The "New Risks Report" in the Quick Reports category shows us what new risks have appeared in the environment in the past time frame period. For a few reasons I have a need to re-do this report with direct SQL queries. I can get a SQL query that reports all the risks for the past 30 days which is easily configured for any number of days. But I've no way of telling which risks are new to the environment.
Any ideas?
SELECT
ALERTS.ALERTDATETIME, ALERTS.ALERTINSERTTIME, ALERTS.ALERTENDDATETIME, USER_NAME,
V_SEM_COMPUTER.COMPUTER_NAME, V_SEM_COMPUTER.IP_ADDR1_TEXT, VIRUS.VIRUSNAME, SOURCE, NOOFVIRUSES, FILEPATH, DESCRIPTION, A1.Actualaction,
A2.Actualaction as Requestedaction, A3.Actualaction as Secondaryaction, SOURCE_COMPUTER_NAME, SOURCE_COMPUTER_IP
FROM ALERTS
INNER JOIN V_SEM_COMPUTER ON COMPUTER_IDX = COMPUTER_ID
INNER JOIN VIRUS ON ALERTS.VIRUSNAME_IDX = VIRUS.VIRUSNAME_IDX
INNER JOIN Actualaction A1 on ALERTS.Actualaction_idx = A1.Actualaction_idx
INNER JOIN Actualaction A2 on ALERTS.Requestedaction_idx = A2.Actualaction_idx
INNER JOIN Actualaction A3 on ALERTS.Secondaryaction_Idx = A3.Actualaction_idx
WHERE
ALERTDATETIME >= DATEADD(day, -30, CURRENT_TIMESTAMP)
-- and VIRUSNAME LIKE '%WS.Reputation.1%'
-- and FILEPATH not like 'Symantec Endpoint Protection'
-- and VIRUS.VIRUSNAME != 'Tracking Cookies'
order by ALERTDATETIME desc