cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 14

SERVICENOW-MCAFEE IPS INTEGRATION

Hello...  I am not sure where to post this question.  I am looking for a source for integrating the security operations application of servicenow with the mcafee IPS.  Is there some documentation I can use for this purpose?

13 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 14

Re: SERVICENOW-MCAFEE IPS INTEGRATION

Discussion successfully moved from Support Forums to Network Security Platform (NSP, NIPS, NAC, NTBA)

For better assistance and exposure.

Cliff
McAfee Volunteer
Highlighted

Re: SERVICENOW-MCAFEE IPS INTEGRATION

Please take a look at this thread This would probably be the simplest solution.

If this doesn't suit you there is an API guide available here that may at least point you in the right direction.

Also, you can develop scripts to run pre-canned SQL queries against the NSM database provided you set up a DB user with appropriate permissions and have a strong understanding of MySQL.

These last two options require a LOT of work and refinement so I would caution against it unless you have the skillsets needed.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 14

Re: SERVICENOW-MCAFEE IPS INTEGRATION

I downloaded the epo_510_rg_Web API_0-00_en-us.pdf.  However, I don't see any direction that will allow me to just call the API via RESTful method.  It seems like we use either the Python client or cURL.  Am I missing anything from the document?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 14

Re: SERVICENOW-MCAFEE IPS INTEGRATION

Hi Tangcov,

When you say McAfee IPS are you referring to McAfee Network Security Platform?

Can you explain what exactly you are trying to do? Are you trying to query EPO or NSP?

Regards

Peter

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 14

Re: SERVICENOW-MCAFEE IPS INTEGRATION

Hello ​.  I am going to query both...  I have one interface where I would need to get content from the NSM for payload content.  I have one for the EPO for different content.  There is no integration between NSM and EPO at this time.

I am looking to see if there is a simple REST API i can use for the EPO to do the query that would normally be done via cURL or python.

Highlighted

Re: SERVICENOW-MCAFEE IPS INTEGRATION

​,

The link I provided earlier is to the NSP Documentation Reference Guide. On that page is a link to ALL manuals related to the NSP separated by each version of the NSM software. All you need to do is find the section for the version of NSM software you are using and download the appropriate manual.

There is an API guide for ePO as well:

McAfee Corporate KB - ePolicy Orchestrator 5.1.0 Web API Scripting Reference Guide PD24810

Another thread you might find useful once you download the NSP API Guide is this one:

Be sure to read and heed and notes and/or warnings in each of the manuals as they often contain solutions to common errors in syntax or other prerequisite information.

Highlighted
Level 7
Report Inappropriate Content
Message 8 of 14

Re: SERVICENOW-MCAFEE IPS INTEGRATION

​..  Thank you for the input.  I will get the NSP API guide you gave reviewed. 

Meanwhile, I have a copy of the EPO 5.1.0 Scripting reference guide.  This appears to be based on cURL or Python.  Is there a way to use RESTful API calls to the EPO server specially to get content from the EPOLeaf table?

Highlighted

Re: SERVICENOW-MCAFEE IPS INTEGRATION

That part of your question would be better asked in the ePO discussion board as that is where the more ePO savvy folks operate. But...I did a little digging and I found this article:

McAfee Corporate KB - Explanation of ePO Web API and where to find Web API documentation KB81322

That article isn't very robust but it provided me with the link below that looks like it might be an even better place to get assistance.

Highlighted

Re: SERVICENOW-MCAFEE IPS INTEGRATION

Hi ​..  How can I port this question to the ePO discussion board?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community