Your agents are in a odd state of policy pending, prevention enabled, etc and you want to sort them out.
-- Below query returns ALL non-affected Agents (i.e. IPS NOT supported or IPS feature Disabled and Prevention policy flag pending, This is by design)
SELECT
Hostname,CaptionName,IPAddress, *
FROM
ASSET
WHERE
(AgentState LIKE '%e%') AND (PolicyStatus LIKE '%P%');
-- Below query return ALL affected Agents (i.e. IPS supported and IPS
feature is enabled but prevention policy flag is pending)
SELECT
Hostname,CaptionName,IPAddress, *
FROM
ASSET
WHERE
(AgentState LIKE '%E%') AND (PolicyStatus LIKE '%P%');
Please find below information for your reference :
AgentState field in Asset table:
• ‘e’ – Prevention Feature is not active (i.e., IPS Driver is not
installed)
• ‘E’ – Prevention Feature is active (i.e., IPS Driver is installed)
• ‘r’ – Reboot has not been done
• ‘R’ – Reboot has been done
• ‘p’ – Prevention disabled (using prevention policy)
• ‘P’ – Prevention enabled (using prevention policy)
PolicyState field in Asset table
• policyStatus = P -- "prevention policy pending"
• policyStatus = D -- "detection policy pending"
• policyStatus = E -- "prevention policy error"
• policyStatus = e -- "detection policy error"
• policyStatus = blank -- "all good"
• policyStatus = NULL -- "n/a, must be mgmt server"