Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Similar documents
Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Cloud Workload Security Product Guide

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Data Loss Prevention Discover 11.0

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

Cloud Workload Discovery 4.5.1

McAfee Endpoint Security for Servers Product Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Data Protection for Cloud 1.0.1

McAfee MVISION Endpoint 1808 Installation Guide

McAfee MVISION Endpoint 1811 Installation Guide

Installation Guide. McAfee Web Gateway Cloud Service

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee epolicy Orchestrator 5.9.1

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Boot Attestation Service 3.5.0

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Client Proxy Product Guide

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Installation Guide

McAfee Endpoint Security

McAfee Host Intrusion Prevention 8.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

Boot Attestation Service 3.0.0

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee MVISION Mobile epo Extension Product Guide

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

McAfee Investigator Product Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee MVISION Mobile MobileIron Integration Guide

Product Guide. McAfee Web Gateway Cloud Service

McAfee Policy Auditor 6.2.2

Product Guide. McAfee Web Gateway Cloud Service

McAfee MVISION Mobile Silverback Integration Guide

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee File and Removable Media Protection Installation Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 9.1

McAfee Application Control Windows Installation Guide

McAfee Network Security Platform 8.3

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee Application Control Windows Installation Guide. (Unmanaged)

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Cloud Workload Security Installation Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 8.1

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Network Security Platform

McAfee MVISION Mobile Threat Detection Android App Product Guide

McAfee Public Cloud Server Security Suite

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Network Security Platform

McAfee epolicy Orchestrator Software

McAfee File and Removable Media Protection Product Guide

Firewall Enterprise epolicy Orchestrator

Product Guide. McAfee Performance Optimizer 2.2.0

McAfee Rogue System Detection 5.0.5

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Network Security Platform

Release Notes - McAfee Deep Defender 1.0

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

Hardware Guide. McAfee MVM3200 Appliance

McAfee File and Removable Media Protection 6.0.0

McAfee Threat Intelligence Exchange Installation Guide

Installation Guide Revision B. McAfee Active Response 2.2.0

McAfee Network Security Platform 9.2

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

McAfee Cloud Identity Manager

Product Guide Revision A. Endpoint Intelligence Agent 2.2.0

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Network Security Platform 8.3

Transcription:

Reference Guide Revision B McAfee Cloud Workload Security 5.0.0

COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Cloud Workload Security 5.0.0 Reference Guide

Contents 1 Cloud Workload Security interface 5 Cloud Workload Security cards and filters.......................... 5 2 Registered cloud account details 11 Virtual machine details for AWS cloud account........................ 11 Virtual machine details for Microsoft Azure account...................... 13 Virtual Machine details for VMware vsphere account..................... 14 Index 15 McAfee Cloud Workload Security 5.0.0 Reference Guide 3

Contents 4 McAfee Cloud Workload Security 5.0.0 Reference Guide

1 Cloud Workload Security interface You can manage all instances on your virtual machines using McAfee Cloud Workload Security. This Cloud Workload Security console has a single user interface with several card based panes for improved usability. Cloud Workload Security cards and filters After configuring and registering the cloud accounts with McAfee epolicy Orchestrator (McAfee epo ), you can view your account information. Table 1-1 definitions Summary card Total Workloads Compliance Events Threat Events Total number of VMs running in the registered cloud accounts. Number of high and medium risk instances as per configured policies pertaining to security groups. Number of high and medium threats discovered by security products. McAfee Cloud Workload Security 5.0.0 Reference Guide 5

1 Cloud Workload Security interface Cloud Workload Security cards and filters Table 1-2 definitions Summary card filters Filter Compliance Events Threat Events Issue Displays the number of risk instances. Instances with Cloud Workload Security assessment policies Instances with security risks as per policies pertaining to security groups Instances where security controls and encryption are not installed Displays the number of issues discovered by various security products. Malicious Connection Risk Port Assessment Suspicious Connection Blocked Connection Malware Detected Exploit Prevention Malicious Behavior Detected Advanced Malware Detected Network Prevention Alerts Product Name of the product that discovers risk instances. Security Group Volume Encryption Threat Prevention Adaptive Threat Protection Application Control Change Control (FIM) Network Intrusion Prevention Name of the product that discovers risk instances. Traffic Anomalies Detection Threat Protection Adaptive Threat Protection Network Intrusion Prevention Tag Displays the tags associated with the instances. Displays the tags associated with the instances. Workload Displays the name of the workload. Displays the name of the workload. View Take Action Click to filter All, Workloads, Managed, and Unmanaged instances. Select a filter and search your instances in the search bar. Click to install security controls. Install McAfee Agent Install Threat Prevention Install Application Control Install Change Control (FIM) Install Network IPS Install Adaptive Threat Protection Show Security Groups Shut Down Workload Tag Workloads Click to filter All, Workloads, Managed, and Unmanaged instances. Select a filter and search your instances in the search bar. Graph NA Click to view traffic details and network flow logs for the selected workload. NA 6 McAfee Cloud Workload Security 5.0.0 Reference Guide

