McAfee Risk Advisor 2.7



Similar documents
Release Notes McAfee Risk Advisor Software For use with epolicy Orchestrator and Software

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator Software

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

Product Guide Revision A. McAfee Secure Web Mail Client Software

Product Guide Revision A. McAfee Secure Web Mail Client Software

epolicy Orchestrator Log Files

McAfee VirusScan Enterprise for Linux Software

McAfee Gateway 7.x Encryption and IronPort Integration Guide

McAfee Optimized Virtual Environments for Servers. Installation Guide

Product Guide. McAfee Security-as-a-Service Partner SecurityDashboard 5.2.0

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee GTI Proxy Administration Guide

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

Desktop Release Notes. Desktop Release Notes 5.2.1

Recommended Recommended for all environments. Apply this update at the earliest convenience.

Release Notes for McAfee epolicy Orchestrator 4.5

McAfee Agent Handler

Installation Guide. McAfee epolicy Orchestrator Software

Release Notes for McAfee VirusScan Enterprise for Storage 1.0

Total Protection Service

Implementing McAfee Device Control Security

McAfee VirusScan Enterprise for Storage 1.0 Sizing Guide for NetApp Filer on Data ONTAP 7.x

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

Installation Guide. McAfee Security for Microsoft Exchange Software

McAfee SaaS Archiving

McAfee Asset Manager Console

Product Guide. McAfee epolicy Orchestrator Software

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Public Cloud Server Security Suite

McAfee epolicy Orchestrator

McAfee Total Protection Service Installation Guide

McAfee Host Data Loss Prevention Best Practices: Protecting against data loss from external devices

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

McAfee Content Security Reporter Software

Data Center Connector for OpenStack

McAfee Endpoint Encryption for PC 7.0

Setup Guide Revision B. McAfee SaaS Archiving for Microsoft Exchange Server 2010

Data Center Connector for vsphere 3.0.0

McAfee Solidcore Product Guide

Product Guide. McAfee SaaS Endpoint Protection 5.2.0

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0

Installation Guide. McAfee VirusScan Enterprise for Linux Software

For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111.

McAfee Content Security Reporter 2.0.0

McAfee Cloud Identity Manager

McAfee Policy Auditor 6.0 software Product Guide for epolicy Orchestrator 4.6

McAfee Client Proxy 2.0

McAfee Directory Services Connector extension

McAfee Cloud Identity Manager

McAfee VirusScan Enterprise 8.8 software Product Guide

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

McAfee Endpoint Security Software

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Best Practices Guide Revision B. McAfee epolicy Orchestrator Software

Product Guide Revision A. McAfee Total Protection for Data Loss Prevention 9.2 Software

McAfee Cloud Identity Manager

McAfee UTM Firewall Control Center Product Guide. version 2.0

Verizon Internet Security Suite Powered by McAfee User Guide

Release Notes for McAfee(R) GroupShield(TM) version Patch 1 for Microsoft Exchange. Copyright (C) 2011 McAfee, Inc. All Rights Reserved CONTENTS

Installation Guide. McAfee epolicy Orchestrator Software

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

McAfee MOVE AntiVirus Multi-Platform 3.5.0

Best Practices Guide. McAfee Security for Microsoft Exchange Software

Best Practices Guide. McAfee epolicy Orchestrator Software

McAfee Security for Microsoft SharePoint User Guide

Product Guide Revision A. McAfee Web Reporter 5.2.1

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

McAfee Client Proxy Software

How To Encrypt Files And Folders With A Password Protected By A Password Encrypted By A Safesafe (Mafee) (Eeff) 4

Network Threat Behavior Analysis Monitoring Guide. McAfee Network Security Platform 6.1

McAfee Host Intrusion Prevention 8.0 Product Guide for use with epolicy Orchestrator 4.5

Installation Guide. McAfee SaaS Endpoint Protection 6.0

System Status Monitoring Guide. McAfee Network Security Platform 6.1

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

McAfee Cloud Single Sign On

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Performance Optimizer Software

