EventTracker: Integrating McAfee epolicy Orchestrator

Similar documents
EventTracker: Integrating Imperva SecureSphere

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Integrating Symantec Endpoint Protection

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Cisco IronPort Web Security Appliance (WSA)

Integrating Juniper Netscreen (ScreenOS)

Integrate Microsoft Windows Hyper V

Integrate Websense Web Security Gateway (WSG)

EventTracker Knowledge Update

Integrating Barracuda Web Application Firewall

Integrate Check Point Firewall

Integrating with IBM Tivoli TSOM

HDA Integration Guide. Help Desk Authority 9.0

Integrate Astaro Security Gateway

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

HDAccess Administrators User Manual. Help Desk Authority 9.0

S&C IntelliTeam CNMS Communication Network Management System Table of Contents Overview Topology

McAfee Content Security Reporter Software

Operation Error Management

Releasing blocked in Data Security

Using Device Discovery

EventTracker: Support to Non English Systems

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

APNS Certificate generating and installation

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

NSi Mobile Installation Guide. Version 6.2

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Installing GFI Network Server Monitor

MICROSOFT OUTLOOK 2011 READ, SEARCH AND PRINT S

Monitor Mobile Devices via ActiveSync Using EventTracker

Delegated Administration Quick Start

Active Directory Integration

Configuration Guide. Remote Backups How-To Guide. Overview

Anti-Spyware Enterprise Module software

Remote Media Encryption Log Management

File Management Utility User Guide

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

Exchange Mailbox Protection

How can I ensure that I have the correct version of the McAfee epo client with VirusScan & AntiSpyware?

Lytecube Technologies. EnCircle Automation. User Guide

CONSOLEWORKS WINDOWS EVENT FORWARDER START-UP GUIDE

Blackboard s Collaboration Tool

LAB 1: Installing Active Directory Federation Services

LepideAuditor Suite for File Server. Installation and Configuration Guide

SonicWALL CDP Local Archiving

MANUFACTURER RamSoft Incorporated 243 College St, Suite 100 Toronto, ON M5T 1R5 CANADA

McAfee VirusScan Enterprise for Linux Software

Monitor TemPageR 4E With PageR Enterprise

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

CRM Migration Manager for Microsoft Dynamics CRM. User Guide

IBM Security QRadar SIEM Version MR1. Administration Guide

EMC Smarts Integration Guide

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

How do I Configure, Enable, and Schedule Reports?

McAfee Client Proxy 2.0

NETWRIX EVENT LOG MANAGER

User Guide. SysMan Utilities. By Sysgem AG

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Release Notes for McAfee epolicy Orchestrator 4.5

uh6 efolder BDR Guide for Veeam Page 1 of 36

McAfee Enterprise Security Manager 9.3.2

Migrating From Bobcat Mail To Google Apps (Using Microsoft Outlook and Google Apps Sync)

Trend ScanMail. for Microsoft Exchange. Quick Start Guide

owncloud Configuration and Usage Guide

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

Sage 200 Web Time & Expenses Guide

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Integrate ExtraHop with Splunk

Scan to Quick Setup Guide

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

XStream Remote Control: Configuring DCOM Connectivity

Central Management Software CV3-M1024

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Exchange Granular Restore Instructional User Guide

Microsoft Access Rollup Procedure for Microsoft Office Click on Blank Database and name it something appropriate.

Verified Volunteers. System User Guide 10/2014. For assistance while navigating through the system, please contact Client Services at:

IIS Web Server Configuration Guide

ProjectWise Explorer V8i User Manual for Subconsultants & Team Members

Secure IIS Web Server with SSL

Changing Your Cameleon Server IP

How to Access Coast Wi-Fi

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

How to Connect to Berkeley College Virtual Lab Using Windows

Customer admin guide. UC Management Centre

Rx Medical. SMD Utility. Task Scheduler Configuration

Using the Content Distribution Manager GUI

Stellar Phoenix Exchange Server Backup

Crystal Reports Payroll Exercise

Electronic Signature Capture

for Small and Medium Business Quick Start Guide

Installation Guide and Machine Setup

Orientation Course - Lab Manual

TECHNICAL TRAINING LAB INSTRUCTIONS

Technical Notes P/N Rev 01

Windows XP Chinese Character Support Installation Instruction

Legal Notes. Regarding Trademarks KYOCERA MITA Corporation

Transcription:

EventTracker: Integrating McAfee epolicy Orchestrator Publication Date: Jan 18, 2012 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

About This Guide Purpose This guide will help you in configuring epo, Trap Tracker and EventTracker to receive McAfee epolicy Orchestrator events. You will find the detailed procedures required for monitoring epolicy by McAfee. Intended Audience Administrators who are assigned the task to monitor and manage events using EventTracker. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.x and before, and McAfee epolicy Orchestrator 4.5 and later. 1

Table of Contents Overview... 3 Pre-requisite... 3 Configure McAfee epolicy Orchestrator to log all client events... 3 Configure McAfee epolicy Orchestrator to send all events as SNMP traps to Trap Tracker... 4 Add SNMP server... 4 Create automatic response rule... 5 Trap Tracker configuration... 7 Import McAfee epo knowledge pack into EventTracker... 12 To import Category... 12 To import Alerts... 12 To import Scheduled Reports... 12 Verify McAfee epo knowledge pack in the EventTracker... 13 Verify McAfee categories... 13 Verify McAfee alerts... 13 Verify McAfee scheduled reports... 15 Sample Analysis report... 17 2

Overview In order to monitor McAfee epolicy Orchestrator 4.6 in EventTracker, you need to perform the configurations as below. Configure McAfee epolicy Orchestrator to log all client events. Configure McAfee epolicy Orchestrator to send all events as SNMP traps to Trap Tracker. Configure Trap Tracker to send events to EventTracker system. Pre-requisite EventTracker should be installed with Trap tracker MacAfee epolicy Orchestrator 4.6 (or later) should be installed Per McAfee EPO console needs one trap tracker license. Configure McAfee epolicy Orchestrator to log all client events 1 Launch McAfee epolicy Orchestrator. 2 Enter appropriate user credentials, and log in. 3 Click Menu on the navigation bar, click Configuration, and then click Server settings. 4 In Setting Categories, click Event Filtering. NOTE: On the right side, the message should be The agent forwards: All events to the server. 5 To change the message (if required), click the Edit button. 6 Select appropriate option, and then click the Save button. 7 In Setting categories, click Event Notifications. Here you can set the time interval at which epo notifications can be sent to Automatic responses. 8 To change the Evaluation Interval, click the Edit button. 9 Enter the required time in Minutes text box, and then click the Save button. 3

Configure McAfee epolicy Orchestrator to send all events as SNMP traps to Trap Tracker Add SNMP server Once the automation is completed, you must register the SNMP server to communicate with. To add the SNMP server, 1 Click Menu on the navigation bar, click Configuration, and then click Registered Servers. 2 Click the New Server button. Figure 1 3 Select Server type as SNMP server. 4 Enter the name and description of the server. NOTE: The server name should be name of Trap Tracker or EventTracker server. 5 Click the Next button. 6 Enter appropriate address. NOTE: The address would be DNS name or IP address. 7 Enter SNMP version, Security details, and then click the Save button. 4

Create automatic response rule 1 Click Menu on the navigation bar, click Automation, and then click Automatic responses. Figure 2 2 Click the Actions button, and then click New response or click Edit to an existing rule. McAfee epo opens Response Builder page 3 In the Description tab, Enter the response s name in the Name box. From the Event Group dropdown, click event group as epo Notification Events. Click Event Type as Threat. Click Enabled in the Status to enable the response. 4 After making appropriate changes, click the Next button. 5 In the Filter tab, verify the criteria which should be Defined at System is in group or subgroup, and its value will be My Organization. 6 Click the Next button. 7 In the Aggregation tab, make the required changes to define when the event triggers the rule, and then click the Next button. 8 In the Actions tab, select Send SNMP trap option from the dropdown. 5

Figure 3 9 Click target SNMP server from the SNMP Servers, individually select all the values in Available Type, and then click the arrow button. Figure 4 10 Click the Next button. 11 In the Summary tab, verify the updated details. 6

Figure 5 12 Click the Save button. NOTE: In the above steps, we have configured only Event type Threat to send events as SNMP trap. To configure epo to send all events as SNMP trap, repeat the above steps for Event type Client and Server. Trap Tracker configuration 1 Launch EventTracker Control panel. 2 Double click Trap Tracker. 3 Click the Options menu, and then click Configuration. Figure 6 7

