×
McAfee ePolicy Orchestrator (ePO)

Overview

McAfee ePolicy Orchestrator (ePO) plugin provides access to retrieve System Tree information, manage tags, and execute existing queries within ePO.

Functionality

The Security Flow McAfee ePolicy Orchestrator Plugin exposes the ability to

  • retrieve group information,
  • retrieve system information,
  • retrieve tag information,
  • apply a tag to systems,
  • clear tags from systems, and
  • execute queries define in ePO.

Instance Configuration Parameters

Property
Description

Instance Name

A system-wide unique identifier for this plugin instance used to locate the service.


ePO System Name

A unique name to describe the ePO System.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Verify TLS Certificates

Checkbox: When using TLS communication, ensure the ePO certificate is authorized by an installed CA certificate.


Server

ePO server IP address or hostname.


Server Port

ePO server port; Choose between 1-65535.


Username

Username for the ePO server.


Password

Password for the username on the ePO server.


Password Confirmation

Re-type valid password for the user name on the ePO server.

Flow Node

The NL-ePO-System node exposes McAfee ePO System Tree capabilities
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Action

Configuration option determining the type of operation to perform:

  • Find Groups: Retrieves information on the groups matching the Search Text. If the Search Text is blank, all groups are returned.
  • Find System(s): Retrieves information on the systems matching the Search Text. The Search Text finds systems in the McAfee ePO System Tree by name, IP address, MAC address, user name, agent GUID, or tag. If Limit Search To Computer Name is checked, only the system name is searched.
  • Find Tags: Retrieves information on the tags matching the Search Text. If the Search Text is blank, all tags are returned.
  • Apply Tag: Applies a tag to the specified System(s).
  • Clear Tag: Clears a tag from the specified System(s).
  • Clear All Tags: Clears all tags from the specified System(s).

Successful results for an action are placed in msg.payload.epo.[uniqueId].response.


Search Text

The Search Text used to locate the matches, for the find related Action codes.


Limit Search To Computer Name

When performing a Find System(s) Action, this limits the search to the computer name.


System(s)

On of three possible types:

  • Comma-separated list of Computer Names or IP addresses.
  • An array of zero or more Computer Names or IP addresses.
  • An array of zero or more system objects containin the EPOComputerProperties.ComputerName attribute, such as those returned by the Find System(s) action.

Tag

Existing tag defined in the ePO system.

The NL-ePO-Execute-Query node is a helper node to execute queries to get records from the Content Security Reporter(CSR) server through ePO. The node properties are in the following table.
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Query Name

Name of the query to be executed (case-sensitive). The list of queries are available on the McAfee ePO web portal.


Database (Optional)

Name given to the CSR report server’s database. Blank by default.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA