McAfee ePolicy Orchestrator
Version: McAfee ePolicy Orchestrator
The McAfee ePolicy Orchestrator (McAfee ePO) platform enables centralized policy management and enforcement for your endpoints and enterprise security products. With McAfee ePO software, IT administrators can unify security management across endpoints, networks, data, and compliance solutions from McAfee and third-party solutions.
Netsurion Open XDR integrates with McAfee ePO and allow to track, monitor, create reports and trigger security event alerts for the event logs/ alerts that are generated by McAfee ePolicy orchestrator. Furthermore, Netsurion also provides a visual representation of active alerts and security events via “Dashboards”.
Netsurion Data Source Integration for McAfee ePolicy Orchestrator allows you to monitor the following components:
Netsurion Open XDR monitors all the McAfee ePO events, some of them are given below.
- Security – Login Failure and Threat Detection events.
- Operation – Server activity, Agent activity, Extension Installation details, System Management and User Management.
- Compliance – Logon and Logoff details and Policy details.
Once McAfee ePolicy Orchestrator is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | McAfee ePO – Logon Failure | This alert will generate when the user fails to logon attempt. |
| Security | McAfee ePO – Threat Detected | This alert will generate when the threat is detected on McAfee Agent systems. |
| Compliance | McAfee ePO – Policy Changes | This alert will generate when the policy configuration changes. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | McAfee ePO – Logon Failure | This report gives information about user logon failure. |
| Security | McAfee ePO – Threat Detected | This report gives information about threat detected on McAfee agent. |
| Operations | McAfee ePO – Server Activity | This report gives information about server activities. |
| Operations | McAfee ePO – Agent Activity | This report gives information about agent activities. |
| Operations | McAfee ePO – Extension Installation Details | This report gives information about extension installation and un-installation. |
| Operations | McAfee ePO – System Management | This report gives information about system which were added or removed. |
| Operations | McAfee ePO – User Management | This report gives information about users which were added or removed or permission changed. |
| Compliance | McAfee ePO – Policy Details | This report gives information about policy configuration changes |
| Compliance | McAfee ePO – Logon and Logoff Details | This report gives information about user logon and logoff. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, and McAfee ePolicy Orchestrator.
Download Integration Guide and How-to Guide for configuration instructions and more information.