I'm working with a Sophos 5.21 database - attempting to build a report that identifies active viruses that have had no action taken. I have 2 tables that I am pulling data from: [Sophos Reporting Interface].vThreatInstances.FullFilePath and [Sophos Reporting Interface].vThreatEventData.ActionTakenName.
In this case Sophos is writing multiple lines to the DB. I'll see the same file recorded 3 times inFullFilePath and each line has a different ActionTakenName -None, Blocked, and Cleaned up. I'm simply trying to find items that have onlyActionTakenName = None.
I need some way to compare FulleFilePath to ActionTakenName. Below is the query I've built thus far, along with a screenshot example of what I'm dealing with.
SELECT TOP (100) PERCENT dbo.Computers.Name, dbo.Computers.IPAddressText, dbo.Computers.Managed, dbo.Computers.Connected, dbo.Computers.LastMessageTime,
[Sophos Reporting Interface].vGroupPathAndNameData.PathAndName, [Sophos Reporting Interface].vThreatEventData.ActionTakenName,
[Sophos Reporting Interface].vThreatInstances.FullFilePath
FROM dbo.Computers INNER JOIN
dbo.ComputerGroupMapping ON dbo.Computers.ID = dbo.ComputerGroupMapping.ID INNER JOIN
[Sophos Reporting Interface].vGroupPathAndNameData ON dbo.ComputerGroupMapping.GroupID = [Sophos Reporting Interface].vGroupPathAndNameData.GroupID INNER JOIN
[Sophos Reporting Interface].vThreatInstances ON dbo.Computers.ID = [Sophos Reporting Interface].vThreatInstances.ComputerID INNER JOIN
[Sophos Reporting Interface].vThreatEventData ON [Sophos Reporting Interface].vThreatInstances.ThreatID = [Sophos Reporting Interface].vThreatEventData.ThreatID
WHERE (dbo.Computers.LastMessageTime > DATEADD(dd, - 30, GETDATE())) AND ([Sophos Reporting Interface].vGroupPathAndNameData.PathAndName LIKE N'%Engineering Lab%') AND
(dbo.Computers.Name = N'WIN-SERVER')