McAfee ePolicy Orchestrator (ePO)
  • 13 Apr 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

McAfee ePolicy Orchestrator (ePO)

  • Dark
    Light
  • PDF

McAfee ePolicy Orchestrator (ePO) is a security management platform that provides real-time monitoring of security solutions. This adapter connects to the ePO server to import information about devices managed by that solution.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Host (required) - The hostname of the McAfee ePolicy Orchestrator (ePO) server that Axonius can communicate with via the Required Ports.

  2. Port (required) - Use TCP port 8443.

  3. User and Password (required) - The credentials for a user account that has permissions to fetch assets.

  4. Installed Software Query ID (optional) - The ID from the URL bar in the ePO. Set this for product name parsing. It should contain the following fields:

    • DiscoveredSystemOnApps.Name
    • DiscoveredSystemOnApps.Version
    • DiscoveredSystemOnApps.Publisher
    • EPOComputerProperties.ComputerName
  5. Drive Encryption Query ID (optional) - The ID of an existing EPO Query that contains at least 'EPOLeafNode.NodeName' and 'EPESystems.State' information to populate Hard Drive Encryption data for devices. The user specified for the connection must have permissions to access the saved query in order for the additional data to be fetched.

  6. Non-Compliant Devices Query ID (optional) - Select this option to run the query specified by the Query ID. The query itself must be configured to at least return the EPOLeafNode.NodeName column. Any device in which the NodeName matches a result from this query will have the Non-Compliance Detected field set to true. All devices not returned in this query will have the Non-Compliance Detected field set to False.

  7. Events Management Query ID (optional) - Specify the Events Management Query ID to fetch threat events.

  8. Benchmark Query ID (optional) - Specify the Benchmark Query ID to query audit logs.

  9. OAM Query ID (optional) - Specify the OAM Query ID to fetch additional information.

  10. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    McAfeeEPON(1)

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Exclude IPv6 addresses (required, default: False) - Specify whether to fetch IPv6 addresses.
    • If enabled, all connections for this adapter will fetch only IPv4 addresses.
    • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
  2. ePO tags Include list (optional, default: empty) - Specify a comma-separated list of McAfee ePO tags.
    • If supplied, all connections for this adapter will only fetch devices tagged in McAfee ePO with the tags provided in this list.
    • If not supplied, the connection for this adapter will fetch all devices from McAfee ePO.
NOTE

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


APIs

Axonius uses the McAfee ePolicy Orchestrator Web API.

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

  • TCP port 8443

Required Permissions

Create a service account in McAfee ePO that is read-only for the systems tree and sub systems tree. You only need read-only permissions, as long as when you log into the web GUI with the service account you can view all systems under the system tree and everything below it.
The value supplied in User Name must have this permission.



First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.