McAfee ATD
Version: 3.0.0
McAfee Advanced Threat Defense enhances protection from the network edge to the endpoint and enables investigation.
Connect McAfee ATD with LogicHub
- Navigate to Automations > Integrations.
- Search for McAfee ATD.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Host: Host for McAfee ATD instance.
- Username: Username for McAfee ATD.
- Password: Password for McAfee ATD.
- After you've entered all the details, click Connect.
Actions for McAfee ATD
Scan File And Wait For Report
Submits file for scan and waits for the analysis to be completed.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Analyzer Profile Id | The profile ID number can be found in the UI Policy/Analyzer Profile page. | Required |
| Column for File ID | Column name from parent table containing File ID. | Required |
| Column for File Name | Column name from parent table containing File Name. | Required |
Scan File
Submits file for scan and returns Job ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Analyzer Profile Id | The profile ID number can be found in the UI Policy/Analyzer Profile page. | Required |
| Column for File ID | Column name from parent table containing File ID. | Required |
| Column for File Name | Column name from parent table containing File Name. | Required |
Scan URL
Submits a URL for scan and returns a job ID (subId).
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Analyzer Profile Id | Select the name of the column name from parent table to lookup value for. | Required |
| Column for URL | Column name from parent table containing a URL. | Required |
| Message ID | String to identify the sample within ATD (up to 128 characters). | Required |
Get Report
Retrieve report for already submitted files for scan.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column name | Column name from parent table containing job ID of already submitted files for scan. | Required |
Release Notes
v3.0.0- Updated architecture to support IO via filesystemv2.0.1- Added documentation link in the automation library.
Updated about 1 year ago