The purpose of this document is to guide the user through integrating ATD 3.6.0 with McAfee
Active Response. The outcome will be a list of hosts in a connected environment that have a file
identified by ATD and available in an ATD report.
To the integration between ATD and Active Response was introduced in ATD version 3.6.0 and
and integrates with MAR version 1.0 all other dependancies for DXL Broker, DXL client and McAfee
Agent come from McAfee Active respoonse.
In ATD navigate to the "Manage -->ePO Login/DXL" page. Check the "Enable Active Response"
box and hit "Apply"
In ePO navigate to Menu-->Server Settings-->DXL Topic Authorization select "Edit" in the lower right corner
In the "Edit DXL Topic Authorization" window find the MAR Server API column. You'll notice that only the
MARSERVER is allowed to communicate via Send and Recieve Tags. We need to add ATD to the Send
Tags column. To do this select the box next to the "MAR Server API" then "Action" on the bottom left
In the "Restrict Send Tags" window that opens select the tag "ATDDXL" then select "ok" then "save"
To verify the tag go to your System Tree, find your ATD appliance and see which tags are listed in the "Tags"
column. In my ePO I have both the"ATDDXL" and "workstation" tag.
*Note if possible only select the "ATDDXL" tag as the "workstation" tag applies to a broader definition
ATD is now able to run a query and report which systems have the file sample just run in the sandbox.