Hi
There are situations where an MSSP contains a different number of clients in the same Qradar. In this type of environment there may be several EC or EP for the clients, but there may also be one that is shared among several others and the logical separation is done by Domains.
For this type of cases, I have created this small script which, with previously defined queries, can extract the EPS by domain. You can schedule this script to run several times a day to get variations through the day and as the days go by, save the data to make a timeline in a data analytics software.
Link https://github.com/chmedinap/Qradar-Scripts/tree/main/EPS%20by%20Domain%20Qradar
------------------------------
Carlos Medina
------------------------------