Product Guide. McAfee epolicy Orchestrator Software

Setup Guide. Archiving for Microsoft Exchange Server 2010

Product Guide Revision A. McAfee Data Loss Prevention Endpoint 9.3.0

Setup Guide. Archiving for Microsoft Exchange Server 2007

McAfee VirusScan Enterprise 8.8 software Installation Guide

Installation Guide Revision B. McAfee epolicy Orchestrator Software

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

SQL 2014 Configuration Guide

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Installation Guide. McAfee SaaS Endpoint Protection

McAfee Change Control and Application Control Product Guide For use with epolicy Orchestrator and 4.6.0

McAfee Gateway 7.0 Appliances

Installation Guide. McAfee epolicy Orchestrator Software

Transcription:

Getting Started Guide McAfee Risk Advisor 2.7 For use with epolicy Orchestrator 4.5 and 4.6 1 McAfee Risk Advisor 2.7 Getting Started Guide

About this guide COPYRIGHT Copyright 2012 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Risk Advisor 2.7.0 Getting Started Guide

Contents Preface... 4 About this guide...4 Audience...4 Conventions...4 Getting Started... 5 1. Ensure that System Requirements are met...5 2. Check your database settings...6 3. Install the product...9 4. Configure Application Inventory agent...9 5. Perform analysis... 13 5. View reports using dashboards... 13 McAfee Risk Advisor Getting Started Guide 3

Preface This guide provides the information you need to configure Beta release of the McAfee Risk Advisor 2.7 product. About this guide Audience Conventions This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. This guide uses the following typographical conventions and icons. Book title or Emphasis Bold User input, Path, or Code Hypertext Title of a book, chapter, or topic; introduction of a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program; a code sample. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning/Danger: Critical advice to prevent bodily harm when using a hardware product. 4 McAfee Risk Advisor 2.7 Getting Started Guide

Getting Started You need to perform a series of steps to setup and test your McAfee Risk Advisor software. Download the McAfee Risk Advisor Beta build from the Beta download page and perform these tasks: 1. Ensure that System Requirements are met. 2. Check your database settings. 3. Install the product. 4. Configure the McAfee Application Inventory agent. 5. Perform the analysis. 6. View reports using dashboards. 1. Ensure that System Requirements are met McAfee Risk Advisor 2.7 supports all operating systems, browsers, databases, and virtualization platforms supported by epolicy Orchestrator. However, consider the following: 1) Supported McAfee epo versions: McAfee epolicy Orchestrator 4.5 (RTW to Patch5) McAfee epolicy Orchestrator 4.6 (RTW and Patch 1) 2) Disk space on McAfee epo: McAfee Risk Advisor requires at least 50 MB of free space on the server. 3) Database server requirements: Disk Space: If there are around 5000 assets on McAfee epo System Tree, we recommend to have 40 GB of free space on the database server for storing McAfee Risk Advisor data. This is a beta build with focus on evaluating new features of McAfee Risk Advisor 2.7. We strongly recommend not to have more than 5000 assets in the McAfee epo System Tree on the beta environment. The database user installing the product must have sysadmin privileges. The database account privileges can be reverted, if required, after the successful installation. 5 McAfee Risk Advisor 2.7 Getting Started Guide

2. Check your database settings 1) Check whether the database user name in McAfee epo database settings is correct. To do this: a. In the McAfee epo console, open the Configure Database Settings page (https://<eposerver>:8443/core/config), then note down the User name listed. For example, sa. b. In the Microsoft SQL Server Management Studio console, right click on the epo database (epo4_win-xxxxxxx) and select Properties. In the General tab, the value for Owner must be the same as the User name in the step 1a (sa). 6 McAfee Risk Advisor 2.7.0 Getting Started Guide