Cloud Workload Security interface Cloud Workload Security cards and filters 1 Table 1-3 definitions Traffic Time Time Range (+/-) Displays the system date and time. Click to filter instances based on occurrence over a particular period. 1 minute 5 minutes 15 minutes 30 minutes Show Table Show Security Groups Shut Down Workload Click inbound, outbound, and blocked connections or a combination of these filters to filter instances based on traffic flow. Click to go back to Threat Events pane. Click to open the security groups associated with this instance. Click to shut down the workload. Table 1-4 definitions McAfee epo Management Status Version DevOps Deployment Script Take Action Displays if your instance has McAfee Agent installed on it. Managed Your instance has McAfee Agent installed. Unmanaged McAfee Agent is not installed for your instance. Displays the installed McAfee Agent version. Use this script to deploy McAfee Agent. Select Install McAfee Agent to install McAfee Agent on your instance. Table 1-5 definitions Show Security Groups Firewall (Security Groups) View Details Security Groups ID Association Edit Detach Security groups associated with this instance. Click to view more details about the security group. The name of the Security or Network Security group. The ID of the Security or Network Security group. Displays how many instances this security or the network security group is associated with. Click to edit the rules in this security group. Click to detach this security group from this instance. You can detach a security group only from your AWS instances. Table 1-6 definitions Rules Property Security Group Associated Workloads Type Protocol Port Range Name of the security group rule. For Azure instances, every security group rule has a name. This is not applicable for AWS instances. Displays other instances which are associated with this security group (firewall). Displays the protocol type. You can change the protocol type. Displays the protocol allowed. Displays the port range allowed. McAfee Cloud Workload Security 5.0.0 Reference Guide 7

1 Cloud Workload Security interface Cloud Workload Security cards and filters Table 1-6 definitions Rules (continued) Property Priority Displays the priority of this rule in the security group. Priority is applicable only for Microsoft Azure Network Security Groups. Access Source Add Rule Apply Changes Displays if this is an allow rule or deny rule for Microsoft Azure instances. You cannot edit the deny rules. The source IP address. You can choose Anywhere to allow connections from all traffic or Custom IP to provide an IP address that you want to allow. For AWS instances you can also provide the security group for which you want to allow traffic. Click to add a new rule to this security group. Click to save your changes. You can see if your instance has McAfee anti-malware software such as McAfee VirusScan Enterprise and McAfee Endpoint Security installed and configured on it. Table 1-7 definitions Threat Prevention On-Access General On-Access ScriptScan Access Protection Exploit Prevention DAT Take Action Displays whether the On-Access General feature is installed. Displays whether the On-Access ScriptScan feature is installed. Displays whether the Access Protection feature is installed. Displays whether the Exploit Prevention feature is installed. Displays whether the DAT feature is installed. Select Install McAfee Threat Prevention to install Threat Prevention on your instances. Table 1-8 definitions Adaptive Threat Protection Adaptive Threat Protection Take Action Displays whether Adaptive Threat Protection is installed. Select Install McAfee Adaptive Threat Protection to install Adaptive Threat Protection on your instances. Table 1-9 definitions Application Control Application Control Take Action Displays whether Application Control is installed. Select Install McAfee Application Control to install Application Control on your instances. Table 1-10 definitions File Integrity Monitor Change Control Take Action Displays whether Change Control is installed. Select Install McAfee Change Control to install Change Control on your instances. Table 1-11 definitions Volume Encryption Status Type ID Displays the encryption status of the volumes. Displays the type of the volume (root or data volume). Displays the volume ID. 8 McAfee Cloud Workload Security 5.0.0 Reference Guide

