Release Notes McAfee Risk Advisor 2.7.0 For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software About this document New features System Requirements Installing and verifying the extension Known issues Find product documentation About this document Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document. New features New and updated features in the current release of the software are described below: Option Advanced Reporting Group User-defined countermeasures Suppressions Countermeasure override McAfee Application Control integration Patch Tuesday reports Definition Perform selective threat-asset reporting by creating groups of systems based on groups or tags and threats based on tags. For example, determine the impact a specific set of threats are having on your server class machines or assets belonging to a specific business unit. Specify countermeasures that are not integrated with McAfee Risk Advisor. Declare a user-defined countermeasure to consider a set of assets as protected against a set of threats during analysis. Suppress a selection of threats for a selection of assets to perform analysis based on your requirements. The selected threat-asset combination is temporarily excluded from analysis. Override a countermeasure for selected assets from an asset-centric page to consider them as not protected by the countermeasure during analysis. For example, override McAfee Network Security Platform countermeasure declaration for an asset. Import application inventory and countermeasure data from McAfee Application Control. Generate and view Patch Tuesday specific reports using the Security Bulletin dashboard and additional Patch Report queries to make decision on patching efforts and assess the effectiveness of patching operations over a period of time. The MRA: Security Bulletin Dashboard includes the following monitors:
MRA Patch Report: Microsoft Patch Tuesday Threats Trend Displays the number of Patch Tuesday threats released over the last three months. MRA Patch Report: Risk Score for Systems Group across Patch Tuesday Threats Displays the aggregated risk scores of each system group over the latest Microsoft Patch Tuesday threats. MRA Patch Report: Assets at Risk from Patch Tuesday Threats by Criticality Displays the assets based on their criticality that are at-risk by Patch Tuesday threats released over the last three months. MRA Patch Report: Assets at Risk from Patch Tuesday Threats by System Group Displays the assets based on their reporting groups that are at-risk by Patch Tuesday threats released over the last three months. McAfee Network Security Platform focused queries Create and run these additional McAfee Network Security Platform queries: Predefined queries: MRA: NSP Sensor-Port-Policy with Attacks set to block Retrieves information about the blocked attacks for every McAfee Network Security Platform sensor, port, and policy association. MRA: NSP System Attack Coverage Retrieves information about the attacks for every McAfee Network Security Platform sensor, port, and policy association for each system. MRA: NSP System Coverage Retrieves information about the sensor, port, and policy association for the systems covered by McAfee Network Security Platform. MRA: Systems Not Protected by NSP Retrieves information about the assets that are not protected by McAfee Network Security Platform. Custom queries: NSP Sensor-Port-Policy Attack Configuration Retrieves information about the attacks for every McAfee Network Security Platform sensor, port, and policy association. NSP System Association Retrieves information about the sensor, port, and policy association for the systems covered by McAfee Network Security Platform. NSP Threat Asset Protection Retrieves information about the countermeasure protection status for threat-asset combinations. Enhanced automatic responses Configure actions to take when specific events occur in your environment, including: asset-based events and risk scorebased events.
