Hi, I'm trying to see if I can automatically tag systems in ePO via my SIEM (similar to the video demo here McAfee SIEM and ePO - YouTube). I have ePO added as a device and I can see the data coming in so its working fine. But when I try to tag assign a tag with ePO, there are no ePO devices under the 'select epo device to use for tagging'. I'm wondering what I might be missing in my configuration (either in ESM or EPO).
Any suggestions appreciated!
A couple of suggestions:
You can try reviewing this doc, which is slightly dated, but provides good overview guidance:
Thanks Scott, yes we have got ePO added as a device and not just a data source. I tested the connections for the database and also the credentials for the website UI which work "Test connection successful."
I notice under the 'Name and description' we don't have a URL filled in, but I didn't think that would matter. I completed a refresh under device management which was successful, but I see that I got a device log error when I first tried it this morning which says, "Could not add ePO client for ePO. Failed with error 1".
Yes, we have configured our homenet as well.
Thanks for the link, that will help guide me some more once I get this first problem sorted!
One more common issue: in the ePO DB configuration, sometimes there are special characters in your ePO DB name. It helps to use [square brackets] around the DB name (for example [ePO_Server-Name].
Also, if you have anything in the "Database Instance" field in the ePO DB config, try stripping that out.
If none of these suggestions do the trick, probably best to take the issue up with McAfee Support.