cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

IBM QRadar extension for McAfee ePO

Jump to solution
Hello everyone, I want to install McAfee Connector for QRadar (https://exchange.xforce.ibmcloud.com/hub/extension/cb9cab01e7bc8fe53b133d7e498f5c06) Where can I download IBM Qradar ePO extension?
1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

I sent message to sia@mcafee.com and support team made extension available in my ePO Software Catalog

View solution in original post

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

I googled it and it seems we have download option available on below URL. I could not try because I don't have credentials.

https://exchange.xforce.ibmcloud.com/hub/extension/5faf57a09236654323cbc4db41bd74f4?_ga=2.142864188....

 

Please try. In case not available then suggest to post IBM portal.

 

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

Hello @Hem ,

I opened the URL. At this URL is QRadar Network Insights Content v7.3.0.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

We do not provide 3rd party extensions, you have to get them from that vendor.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

I sent message to sia@mcafee.com and support team made extension available in my ePO Software Catalog

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: IBM QRadar extension for McAfee ePO

Jump to solution

Hello Mubin,

The case # 4-21122746811

This link helps to configure the ePO with Qradar

To integrate McAfee ePolicy Orchestrator with QRadar, complete the following steps:
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_mcafee_epo_overvi...

To ADD the log source in QRADAR we have options as below

JDBC Protocol RPM

SNMP Protocol RPM

TLS Syslog Protocol RPM

DSMCommon RPM

McAfee ePolicy Orchestrator DSM RPM
----------------------------------------------------------------------------------------------------------------

Attached the image 1.PNG..... where if the ePO not listed... then install RPM as details below


To integrate McAfee ePolicy Orchestrator with QRadar, complete the following steps:

  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console.
    • JDBC Protocol RPM
    • SNMP Protocol RPM
    • TLS Syslog Protocol RPM
    • DSMCommon RPM
    • McAfee ePolicy Orchestrator DSM RPM


To download the ePO connector RPM file, you need to have IBMid to download from IBM site

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Security+Q...


interim fix: 7.4.0-QRADAR-DSM-McAfeeEpo-7.4-20200720131858.noarch.rpm 
McAfee ePolicy Orchestrator  this is updated rpm in IBM site and its been from 2020/07/23 date

Platforms:  Linux

Applies to versions:  7.4.0

Upgrades to:  7.4.0

Severity: 

Component:  DSM

Categories: 

Abstract:  Enhanced the McAfee ePolicy Orchestrator DSM to add support TLS Syslog event collection of XML formatted logs for users with McAfee McAfee ePolicy Orchestrator v5.1.0. Administrators can review the McAfee ePolicy Orchestrator chapter in the DSM Configuration Guide for instructions on how to configure the TLS Syslog protocol.

2020/07/23


Once installed the RPM successfully, you will see the McAfee Connector for QRadar as image 2.PNG or go through the link as below.

https://exchange.xforce.ibmcloud.com/hub/extension/cb9cab01e7bc8fe53b133d7e498f5c06

I hope this answers your query to configure the events forwarding to QRadar.

Regards
Raghavendra GC

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community