Creating a database view
Microsoft EndPoint Protection uses SQL Server Management Studio (SSMS) to manage the EndPoint Protection SQL databases.
Procedure
- Log in to the system that hosts your Microsoft EndPoint Protection SQL database.
- From the Start menu, select Run.
-
Type the following command:
ssms
- Click OK.
- Log in to your Microsoft Endpoint Protection database.
- From the Object Explorer, select Databases.
- Select your database and click Views.
- From the navigation menu, click New Query.
-
In the Query pane, type the following Transact-SQL statement to create the
database view:
create view dbo.MalwareView as select n.Type , n.RowID , n.Name , n.Description , n.Timestamp , n.SchemaVersion , n.ObserverHost , n.ObserverUser , n.ObserverProductName , n.ObserverProductversion , n.ObserverProtectionType , n.ObserverProtectionVersion , n.ObserverProtectionSignatureVersion , n.ObserverDetection , n.ObserverDetectionTime , n.ActorHost , n.ActorUser , n.ActorProcess , n.ActorResource , n.ActionType , n.TargetHost , n.TargetUser , n.TargetProcess , n.TargetResource , n.ClassificationID , n.ClassificationType , n.ClassificationSeverity , n.ClassificationCategory , n.RemediationType , n.RemediationResult , n.RemediationErrorCode , n.RemediationPendingAction , n.IsActiveMalware , i.IP_Addresses0 as 'SrcAddress'
from v_AM_NormalizedDetectionHistory n, System_IP_Address_ARR i, v_RA_System_ResourceNames s, Network_DATA d where n.ObserverHost = s.Resource_Names0 and s.ResourceID = d.MachineID and d.IPEnabled00 = 1 and d.MachineID = i.ItemKey and i.IP_Addresses0 like '%.%.%.%';
-
From the Query pane, right-click and select
Execute.
If the view is created, the following message is displayed in the results pane:
Command(s) completed successfully.