Configuring McAfee ePO Server

Install Ivanti Policy Secure Extension for McAfee ePO

Download the PulsePolicySecureExt_1.0.0.zip file from Ivanti software downloads location and install it onto your McAfee ePO server.

To configure the Ivanti Policy Secure extension on ePO server:

1. Log into McAfee ePO server as an Admin user.

2. In the McAfee Dashboard, select the Extensions.

   

3. Click Install Extension.

   

4. Click Browse and upload the PulsePolicySecureExt_1.0.0.zip file to install the Ivanti Policy Secure extension for McAfee.

5. After installation, Ivanti Policy Secure extension for McAfee appears under Third Party section.

   

McAfee ePO Server Configuration

McAfee ePO server framework supports extension/plugin specific to the vendors which can be used to send the information in the way understood by the vendors. There are two basic components which is used for this purpose in ePO:

Registered Servers

Registered server in ePO is a server which is interested in the information/events received by ePO. ePO supports LDAP, SNMP, Syslog or ePO itself as Registered server by default. When extension/plugin is installed, Ivanti Policy Secure will be listed as Registered server, which is interested in Threat related events.

Ivanti Policy Secure can manage hosts in multiple subnets or multiple Ivanti Policy Secure devices can manage the hosts in the same subnet.

1. Log into McAfee ePO server as an Admin user.

2. Open the Main Menu, under Configuration Click Registered Servers.

   

3. Click New Server.

4. Select Server Type as Ivanti Policy Secure.

5. Enter the name of the server.

6. Click Next.

   

7. Enter Ivanti Policy Secure details: IP address of Ivanti Policy Secure, User Name, Password, Endpoint subnet(s) that Ivanti Policy Secure manages.

8. Click Test Connection to test the connectivity between Ivanti Policy Secure and McAfee ePO server.

9. Click Save.

   

Automatic Response

Automatic response is a framework where admin can register for a specific Threat (or all the Threats/Events) information and invoke an action like "Send Mail", "Send SNMP Trap" and others. Automatic response is also listed. When Ivanti Policy Secure specific action is invoked, ePO will send the information to Ivanti Policy Secure (using REST API) configured as Registered server.

1. Login to ePO server as an Admin.

2. Under Automation, select Automatic Response.

3. Select Ivanti Policy Secure Auto Response and click Actions and Enable Responses.

   

   

4. Add the filters for the incoming events. For example, Source IP address, Threat Event-ID, Threat severity and so on.

   

5. Automatic response is sent for every event or specific event(s). The trigger conditions is defined on the “Aggregation” page.

   

6. Select Ivanti Policy Secure Response from the drop down. Enter event information to be sent to Ivanti Policy Secure. You can also insert the variables from the drop down.

   

For more information on McAfee ePO server configuration, see McAfee documentation.