cancel
Showing results for 
Search instead for 
Did you mean: 

writing epo5.9 extension

Hello Friends,

I am writing an extension which would read data from partner DB and then populate the event in epo server.

I am following server to server approach (Agent-less event).

i have a partner DB which has a table with event data

partner table schema

  [DetectedUTC] [datetime] NOT NULL,

            [AnalyzerIPV4] [int] NULL,

            [AnalyzerIPV6] [binary](16) NULL,

            [AnalyzerMAC] [nvarchar](16) NULL,

            [SourceHostName] [nvarchar](266),

            [SourceIPV4] [int] NULL,

            [SourceIPV6] [binary](16) NULL,

            [SourceMAC] [nvarchar](16) ,

            [SourceUserName] [nvarchar](128) ,

            [SourceProcessName] [nvarchar](128) NULL,

            [SourceURL] [nvarchar](1024) NULL,

            [TargetHostName] [nvarchar](266) NULL,

            [TargetIPV4] [int] NULL,

            [TargetIPV6] [binary](16) NULL,

            [TargetMAC] [nvarchar](16) NULL,

            [TargetUserName] [nvarchar](128) NULL,

            [TargetPort] [smallint] NULL,

            [TargetProtocol] [nvarchar](16)  NULL,

            [TargetProcessName] [nvarchar](128) NULL,

            [TargetFileName] [nvarchar](266)  NULL,

            [ThreatCategory] [nvarchar](128)  NULL,

            [ThreatEventID] [int] NOT NULL,

            [ThreatSeverity] [tinyint] NULL ,

            [ThreatName] [nvarchar](128)  NULL,

            [ThreatType] [nvarchar](32)  NULL,

            [ThreatActionTaken] [nvarchar](24) ,

            [ThreatHandled] [bit] NULL,

Then i have written an extension which reads the data from the above tabke and insert in EPO schema via a stored procude called "EPOEvents_InsertEvent2"

After i execute the extension, i can see the events in epo -> reporting -> threat event log,

But automatic response associated with it is not getting triggered.

Automatic response details:

Name : ar test

language : english

event -> event group  : epo notification events

              event type : Threat

status : enabled

filter - > defined at  : my organisation

          -> Threat event id : 1024

Aggregator : Trigger this response for every event.

Action : send mail

Note: while configuring email server, test mail works fine.

Please hlep as i am stuck with this for a long time.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community