McAfee ESM
Version: 3.0.0
McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.
Connect McAfee ESM with LogicHub
- Navigate to Automations > Integrations.
- Search for McAfee ESM.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Host: Host of the McAfee ESM server.
- User: User name to log in with.
- Password: Password to log in with.
- After you've entered all the details, click Connect.
Actions for McAfee ESM
Get Events
Fetches events based on query provided.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Query | Query that is used for fetching events. | Required |
| Time Range | Set the time frame to check for events. | Required |
Check GUI Accessible
Checks whether ESM GUI is accessible.
Input Field
Choose a connection that you have previously created to complete the connection.
Status Flags Screenshot
Screenshots Status Flags of ESM Devices.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Screenshot Timeout | Amount of time (in seconds) to spend retrieving a screenshot (Default is 40 seconds). | Required |
Default View Screenshot
Screenshots Default View on ESM Dashboard.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Screenshot Timeout | Amount of time (in seconds) to spend retrieving a screenshot (Default is 40 seconds). | Required |
Review ESM Resources
Reviews ESM Resources such as CPU, RAM, and HDD.
Input Field
Choose a connection that you have previously created to complete the connection.
Get Alarms
Gets alarms triggered for a time range.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Time Range | Set the time frame to check for triggered alarms. | Required |
Review ESM Health Status Flags
Reviews anomaly in ESM Health Status Flags.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Ignore Disabled Services | Choose option to ignore disabled devices for health check (Default is False). | Required |
Review Baselines on ESM
Reviews Event Distribution Widget in Event Summary View with Baselines.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Ignore Disabled Services | Choose option to ignore disabled devices for health check (Default is False). | Required |
| Time Range | Set the time frame to get Event Distribution. | Required |
Review Tasks Under Task Manager
Reviews tasks/jobs/queries running on ESM listed under Task Manager.
Input Field
Choose a connection that you have previously created to complete the connection.
Review Reports
Reviews Reports generated on ESM.
Input Field
Choose a connection that you have previously created to complete the connection.
Release Notes
v3.0.0- Updated architecture to support IO via filesystemv2.0.1- Added documentation link in the automation library.
Updated about 1 year ago