Enhanced what-if analysis Enhanced search capability Localization Select systems based on groups or tags to perform the what-if analysis. Perform Quick Search based on threat filters in threatcentric pages. Product and threat data are localized in two languages: Chinese (Simplified) and Spanish; and documentation in six languages: Chinese (Simplified and Traditional), Japanese, Spanish, French, and German. System Requirements This release supports a full installation of the product as well as an upgrade from the previous versions. Supported upgrades McAfee Risk Advisor 2.5.x McAfee Risk Advisor 2.6.x Supported McAfee epolicy Orchestrator version(s) epolicy Orchestrator 4.5 patch 4 or later epolicy Orchestrator 4.6 Supported managed products McAfee Risk Advisor analyzes data from the following managed products that are integrated with epolicy Orchestrator through their product extensions. Managed product McAfee Application Control McAfee Host Intrusion Prevention McAfee Network Security Platform McAfee Policy Auditor McAfee Vulnerability Manager McAfee VirusScan Enterprise Required extension Solidcore extension 5.0.2 or later 7.0.0 or later Rogue System Detection 2.0.2 or later 5.3.0 or later Foundstone 6.8.0 or later No extension required Rollup reporting requirements Master refers to the reporting server and slave refers to the server from where the data is to be rolled up. The following master-slave server combinations are supported: Product Master version Slave version epolicy Orchestrator 4.6.x 4.6.x or 4.5.x 4.5.x 4.5.x
McAfee Risk Advisor 2.7 2.7 or 2.6.x Supported Database Microsoft SQL 2005 or 2008 Database requirements McAfee Risk Advisor does not function properly if Microsoft SQL 2005 is running in SQL 2000 Compatibility Mode. Any customization to the Microsoft SQL Server installation should follow the best practice guidelines provided by the database vendor. McAfee Risk Advisor does not support the use of SQL Express. The database user must have sysadmin privilege. Make sure that the database collation is SQL_Latin1_General_Cp1_CI_AS. (Optional) For application data reconciliation, SQL Server's Full Text Search must be installed and the service running prior to the McAfee Risk Advisor install or upgrade. Disk Space Requirements McAfee Risk Advisor requires a minimum of 4 GB free disk space for the database. The actual disk space required depends upon the number of assets being managed by the epolicy Orchestrator server. For database sizing guidelines, refer to the McAfee Risk Advisor 2.7 Database Sizing and Resource Usage Guide. Installing and verifying the extension Task 1 Close the epolicy Orchestrator console. 2 Run the installation program for McAfee Risk Advisor, Setup.exe. If this is an upgrade, a message appears about the upgrade. Click Yes to continue. 3 In the Setup Requirements screen, verify that the message All required applications were found appears, then click Next. If this message does not appear, cancel the installation and install the applications specified, then run the McAfee Risk Advisor installation program again. 4 In the Welcome screen, click Next to display the license agreement screen. 5 From the drop-down lists, select a license type and the location where the product will be used. Select I accept the terms in the license agreement, then click OK. 6 If this is an upgrade, skip to the next step. Otherwise, in the Choose Destination Location screen, accept the default location or browse to another location, then click Next. 7 In the Set Administrator Information screen, provide the epolicy Orchestrator global administrator user name and password, then click Next. 8 From the list that appears in the Set Optional Information screen, select the appropriate options and click Next. Options are: Application Awareness Select this to use Application Inventory data during risk analysis. (requires support for Full Text Search in your database) Risk Advisor Rollup Reporting Select this for rollup reporting. Third party Vulnerability Detector extension Select this to import vulnerability data from non-mcafee detectors. Products Select the McAfee product from which you want McAfee Risk Advisor to import data, or click Select All for all available McAfee product extensions. Caution Select all the products and features you want, even if you didn't select them during your previous installation.
9 In the Start Copying Files screen, review your installation settings, then click Next to continue. 10 When the installation is complete, click Finish. 11 Verify that McAfee Risk Advisor is upgraded with all the features selected during installation. To verify that McAfee Risk Advisor was successfully installed, click Menu Software Extensions, select Risk Advisor from the Extensions list, then verify that version is 2.7.0 and status is Installed for the core extension and other data import extensions. Verify that the McAfee Risk Advisor data import extensions for the features and McAfee products selected during installation are available. For example, MRA Application Core, MRA Application Inventory, MRA Foundstone, MRA HIPS, MRA Network Security Platform, MRA Rollup Reporting, MRA Solidcore, MRA Third Party, MRA VSE, and MRA Policy Auditor. If application awareness was selected during installation, verify that The Application Inventory extension is installed. The data import extensions such as MRA Application Inventory and MRA Solidcore, if selected, are installed under Risk Advisor. The McAfee Application Inventory package is installed under Menu Software Master Repository. Known issues For known issues in this product release, refer to KnowledgeBase article KB73805. Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... Do this... User documentation 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. Copyright 2012 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.