Host List and the Query Builder

The Host List is located at the bottom of the Rogue Report. It shows each user that meets the criteria set up using the filters at the top of the pane. In the image below, this report shows all users, regardless of which tools they are using. You can tell this by the colored rectangles at the top, which show Windows AD, CrowdStrike, and Tenable.

You can quickly filter the information by removing and adding data sources from the list:

  • Select the “x” next to a data source name to remove it from the list.

  • To add a data source you previously removed, expand the drop-down list and select it.

  • To change the detail shown in the list, select the Advanced Filter/Basic Filter switch on the left.

Query Builder

Based on our example images, let’s assume you need to build a query to show you the users in Windows Active Directory who aren’t using CrowdStrike.

  1. Select Run Query.

This builds a query that tells Epiphany to list all users who are using Windows AD but not using Crowdstrike. These are the devices you need to ensure start using Crowdstrike. You can download this list as a .csv file and it can become a worklist.

For more information on advanced queries follow the information in the Search and Query Guidelines section.

Last updated