×
McAfee NSP

Overview

The McAfee Network Security Platform (NSP) Plugin adds the ability to retrieve real time attack data from NSP’s attack log.

Functionality

The NSP plugin provides a node that can retrieve and filter real time attack data from NSP.

Instance Configuration Parameters

Property
Description

Instance Name

Name for the NSP instance.


UniqueId

Unique name for the NSP instance.


Hostname

IP or hostname for the NSP server.


Port

Port for the NSP server.


Username

Valid username for the NSP server.


Password

Valid password for the username on the NSP server.

Flow Nodes

Communication node which controls the Nevelex Labs OpenDXL NSP Plugin Instance(s) according to the specified node configuration.
Property
Description

Name

The display name of the node within the flows.


OpenDXL Fabric

ID of the OpenDXL Fabric used for communication with the adapter.


Alert State

Unacknowledged, Acknowledged, or Any.


Time Period

Time period in which to filter attack data.


Filter

Filter to use when getting attack data.

Learn More

JSON Message Format

The following samples show the JSON content added to the message payload, which conform to Node Messaging Format. The content exists within the nsp object.

Block Site Success

The italicized, green text is inserted into the message payload upon a successful request. The following example uses “nsp1” for the uniqueId of the NSP Instance:

"payload": {
    "nsp" : {
        "nsp1" : {
            "topic": "/nevelexlabs/service/nsp/nsp1/restapi",
            "response": {
                "totalAlertsCount":50,
                "retrievedAlertsCount":50,
                "alertsList":[...]
            }
        }
    } 
}
Nevelex Labs, Main Office

International Plaza
7900 International Drive, Suite 305
Bloomington, MN 55425
Phone: +1 952-500-8921

Nevelex Labs, West

OPEN
360 N. Pacific Coast Highway, Suite 1056
El Segundo, CA 90245

©Nevelex Labs, LLC. 2018-2019, All Rights Reserved.

EULA