Configuring McAfee ePO Server

Install Ivanti Policy Secure Extension for McAfee ePO

Download the PulsePolicySecureExt_1.0.0.zip file from Ivanti software downloads location and install it onto your McAfee ePO server.

To configure the Ivanti Policy Secure extension on ePO server:

  1. Log into McAfee ePO server as an Admin user.

  2. In the McAfee Dashboard, select the Extensions.

  3. Click Install Extension.

  4. Click Browse and upload the PulsePolicySecureExt_1.0.0.zip file to install the Ivanti Policy Secure extension for McAfee.

  5. After installation, Ivanti Policy Secure extension for McAfee appears under Third Party section.

McAfee ePO Server Configuration

McAfee ePO server framework supports extension/plugin specific to the vendors which can be used to send the information in the way understood by the vendors. There are two basic components which is used for this purpose in ePO:

Registered Servers

Registered server in ePO is a server which is interested in the information/events received by ePO. ePO supports LDAP, SNMP, Syslog or ePO itself as Registered server by default. When extension/plugin is installed, IPS will be listed as Registered server, which is interested in Threat related events.

IPS can manage hosts in multiple subnets or multiple IPS devices can manage the hosts in the same subnet.

  1. Log into McAfee ePO server as an Admin user.

  2. Open the Main Menu, under Configuration Click Registered Servers.

  3. Click New Server.

  4. Select Server Type as Pulse Policy Secure.

  5. Enter the name of the server.

  6. Click Next.

  7. Enter IPS details: IP address of IPS, User Name, Password, Endpoint subnet(s) that IPS manages.

  8. Click Test Connection to test the connectivity between IPS and McAfee ePO server.

  9. Click Save.

Automatic Response

Automatic response is a framework where admin can register for a specific Threat (or all the Threats/Events) information and invoke an action like "Send Mail", "Send SNMP Trap" and others. Automatic response is also listed. When IPS specific action is invoked, ePO will send the information to IPS (using REST API) configured as Registered server.

  1. Login to ePO server as an Admin.

  2. Under Automation, select Automatic Response.

  3. Select Pulse Policy Secure Auto Response and click Actions and Enable Responses.

  4. Add the filters for the incoming events. For example, Source IP address, Threat Event-ID, Threat severity and so on.

  5. Automatic response is sent for every event or specific event(s). The trigger conditions is defined on the “Aggregation” page.

  6. Select Pulse Policy Secure Response from the drop down. Enter event information to be sent to IPS. You can also insert the variables from the drop down.

For more information on McAfee ePO server configuration, see McAfee documentation.