Cloud Workload Security interface Cloud Workload Security cards and filters 1 Table 1-12 definitions Network Intrusion Prevention Probe Status Protected Groups Cluster NSP Probe Deployment Script Download Take Action Table 1-13 definitions Event Details Displays whether the vnsp probe is installed. Displays the list of protected groups. Displays the network cluster. Use deployment script given here to deploy NSP probe. Select Install Network Intrusion Prevention to install Network Intrusion Prevention on your instances. Event ID Detected By Severity Direction Identification number of this instance. Name of the product that discovered this event. Displays whether this event is a high risk event or low risk event. Displays if the traffic is Inbound (N-S), Outbound (N-S), Inbound (E-W), Outbound (E-W), Bi-Directional (E-W), Bi-Directional (N-S). N-S indicates external traffic and E-W indicates internal traffic. Source Country of Origin GTI Reputation Source Port Destination Destination Port Protocol Action Taken Occurrence Workload Compliance Edit Inbound Rules for Group Shut Down Workload The source IP address of the traffic to this instance. Name of the country from where the traffic for this instance originated. The GTI reputation status for this instance. The source port number. The destination IP address for the traffic to this instance. The destination port number. The protocol name. Displays whether the traffic to this instance is accepted or blocked. The number of occurrences of this event. The name of the workload. The number of compliance alarms associated with this instance. Click to open the security groups associated with this instance. The name of the group associated with this instance. Click to shut down the workload. Table 1-14 definitions Threats High Risk Low Risk Number of high risk instances. Number of low risk instances. Table 1-15 definitions System Properties Location Instance ID Instance Name Instance Type The region of the instance as shown on the cloud vendor console. The instance ID as shown on the cloud vendor console. The instance name as shown on the cloud vendor console. The hardware configuration selected for an instance during the launch. McAfee Cloud Workload Security 5.0.0 Reference Guide 9

1 Cloud Workload Security interface Cloud Workload Security cards and filters Table 1-15 definitions System Properties (continued) Platform Power Status Private DNS Name Private IP Address Public DNS Name Public IP Address McAfee epo Managed Virtual Network ID Displays whether the platform is Microsoft Windows or Linux. Displays if this instance is running or if it is stopped. The private DNS name from the cloud vendor console. The private IP address from AWS. The public DNS name from the cloud vendor console. The public IP address from AWS, are accessed by McAfee epo. Displays if this instance is managed by McAfee epo. The ID of the virtual network of this instance. Table 1-16 definitions McAfee epo Tags McAfee epo Tags Tag Workloads McAfee epo tags for this instance. Click to add a tag to this instance. Table 1-17 definitions Assessment Policy Take Action Policy Catalog Click to select an assessment policy for this instance. Click to go to the Policy Catalog page to select or create a policy for this instance. 10 McAfee Cloud Workload Security 5.0.0 Reference Guide

2 Registered cloud account details After configuring and registering your cloud accounts with McAfee epo, view your account details in System Tree on the McAfee epo server. Contents Virtual machine details for AWS cloud account Virtual machine details for Microsoft Azure account Virtual Machine details for VMware vsphere account Virtual machine details for AWS cloud account After importing the discovered VMs from the cloud accounts, the VM details are displayed in the System Tree. Property System Name Managed State Tags IP Address User Name Last Communication Description The name of the VM. Specifies if the system is managed by McAfee Agent. The tag applied to this VM. The IP address of the VM. The user name of the user logged on to the system. The time of the last synchronization. You can view more details of your AWS account by selecting and adding the required column using the Choose Columns option under System Tree Actions. By default, these columns don't appear under System Tree. Property Vendor Name Account Name Unique ID Power Status Instance ID Instance Name Image ID Private DNS name Public DNS name State Transition Reason Key Name Instance Type Description The name of the cloud vendor. The name of the cloud account. The unique ID of the instance. Displays if the instance is turned on or off. The unique value provided to the instance from AWS. The instance name as shown on the AWS console. The unique value of Amazon machine image with which the instance was created. The private DNS name from AWS. The public DNS name from AWS. The reason for the instance to move from one state to another from the AWS console. The key name of the instance, which is provided during the launch. The hardware configuration selected for an instance during the launch. McAfee Cloud Workload Security 5.0.0 Reference Guide 11

