cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jcain13
jcain13
Level 7
Report Inappropriate Content
Message 1 of 6
‎12-14-2012 10:31 AM

Rogue detection and installing agents

Just curious if anyone has had success with making a query that detects new rogue detections, windows only, domain only and then pushes an agent automatically to them?

I've had success with the query but not the automation task.  Thanks in advance for any ideas!

0 Kudos
Reply
5 Replies
joeleisenlipz
joeleisenlipz
Level 12
Report Inappropriate Content
Message 2 of 6
‎12-21-2012 08:58 AM

Re: Rogue detection and installing agents

I have had mixed results with getting Automatic Responses to fire consistently. We wanted to setup alerts for certain events, and a few other things, but they generally on trigger about 80-90% of the time. But, because we send all of our event data into a different SIM tool, we haven't bothered opening a ticket, or doing any in-depth troubleshooting.

--Joel

0 Kudos
Reply
jcain13
jcain13
Level 7
Report Inappropriate Content
Message 3 of 6
‎12-21-2012 09:19 AM

Re: Rogue detection and installing agents

@Joeleisenlipz - thanks for the response and info about the automatic responses.  Just sad that they don't work better.  I've also tried running a query and then triggering a response but that doesn't seem to work out all the time either.  On a different note...how did you get your SIEM setup to log McAfee events correctly?  I'd be interested to chat more if you want to email me.  Thanks!

jeannie.cain@portlandoregon.gov

0 Kudos
Reply
joeleisenlipz
joeleisenlipz
Level 12
Report Inappropriate Content
Message 4 of 6
‎12-21-2012 09:26 AM

Re: Rogue detection and installing agents

The tool that we use leverages a JDBC connection and SQL user account to directly queries the database every few seconds. The tool then parses the data (fairly well), and stores the relevant tidbits in their normalized format to aid with classification and categorization. My only complaint there, is that whenever McAfee introduces something new, we have to bug the SIEM vendor to update their parser.

--Joel

0 Kudos
Reply
jcain13
jcain13
Level 7
Report Inappropriate Content
Message 5 of 6
‎12-21-2012 01:35 PM

Re: Rogue detection and installing agents

What SIEM do you use (vendor) if you don't mind my asking?  I tried to setup on our device and it wouldn't work.

0 Kudos
Reply
Highlighted
vuilverwerking
vuilverwerking
Level 9
Report Inappropriate Content
Message 6 of 6
‎07-05-2013 12:39 AM

Re: Rogue detection and installing agents

Capture.JPG

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC