Applies To: McAfee ePolicy Orchestrator
Overview
McAfee ePolicy Orchestrator software is a key component of the McAfee Security Management Platform, which provides unified management of endpoint, network, and data security.
EventTracker is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, Machine Analytics and so forth.
EventTracker Knowledge Pack for McAfee ePolicy Orchestrator allows you to monitor the following components:-
- Security – Logon Failure, Threat detected.
- Operation – Server activity, Agent activity, Extension Installation details, System Management and User Management.
- Compliance – Logon and Logoff details and Policy details.
Once McAfee ePolicy Orchestrator is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.
Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.
Alerts
- McAfee ePO - Logon Failure - This alert will generate when the user fails to logon.
- McAfee ePO - Threat Detected – This alert will generate when a threat is detected on McAfee Agent systems.
Reports
- McAfee ePO - Logon Failure - This report gives information about user logon failure.
- McAfee ePO - Threat Detected: This report gives information about threat detected on McAfee agent.
Reports
- McAfee ePO - Server Activity - This report gives information about server activities.
- McAfee ePO - Agent Activity - This report gives information about agent activities.
- McAfee ePO - Extension Installation Details - This report gives information about extension installation and un-installation.
- McAfee ePO - System Management - This report gives information about system which were added or removed.
- McAfee ePO - User Management - This report gives information about users which were added or removed or permission changed.
Alerts
- McAfee ePO - Policy Changes - This alert will generate when the policy configuration changes.
Reports
- McAfee ePO-Policy Details - This report gives information about policy configuration changes.
- McAfee ePO - Logon and Logoff Details - This report gives information about user logon and logoff.
Scope
The configurations detailed are consistent with EventTracker Enterprise version 7.X and later, and McAfee ePolicy Orchestrator 4.5 and later.
Documentation:
For more information please refer the McAfee ePolicy Orchestrator(ePO) Integration guide