cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee MVISION EDR configuration question regarding the DXL Cloud Databus

Jump to solution

Hello guys,

I was wondering if you can help. I have a question regarding the MVISION EDR configuration. I am wondering if after you install MVISION EDR do you still need to have any configuration in the "MVISION Cloud Databus"? 

According to the EDR install guide I am led to believe that when you migrate from MAR to EDR you need to change the settings under "Menu → Configuration → Server Settings → DXL Cloud Databus". However I was not able to spot any information stating if this config needs to be kept in place after the migration is done. Additionally am I supposed, for example, configure the DXL Cloud Databus when I am deploying EDR without migrating from MAR? 

Following that, if convenient, please explain how exactly does the DXL Cloud Databus function. Is it only needed for MAR clients to  send trace data on the Cloud Bridge which is then made available to an on-premise instance of Active Response where an endpoint administrator analyzes the data, identifies issues, and remediates threats? Does it provide any additional details to MVISION EDR other than what the "MVISION Cloud Bridge" offers? I know that you can keep the config in the DXL Cloud Databus, while migrating from MAR, but I was not able to determine if after the migration is done do you need to remove the Cloud Databus config. Having said that can both of these configuration coexist peacefully or are they meant to be used separately? 

 

Thank you, in advance, for your time. 

1 Solution

Accepted Solutions
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: McAfee MVISION EDR configuration question regarding the DXL Cloud Databus

Jump to solution

Hi @Jesterino,

Thank you for your update. Please find the answers inline for your kind perusal:

  • Do I need to configure "DXL Cloud Databus" when configuring MVISION EDR or I can use only the "MVISION Cloud Bridge" settings? If not please elaborate, if possible, a bit on how these options work and if they can co-exist on one ePO. - For On premise ePO, DXL Cloud Databus needs to be configured. This is responsible for your DXL broker in contacting the correct Datacenter for uploading the client data it collects or receives. Mvision Cloud bridge is needed for ePO to know which MVision Tenant you are connected to and to let EDR UI know what ePO is connected to it.
  • When migrating from MAR to EDR should I keep the "DXL Cloud Databus" settings after the migration is done? - No, the setting (The URL) would "slightly" change when you move to EDR. Please find below the list of URLs based o the Datacenter location of the Tenant you ahve purchased.
  1. U.S. West data center — https://api.soc.mcafee.com/cloudproxy/databus/produce 
  2. U.S East data center — https://api.soc.us-east-1.mcafee.com/cloudproxy/databus/produce 
  3. Frankfurt data center — https://api.soc.eu-central-1.mcafee.com/cloudproxy/databus/produce 
  4. Sydney data center — https://api.soc.ap-southeast-2.mcafee.com/cloudproxy/databus/produce 
  5. Canada data center — https://api.soc.ca-central-1.mcafee.com/cloudproxy/databus/produce 

I sincerely hope this clarifies your queries here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

3 Replies
muquit
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: McAfee MVISION EDR configuration question regarding the DXL Cloud Databus

Jump to solution
Hello,
To answer your question.

I am wondering if after you install MVISION EDR do you still need to have any configuration in the "MVISION Cloud Databus"?
No, you do not need mvision cloud databus for EDR.

According to the EDR install guide I am led to believe that when you migrate from MAR to EDR you need to change the settings under "Menu → Configuration → Server Settings → DXL Cloud Databus". However I was not able to spot any information stating if this config needs to be kept in place after the migration is done. Additionally am I supposed, for example, configure the DXL Cloud Databus when I am deploying EDR without migrating from MAR?
-> DXL cloud databus is required by EDR. Here you will put the API for the correct data center, Please review the below article for data centers.
https://kc.mcafee.com/corporate/index?page=content&id=KB93645
MR and EDR cannot co-exist on the same server. You will have to remove all the MAR extensions as well as any dependent extension.

Please explain how exactly does the DXL Cloud Databus and could these configs co-exists?
I would request you to go through the PG. https://docs.mcafee.com/bundle/mvision-endpoint-detection-and-response-product-guide/page/GUID-E5039...
The DXL cloud bridge is responsible for sending the information to the correct data center.
MAR and EDR configs on the same ePO will not work.

Please let me know if you have any questions.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Muquit

Re: McAfee MVISION EDR configuration question regarding the DXL Cloud Databus

Jump to solution

Hello muquit,

I would just like to check if you perhaps made a mistake as first you specified "No, you do not need mvision cloud databus for EDR" and then you said that "DXL cloud databus is required by EDR". Additionally I don't thing that there is "mvision cloud databus" perhaps you meant  either "MVISION Cloud Bridge" or "DXL Cloud Databus".

Having said that I will sum up the questions bellow for ease of reading. I would like to know:

  • Do I need to configure "DXL Cloud Databus" when configuring MVISION EDR or I can use only the "MVISION Cloud Bridge" settings? If not please elaborate, if possible, a bit on how these options work and if they can co-exist on one ePO.
  • When migrating from MAR to EDR should I keep the "DXL Cloud Databus" settings after the migration is done?

Looking forward to hearing from you. 

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: McAfee MVISION EDR configuration question regarding the DXL Cloud Databus

Jump to solution

Hi @Jesterino,

Thank you for your update. Please find the answers inline for your kind perusal:

  • Do I need to configure "DXL Cloud Databus" when configuring MVISION EDR or I can use only the "MVISION Cloud Bridge" settings? If not please elaborate, if possible, a bit on how these options work and if they can co-exist on one ePO. - For On premise ePO, DXL Cloud Databus needs to be configured. This is responsible for your DXL broker in contacting the correct Datacenter for uploading the client data it collects or receives. Mvision Cloud bridge is needed for ePO to know which MVision Tenant you are connected to and to let EDR UI know what ePO is connected to it.
  • When migrating from MAR to EDR should I keep the "DXL Cloud Databus" settings after the migration is done? - No, the setting (The URL) would "slightly" change when you move to EDR. Please find below the list of URLs based o the Datacenter location of the Tenant you ahve purchased.
  1. U.S. West data center — https://api.soc.mcafee.com/cloudproxy/databus/produce 
  2. U.S East data center — https://api.soc.us-east-1.mcafee.com/cloudproxy/databus/produce 
  3. Frankfurt data center — https://api.soc.eu-central-1.mcafee.com/cloudproxy/databus/produce 
  4. Sydney data center — https://api.soc.ap-southeast-2.mcafee.com/cloudproxy/databus/produce 
  5. Canada data center — https://api.soc.ca-central-1.mcafee.com/cloudproxy/databus/produce 

I sincerely hope this clarifies your queries here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community