cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring Advanced ePO Integration

The McAfee SIEM supports the ability to launch ePO directly from the SIEM interface to view endpoint details as defined within ePolicy Orchestrator. This advanced integration assumes that you have properly configured the Local Network settings in the Asset Manager.  Please ensure you have followed the steps to configure Local Network before continuing. NOTE: This configuration example assumes a single ePO server with a local SQL database. In configurations where the ePO server is connected to a secondary SQL DB server, please contact McAfee support for assistance.

Once the McAfee SIEM has been configured with at least one ePO data source and the Local Network value has been defined within the Network Discovery section of the Asset Manager, the SIEM will allow the operator to launch the ePO interface from within the Security Management platform to view asset details specific to a given endpoint.

Viewing Information about the System in ePO

  1. From any Dashboard page (e.g. Normalized Dashboard), select (click) an IP address representing a managed asset within ePO (e.g. Source IP 192.168.1.101)
  2. Click the Menu button in the upper-right corner
  3. From the menu that appears, select Actions, then View in ePO. If multiple ePO servers are defined in the McAfee SIEM, an additional dialog box will open requiring the ePO server to launch so you will have to make the appropriate selection and press OK.

    T
    he ePO interface will open in a new browser window requiring authentication.
  4. Enter the appropriate ePO credentials to log into the ePolicy Orchestrator interface.

ePO-Login.png

  1. Once authenticated, the ePO asset information window will open displaying the information related to the endpoint selected in the McAfee SIEM.
    ePO-Asset-Details.png

Assigning an ePO Tag

In addition to viewing the managed endpoint within ePO, McAfee SIEM also supports the assignment of ePO policy tags directly to assets from within the SIEM console.

  1. From any Dashboard page (e.g. Normalized Dashboard), select (click) an IP address representing a managed asset within ePO (e.g. Source IP 192.168.1.101)
  2. Click the Menu button in the upper-right corner
  3. From the menu that appears, select Actions, then ePO Tagging.
  4. Select an appropriate policy tag from the list and click the Assign button. Optionally, the client wakeup can be performed by the SIEM once the ePO policy tag has been assigned to the endpoint.
Tags (1)
Version history
Revision #:
1 of 1
Last update:
‎12-21-2017 10:56 AM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community