c. If the values are not the same, request to correct this and restart McAfee epo services once done. 2) Check the SQL collation settings. To do this: a. In the Microsoft SQL Server Management Studio console, right click on the database server name/ip (<IP>(SQL Server)) in the Object Explorer and select Properties, then note down the value for Server Collation. (Ensure that it's SQL_Latin1_General_CP1_CI_AS.) McAfee Risk Advisor Getting Started Guide 7

b. Then expand the Databases tree in Object Explorer, then right click on the epo database (epo4_win-xxxxxxx) and select Properties. In the General tab, the value for Collation must be the same as Server Collation in the step 2a. (Ensure that it's SQL_Latin1_General_CP1_CI_AS.) c. Collations in 2a and 2b should be the same and must be equal to SQL_Latin1_General_CP1_CI_AS. 8 McAfee Risk Advisor 2.7.0 Getting Started Guide

3) Ensure that SQL Server Full Text Search service is installed and running. This service is required to configure and use the application awareness feature. a. On SQL Server 2005, you can find this service listed as SQL Server Fulltext Search (MSSQLSERVER). b. On SQL Server 2008/2008R2, you can find this service listed as SQL Server Fulltext Filter Daemon Launcher (MSSQLSERVER). c. Ensure that this service is in the running state and is configured to start automatically every time the system of SQL server is rebooted. d. If the Login accounts are different please make them the same, then restart SQL Server service and SQL Server Full-text Filter Daemon Launcher service. 3. Install the product 1) Run the McAfee Risk Advisor installation program, setup.exe. 2) After the product is installed successfully, allow the MRA: Prepackaged Threat Import and Reconciliation task to complete. The task status can be tracked in the McAfee epo Server Task Log. 4. Configure Application Inventory agent 1) Verify the agent extension Ensure that the MRA Application Inventory is listed under Risk Advisor extension and is in the running state. McAfee Risk Advisor Getting Started Guide 9

2) Verify the agent package Check that the McAfee Application Inventory agent package is checked into the McAfee epo Master Repository. 3) Deploy the agent Create a client task to deploy the McAfee Application Inventory agent plug-in onto the target systems. 10 McAfee Risk Advisor 2.7.0 Getting Started Guide

4) Check under installed products on the System Properties page Once the client installation is complete, ensure that the McAfee Application Inventory Agent listed as an installed product in the System Properties page for an asset. This happens only after the McAfee Agent has sent in the updated properties from the system at the next Agent-to-Server communication. McAfee Risk Advisor Getting Started Guide 11

5) Check the agent status in McAfee Agent Monitor screen In the McAfee Agent Monitor, look for the tracking entries about the policies for the Application Inventory(MRAAPPIN ) being enforced on the end-points at every ASCI. 12 McAfee Risk Advisor 2.7.0 Getting Started Guide

5. Perform analysis 1) Once the Application Inventory data from the end-points are collected and stored on the epo server database, run the McAfee Risk Advisor analysis task (MRA: Threat Download and Analysis) to use the data from Application Inventory and refresh the risk metrics to become Application Aware. 2) If you edit the MRA: Threat Download and Analysis task, you could see Application Inventory as a data import option under the MRA: Data Import/Reconciliation action in the Server Task Builder screen. 3) Please note that downloading threat data from MTIS server during the first time execution of the MRA: Threat Download and analysis task may take anywhere between 2-3 hours, depending upon network bandwidth. We are working on this issue. 4) Also, User can create a separate server task for any of these Actions below a. MRA: Threat Feed Download b. MRA: Data Import/Reconciliation c. MRA: Threat Asset coverage Analysis 5. View reports using dashboards After the MRA: Threat download and Analysis task is complete, view the reports provided by the following McAfee Risk Advisor dashboards. (You can even customize some of the dashboards, as required.) MRA: Threat Dashboard McAfee Risk Advisor Getting Started Guide 13

MRA: Security Bulletin Dashboard 14 McAfee Risk Advisor 2.7.0 Getting Started Guide

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information