McAfee ePolicy Orchestrator

Version: McAfee ePolicy Orchestrator

The McAfee ePolicy Orchestrator (McAfee ePO) platform enables centralized policy management and enforcement for your endpoints and enterprise security products. With McAfee ePO software, IT administrators can unify security management across endpoints, networks, data, and compliance solutions from McAfee and third-party solutions.

Netsurion Open XDR integrates with McAfee ePO and allow to track, monitor, create reports and trigger security event alerts for the event logs/ alerts that are generated by McAfee ePolicy orchestrator. Furthermore, Netsurion also provides a visual representation of active alerts and security events via “Dashboards”.

Netsurion Data Source Integration for McAfee ePolicy Orchestrator allows you to monitor the following components:

Netsurion Open XDR monitors all the McAfee ePO events, some of them are given below.

  • Security – Login Failure and Threat Detection events.
  • Operation – Server activity, Agent activity, Extension Installation details, System Management and User Management.
  • Compliance – Logon and Logoff details and Policy details.

Once McAfee ePolicy Orchestrator is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security McAfee ePO – Logon Failure This alert will generate when the user fails to logon attempt.
Security McAfee ePO – Threat Detected This alert will generate when the threat is detected on McAfee Agent systems.
Compliance McAfee ePO – Policy Changes This alert will generate when the policy configuration changes.

Reports

Type Name Description
Security McAfee ePO – Logon Failure This report gives information about user logon failure.
Security McAfee ePO – Threat Detected This report gives information about threat detected on McAfee agent.
Operations McAfee ePO – Server Activity This report gives information about server activities.
Operations McAfee ePO – Agent Activity This report gives information about agent activities.
Operations McAfee ePO – Extension Installation Details This report gives information about extension installation and un-installation.
Operations McAfee ePO – System Management This report gives information about system which were added or removed.
Operations McAfee ePO – User Management This report gives information about users which were added or removed or permission changed.
Compliance McAfee ePO – Policy Details This report gives information about policy configuration changes
Compliance McAfee ePO – Logon and Logoff Details This report gives information about user logon and logoff.

Documentation

The configuration details are consistent with Netsurion Open XDR 8.x and later, and McAfee ePolicy Orchestrator.

Download Integration Guide and How-to Guide for configuration instructions and more information.