Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This McAfee-ePO integration combines the reach of Spectre’s network discovery with McAfee's ePolicy Orchestrator (McAfee ePO) to improve your organization's security posture. 

For more on McAfee ePO and McAfee DXL integrations including configuration and information and views of the McAfee Task Manager, see McAfee ePO & DXL.

The McAfee ePO integration provides McAfee ePO customers with a way to ensure that the ePO agent is installed comprehensively on all network devices in a particular segment (or multiple segments) as intended.  The integration reconciles McAfee findings with Spectre findings and insodoing, uncovers:

  1. Assets lacking the McAfee ePO agent
  2. Assets to which visibility is blocked
  3. Assets with comprehensive management

To manage e-policy in Spectre, first configure the McAfee feed, then review the ePO Management dashboard, located on Spectre's main Dashboards menu.

To manage e-policy in McAfee ePO server, configure the McAfee feed, then install the Lumeta Spectre extension to your ePO server.

The dashboard provides a variety of useful information:

IPs Unmanaged by McAfee - IPs Spectre found on your network that McAfee doesn't know about and doesn't have under management. Together, these unknowns represent a policy-management gap and vulnerability that could be exploited. This information is presented visually, in a bar chart that shows the volume of unmanaged, and also in a table with details on each unmanaged IP address (i.e., IP and MAC address, responsiveness and when the first and last response was received, and the Zone in which the device is located).

IPs Unmanaged by Spectre - These are those IPs managed by McAfee that Spectre did not find on the network. Typically there will not be any devices managed by McAfee that have not been indexed by Spectre. In the event these widgets show results, check your your Spectre discovery configuration, which is not providing the level of visibility you require. Contact us for help in identifying the prospective source  of the problem.

McAfee- and Spectre-Managed IPs - When this subset becomes the whole (i.e., when all devices are managed by both resources, your organization's e-policy is well in hand.

Following is the ePO Management dashboard and a description of the data fields returned. All analytics from the McAfee feed go here. None affect Map filters, Reports or Search.

  • IP Address - Device identifier
  • MAC Address - Device identifier
  • Active - device responded to Spectre probe
  • First Observed - Device came on the network
  • Last Observed - Device left the network after this point
  • ZoneID - Number corresponding to the zone to which the device belongs

The data in any dashboard widget can be exported by clicking the Export icon (i.e., the away-pointing arrow). After identifying Spectre-discovered IPs that you'd like to bring into McAfee, you can either export the data from the source widget and then import it to McAfee. Or, you can install the Lumeta Spectre extension on your McAfee ePO server.

Submit a comment at the bottom of this page if you have a question or need additional information about the ePO Management dashboard.

  • No labels