McAfee NSP

Overview

The McAfee Network Security Platform (NSP) Plugin provides the ability to retrieve real time attack data from NSP’s attack log.

Functionality

The NSP plugin provides a node that can retrieve and filter real time attack data from NSP.

Instance Configuration Parameters

Property

Description

Instance Name

Name for the NSP instance.

UniqueId

Unique name for the NSP instance.

Hostname

IP or hostname for the NSP server.

Port

Port for the NSP server.

Username

Valid username for the NSP server.

Password

Valid password for the username on the NSP server.

Flow Nodes

Communication node which controls the Nevelex Labs OpenDXL NSP Plugin Instance(s) according to the specified node configuration.

Property

Description

Name

The display name of the node within the flows.

OpenDXL Fabric

ID of the OpenDXL Fabric used for communication with the adapter.

Alert State

Unacknowledged, Acknowledged, or Any.

Time Period

Time period in which to filter attack data.

Filter

Filter to use when getting attack data.

Learn More

JSON Message Format

The following samples show the JSON content added to the message payload, which conform to Node Messaging Format. The content exists within the nsp object.

Block Site Success

The italicized, green text is inserted into the message payload upon a successful request. The following example uses “nsp1” for the uniqueId of the NSP Instance:

"payload": {
    "nsp" : {
        "nsp1" : {
            "topic": "/nevelexlabs/service/nsp/nsp1/restapi",
            "response": {
                "totalAlertsCount":50,
                "retrievedAlertsCount":50,
                "alertsList":[...]
            }
        }
    } 
}

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

Contact Us

EULA