Host List and the Query Builder
Last updated
Last updated
The Host List is located at the bottom of the Rogue Report. It shows each user that meets the criteria set up using the filters at the top of the pane. In the image below, this report shows all users, regardless of which tools they are using. You can tell this by the colored rectangles at the top, which show Windows AD, CrowdStrike, and Tenable.
You can quickly filter the information by removing and adding data sources from the list:
Select the “x” next to a data source name to remove it from the list.
To add a data source you previously removed, expand the drop-down list and select it.
To change the detail shown in the list, select the Advanced Filter/Basic Filter switch on the left.
Based on our example images, let’s assume you need to build a query to show you the users in Windows Active Directory who aren’t using CrowdStrike.
Select Run Query.
This builds a query that tells Epiphany to list all users who are using Windows AD but not using Crowdstrike. These are the devices you need to ensure start using Crowdstrike. You can download this list as a .csv file and it can become a worklist.
For more information on advanced queries follow the information in the Search and Query Guidelines section.
To perform an advanced query to potentially identify devices that aren’t using the required tools, select the filter icon . This is described in the next section.
Select the filter icon .
Select in + and then select windows_ad+ .
Select not + and then select crowdstrike+ .
