cancel
Showing results for 
Search instead for 
Did you mean: 

Rogue detection and installing agents

Just curious if anyone has had success with making a query that detects new rogue detections, windows only, domain only and then pushes an agent automatically to them?

I've had success with the query but not the automation task.  Thanks in advance for any ideas!

5 Replies

Re: Rogue detection and installing agents

I have had mixed results with getting Automatic Responses to fire consistently. We wanted to setup alerts for certain events, and a few other things, but they generally on trigger about 80-90% of the time. But, because we send all of our event data into a different SIM tool, we haven't bothered opening a ticket, or doing any in-depth troubleshooting.

--Joel

Re: Rogue detection and installing agents

@Joeleisenlipz - thanks for the response and info about the automatic responses.  Just sad that they don't work better.  I've also tried running a query and then triggering a response but that doesn't seem to work out all the time either.  On a different note...how did you get your SIEM setup to log McAfee events correctly?  I'd be interested to chat more if you want to email me.  Thanks!

jeannie.cain@portlandoregon.gov

Re: Rogue detection and installing agents

The tool that we use leverages a JDBC connection and SQL user account to directly queries the database every few seconds. The tool then parses the data (fairly well), and stores the relevant tidbits in their normalized format to aid with classification and categorization. My only complaint there, is that whenever McAfee introduces something new, we have to bug the SIEM vendor to update their parser.

--Joel

Re: Rogue detection and installing agents

What SIEM do you use (vendor) if you don't mind my asking?  I tried to setup on our device and it wouldn't work.

Highlighted

Re: Rogue detection and installing agents

Capture.JPG

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community