Hello... I am not sure where to post this question. I am looking for a source for integrating the security operations application of servicenow with the mcafee IPS. Is there some documentation I can use for this purpose?
If this doesn't suit you there is an API guide available here that may at least point you in the right direction.
Also, you can develop scripts to run pre-canned SQL queries against the NSM database provided you set up a DB user with appropriate permissions and have a strong understanding of MySQL.
These last two options require a LOT of work and refinement so I would caution against it unless you have the skillsets needed.
I downloaded the epo_510_rg_Web API_0-00_en-us.pdf. However, I don't see any direction that will allow me to just call the API via RESTful method. It seems like we use either the Python client or cURL. Am I missing anything from the document?
When you say McAfee IPS are you referring to McAfee Network Security Platform?
Can you explain what exactly you are trying to do? Are you trying to query EPO or NSP?
Hello . I am going to query both... I have one interface where I would need to get content from the NSM for payload content. I have one for the EPO for different content. There is no integration between NSM and EPO at this time.
I am looking to see if there is a simple REST API i can use for the EPO to do the query that would normally be done via cURL or python.
The link I provided earlier is to the NSP Documentation Reference Guide. On that page is a link to ALL manuals related to the NSP separated by each version of the NSM software. All you need to do is find the section for the version of NSM software you are using and download the appropriate manual.
There is an API guide for ePO as well:
Another thread you might find useful once you download the NSP API Guide is this one:
Be sure to read and heed and notes and/or warnings in each of the manuals as they often contain solutions to common errors in syntax or other prerequisite information.
That part of your question would be better asked in the ePO discussion board as that is where the more ePO savvy folks operate. But...I did a little digging and I found this article:
That article isn't very robust but it provided me with the link below that looks like it might be an even better place to get assistance.