4 Click Forward all traps to EventTracker Manager checkbox. 5 Verify Destination and Port number, and then click the OK button. 6 Click the Tools menu, and then click MIB complier. EventTracker opens MIB compiler. Figure 7 7 Click the File menu, and then click Compile one MIB. EventTracker displays Open MIB file pop-up window. 8 Click NAI-MIB.mib file, and then click the Open button. EventTracker displays confirmation message box. Figure 8 8

9 Click the Yes button. EventTracker displays a window and prompts to provide the missing module. Figure 9 10 Click the Browse button. EventTracker displays Open window to search for the module. Figure 10 NOTE: The path for the modules will be <install dir>\traptracker\smi\mibs\ietf. 11 In the Open window, search the missing module, and then click the Open button. 9

NOTE: For all the missing modules, EventTracker will prompt you to provide the same. Please follow the steps 10 and 11 to add the missing modules. Once all the required modules are added, EventTracker returns to MIB compiler and displays a success message in the bottom pane. Figure 11 12 Click the File menu, and then click Compile one MIB option. EventTracker displays Open MIB file pop-up window. 13 Click TVD-MIB.mib file, and then click the Open button. EventTracker displays confirmation window. 14 Click the Yes button. 15 Click the File menu, and then click Compile one MIB option. EventTracker displays Open MIB file pop-up window. 16 Click EPO-MIB.mib file, and then click the Open button. EventTracker displays confirmation window. 10

17 Click the Yes button. NOTE The MIB files should be compiled in the sequence as below: NAI-MIB.mib TVD-MIB.mib EPO-MIB.mib You need to manually compile the MIB files only for EventTracker Enterprise version 7.2 and before. The later releases will do the compilation automatically. To add MIB files to the disk, click the File menu, and then click Save (OR) click the save icon on the toolbar. 11

Import McAfee epo knowledge pack into EventTracker 1 Launch EventTracker Control Panel. 2 Double click Import Export Utility. 3 Click the Import tab. 4 Import Category/ Alert/ Scheduled reports as given below. To import Category 1 Click Category option, and then click the browse button. 2 Locate the McAfee EPO categories.iscat file, and then click the Open button. 3 Click the Import button to import the categories. To import Alerts 1 Click Alert option, and then click the browse button. 2 Locate the McAfee EPO Alerts.isalt file, and then click the Open button. 3 Click the Import button to import the alerts. To import Scheduled Reports 1 Click Scheduled Report option, and then click the browse button. 2 Locate the McAfee EPO Threat analysis report.issch file, and then click the Open button. 3 Click the Import button to import the scheduled reports. 12

Verify McAfee epo knowledge pack in the EventTracker Verify McAfee categories 1 Logon to EventTracker Enterprise. 2 Click the Admin dropdown, and then click Categories. 3 In the Category Tree, expand Antivirus. Here you will find the imported categories under McAfee EPO. Verify McAfee alerts Figure 12 1 Logon to EventTracker Enterprise. 2 Click the Admin dropdown, and then click Alerts. 3 In the Search field, type McAfee, and then click the Go button. Alert Management page will display all the imported alerts. 13

Figure 13 4 To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 14 5 Click the OK button, and then click the Activate now button. NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. 14

Verify McAfee scheduled reports 1 Logon to EventTracker Enterprise. 2 Click the Analysis tab. 3 In the Actions pane, click Defined. EventTracker displays Defined Analysis page. Figure 15 Here you can find imported Scheduled reports as McAfee HIPS threat detail report. 4 Select the imported analysis, and then click the Schedule button. 5 Select the Groups/Systems/All Systems for analysis, and then click the Next >> button. 6 Select the Schedule and More options, and then click the Next >>button. 7 Select or add column(s) to display, and then click the Next >>button. 8 Enter Refine and Filter criteria, and then click the Next >>button. 9 Enter Title and description for the analysis, and then click the Next >>button. 10 Crosscheck Disk cost analysis details. 11 Configure the Publishing options as required, and then click the Next >>button. 12 Click the Schedule button. EventTracker displays message box. 15

Figure 16 13 Click the OK button. 16

Sample Analysis report EPO Threat Event Details Analysis 17

18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information