy the list of computers into EPO using "New Systems" with the "
Maybe McAfee EPO will fix their report system in the next iteration.