2 Registered cloud account details Virtual machine details for AWS cloud account Property Launch Time Availability Zone Platform Private IP Address Public IP Address VPC ID MAC Address Architecture Virtualization Type Tags Security Groups Network Interfaces Description The time the instance is launched in AWS. The region where the instance is created in AWS. Specifies whether the platform is Microsoft Windows or Linux. The private IP address from AWS. The public IP address from AWS, are accessed by McAfee epo. The Amazon Virtual Private cloud ID. The MAC address of an instance in Amazon Virtual private cloud. Provides details about the hardware specifications of the processor. For example, x86_64, i386. The virtualization type of VM like HVM and paravirtualization. The tags of the VMs. The security group details where the instance is linked in AWS. Display details about all network interfaces associated to the EC2 instance You can view the virtualization properties of the selected virtual machine by navigating to Menu Systems System Tree and double-clicking the target virtual machine. 12 McAfee Cloud Workload Security 5.0.0 Reference Guide

Registered cloud account details Virtual machine details for Microsoft Azure account 2 Virtual machine details for Microsoft Azure account After importing the discovered VMs from the cloud accounts, the VM details are displayed in System Tree. You will have VMs from your Microsoft Azure accounts displayed here. Property System Name Managed State Tags IP Address User Name Last Communication Description The name of the VM. Specifies if the system is managed by McAfee Agent. The tag applied on this VM. The IP address of the VM. The user name of the user logged on to the system. The time of the last synchronization. You can view more details of the cloud accounts by selecting and adding the required columns using the Choose Columns option under System Tree Actions. By default, these columns don't appear under System Tree. From Choose Columns, select Vendor, and you can see the name of the vendor for your cloud account. Property Vendor Name Account Name Power Status Created Time Image ID Instance ID, Unique ID Instance Size IP Address Last Modified Time Location Platform Public DNS Virtual IP Address Network Security Group Instance Endpoints Description The name of the cloud account vendor. The name of the account in McAfee epo. Displays if the system is in running or stopped state. The time when the instance is created. The unique image value provided to the instance from the cloud account. The unique value provided to the instance from the cloud account. The hardware configuration selected for an instance during the launch. The IP address from the cloud account. The time when the instance was last modified in the cloud account. The location of the instance. Specifies whether the platform is Microsoft Windows or Linux. The public DNS name from the cloud account. The virtual IP address of the instance. The network security group associated with this instance. The instance endpoints. You can view the virtualization properties of the selected VM by navigating to Menu Systems System Tree. Double-click the target VM and click the Virtualization tab. McAfee Cloud Workload Security 5.0.0 Reference Guide 13

2 Registered cloud account details Virtual Machine details for VMware vsphere account For VMs with managed disks, Image ID is replaced by the VM's Unique ID. Virtual Machine details for VMware vsphere account View the account summary for your registered VMware vsphere account in the Registered Cloud Accounts page. Actions Add Cloud Account Opens a page that allows you to add a cloud account. Choose Columns Opens a dialog box that allows you to select which columns to display. Export Table Opens the Export page. Use this to specify the format and the package of files to be exported. You can save, email, or export the file. Name Type Last Successful Sync Last Sync Status Total VMs Running VMs Managed VMs Auto Deploy MA Tags Actions Name of the cloud account that you registered in McAfee epo. Name of the cloud account vendor. The date and time when the last successful synchronization between McAfee epo and the cloud account occurred. Displays the synchronization status, including Sync Scheduled, Success, In Progress, and Failed. Hover your mouse over this property to know the start and end times of your account synchronization. If your account synchronization is in progress, you can see the sync start time. The number of VMs that are available under the registered cloud account. The number of VMs that are up and running under the registered cloud account. The number of VMs that are managed by McAfee epo. Specifies if the administrator has enabled the Auto deploy McAfee Agent task for the registered cloud account. Displays the tags of the VMs. You can edit, delete, and synchronize the cloud account using McAfee epo. 14 McAfee Cloud Workload Security 5.0.0 Reference Guide

Index A AWS account editing and deleting 11 T tags deleting 11 D displaying registered cloud account details 11 tags 11 M Microsoft Azure account editing and deleting 11 McAfee Cloud Workload Security 5.0.0 Reference Guide 15

0B00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback