How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

Similar documents
Tenable for McAfee epolicy Orchestrator

Tenable for McAfee epolicy Orchestrator

Tenable.io for Thycotic

Nessus Manager Registration Process

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

PVS Subscription Registration Process

How to Add, Deactivate, or Edit a Contact

How to Register for Training

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Tenable for Palo Alto Networks

How to Transition from Nessus to SecurityCenter Reports

Tenable for Google Cloud Platform

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

McAfee Security-as-a-Service

Tenable for ServiceNow. Last Updated: March 19, 2018

Services. This document. describes how comments and. it is in. Tenable.io and. Tenable.io

McAfee Security Connected Integrating epo and MFECC

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

McAfee Security Connected Integrating epo and MVM

Tenable Nessus Customer Loyalty Program to Purchase PVS Subscription

McAfee Advanced Threat Defense Release Notes

McAfee Vulnerability Manager 7.0.1

Tenable SecurityCenter Data Feeds for RSA Archer IT Security Vulnerability Program

McAfee Firewall Enterprise epolicy Orchestrator Extension

Tenable.io Evaluation Workflow. Last Revised: August 22, 2018

McAfee Security Connected Integrating EPO and MAM

Tenable.io User Guide. Last Revised: November 03, 2017

McAfee MVISION Mobile epo Extension Product Guide

Deploying the hybrid solution

ForeScout Extended Module for Tenable Vulnerability Management

McAfee Red and Greyscale

Moving from McAfee SecurityCenter to McAfee epo Cloud

How-to Guide: Tenable Applications for Splunk. Last Revised: August 21, 2018

How to Set up Transformation Station

How-to Guide: JIRA Plug-in for Tenable.io. Last Revised: January 29, 2019

Tenable.sc-Tenable.io Upgrade Assistant Guide, Version 2.0. Last Revised: January 16, 2019

McAfee Data Protection for Cloud 1.0.1

Integrate Saint Security Suite. EventTracker v8.x and above

Firewall Enterprise epolicy Orchestrator

McAfee Network Security Platform 8.3

Tripwire App for QRadar Documentation

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Nessus v6 SCAP Assessments. November 18, 2014 (Revision 1)

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

Digital Defense Frontline VM 6.0

Transforming Security from Defense in Depth to Comprehensive Security Assurance

July 18, (Revision 3)

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

McAfee Firewall Enterprise

TaxAct Professional Reports User Guide

TaxAct Professional Reports User Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

SecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Administration Course

Vulnerability Management

SmartPay Express User Guide

Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

SailPoint IdentityIQ 6.4

ClientNet Admin Guide. Boundary Defense for

McAfee Firewall Enterprise and 8.3.x

Reporter User Guide RapidFire Tools, Inc. All rights reserved Ver 4T

Data Breach Risk Scanning and Reporting

Integration with McAfee DXL

McAfee Network Security Platform 8.1

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. RiskLens <Partner Product>

Integrate Microsoft ATP. EventTracker v8.x and above

McAfee MVISION Endpoint 1811 Installation Guide

USM Anywhere AlienApps Guide

McAfee Enterprise Security Manager 9.5.2

SecurityCenter 4.8.x Upgrade Guide. December 16, 2014 (Revision 1)

Risk Intelligence. Quick Start Guide - Data Breach Risk

Comodo Device Manager Software Version 4.0

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

IC L17 Strategic Understanding using Symantec Protection Center Hands-On Lab

K2 ServerSave Installation and User Guide

Brightspace Platform Release Notes

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

Manage and Generate Reports

MIDIAX ONLINE BACKUP INSTALLATION

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

Style Report Enterprise Edition

Publishing and Subscribing to Cloud Applications with Data Integration Hub

McAfee Boot Attestation Service 3.5.0

McAfee epolicy Orchestrator Release Notes

Zoom App for Canvas. User Guide

Integrate Cb Defense. EventTracker v8.x and above

McAfee Content Security Reporter 2.6.x Product Guide

This quick reference guide is designed for consumers of the Program Dashboard and provides details on how to: Log in

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Redtail Integration. Establishing the Redtail Connection. 1. From the Applications dropdown, choose Setup.

Integrate Akamai Web Application Firewall EventTracker v8.x and above

User Guide. Global Ethernet Services - Performance Report

McAfee Endpoint Security Threat Prevention Installation Guide - macos

Milestone Systems. Quick guide: Register software license codes on Milestone Customer Dashboard. Milestone Customer Dashboard

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Transcription:

How-to Guide: Tenable for McAfee epolicy Orchestrator Last Updated: April 03, 2018

Table of Contents How-to Guide: Tenable for McAfee epolicy Orchestrator 1 Introduction 3 Integration Requirements 4 Tenable Configuration 5 Tenable.io Configuration 6 SecurityCenter Configuration 10 McAfee epo Configuration 12 Download the Connector Extension 13 Install Extensions 14 Permissions 19 DXL Permissions 22 Configure Server 24 Test Connection 28 Schedule Import 29 Schedule Export 36 Run Server Tasks 42 View Dashboards 45 View System Tree 47 View in Tenable.io 49 View in SecurityCenter 51 About Tenable 52

Introduction This document describes how to deploy the integration component for Tenable Vulnerability Management and McAfee epo console. With this connector, rich vulnerability data is delivered automatically to your McAfee epo console. In addition to importing vulnerability data, this connector, also, provides: Asset synchronization - Tenable targeted lists are automatically created and updated from your existing epo data. McAfee Data Exchange Layer (DXL) - Support allowing the retrieval of vulnerability data from any device running McAfee DXL protocol in your environment. Tenable has partnered with McAfee to give McAfee epo customers the ability to import Tenable vulnerability data into epo for a consolidated view of their assets and vulnerability state. Tenable created a custom, McAfee-certified application that allows McAfee epo to integrate with Tenable SecurityCenter and Tenable.io. The custom application, which resides on the McAfee epo system, calls to the Tenable.io and SecurityCenter APIs to retrieve vulnerability data. McAfee epo customers have the ability to configure how often the connection is made and the amount of vulnerability data that is imported to meet their specific needs. The application also allows epo customers to export their epo managed systems to Tenable.io or SecurityCenter to be scanned. By simplifying and automating the access to Tenable vulnerability data, epo customers can gain a more complete view of the assets, and the risk to those assets, within their organization. Please email any comments and suggestions to support@tenable.com.

Integration Requirements The following is required to integrate SecurityCenter or Tenable.io with McAfee epo: McAfee epo version 5.9 or higher McAfee Rogue System Detection (RSD) extension 5.0.2 or higher (refer to the McAfee Rogue System Detection Product Guide located at https://support.mcafee.com for download and installation instructions) McAfee DXL 3.0 or higher SecurityCenter version 5.1.0 or higher, Tenable.io, or both SecurityCenter Security Manager account dedicated for use with McAfee epo Tenable Connection Extension for epo (available for download at https://support.tenable.com, filename TenableConnector-1.1.0.zip)

Tenable Configuration McAfee epolicy Orchestrator configuration is available for both Tenable.io and SecurityCenter. Click the corresponding link to view the configuration steps. Tenable.io Configuration SecurityCenter Configuration

Tenable.io Configuration 1. Log in to Tenable.io. 2. Click the user icon in the upper right corner. 3. Click My Account.

4. Click the API Keys tab.

5. Click the Generate button.

Note: These API keys will only be shown once. Copy them and use them for the configuration of epo.

SecurityCenter Configuration 1. Log in to SecurityCenter using a previously created administrator account, navigate to Users, and select Users (highlighted below) from the drop-down menu. 2. Click +Add (highlighted below) to create a new user. 3. Enter an account username and password (confirm password). 4. Next, click the Role drop-down under the Membership section and select Security Manager.

5. Click the Organization drop-down and select the organization for the account. Click Submit. Note: The SecurityCenter Security Manager account and password will be required during the McAfee epo configuration. McAfee epo will authenticate to SecurityCenter via this account in order to pull the vulnerability assessment data into epo.

McAfee epo Configuration View the following pages to complete the configuration. Download Connector Extension Install Extensions Permissions DXL Permissions Configure Server Test Connection Schedule Import Schedule Export Run Server Tasks View Dashboards View System Tree View in SecurityCenter View in Tenable.io

Download the Connector Extension Prior to beginning the McAfee epo configuration: 1. Log in to the Tenable Support Portal. 2. Navigate to Downloads > SecurityCenter. 3. Download the Tenable Connector Extension for McAfee epo (TenableConnector-1.1.0.zip). 4. Save the file in a location accessible from your McAfee epo console. Note: Before the starting the configuration: 1. Uninstall the existing connector 2. Install the new 1.1 connector Note: When upgrading, change the name of the server. You cannot use the same name that you previously used. It can be adjusted by adding another character or number or completely change the name. Example - if the server was named securitycenterserver, name it securitycenterserver2.

Install Extensions 1. Once the Tenable Connector Extension for epo has been downloaded, log in to your McAfee epo console and click the Menu drop-down (highlighted below) in the top left-hand corner. 2. Select Extensions (highlighted below) under the Software section. 3. Click Install Extension (highlighted below).

4. Select Choose File (highlighted below) from the Install Extension pop-up window. 5. Navigate to the previously downloaded TenableConnector-1.1.0.zip file and click Open (highlighted below).

6. Click OK to install the extension. 7. Verify the extension is listed as TenableConnector (as shown below) and click OK.

8. Select Tenable Connector (highlighted below) in the left-hand pane to ensure the extension has been installed. In the right-hand pane, verify that the extension is Running (highlighted below). If the extension is not listed as an installed extension or is not running, please contact Tenable Support.

Note: The Tenable Connector extension is listed under the Unsigned section in this example. Once signed by McAfee, the extension will be listed under the Signed section.

Permissions Once the extension has been installed, permissions will need to be added to the epo user role. To add the permissions: 1. Navigate to Menu > Permissions Sets (highlighted below). 2. Select an existing Permission Set from the list in the left-hand menu, or select New Permission Set (highlighted below) to create a new set of permissions.

3. Once a new permission set is created or selected, scroll down and click Edit next to the Tenable role (highlighted below). Note: The Tenable role will not appear in the list until the Tenable Connector Extension for epo has been installed.

4. Select the Run Permission for Tenable Command and Queries radio button and click Save (highlighted below) to finalize the setting.

DXL Permissions 1. Navigate to Menu > Server Settings (highlighted below) under Configuration. 2. Select DXL Topic Authorization in the left-hand menu.

3. Configure Permissions as desired for environment.

Configure Server After the Tenable permission is set: 1. Navigate to Menu > Registered Servers (highlighted below) under the Configuration section. 2. Select New Server.

3. Click the Server Type drop-down and select Tenable Import or Tenable Export. Enter a descriptive name for the server and click Next. Note: The Tenable Import option imports vulnerability data to epo. The Tenable Export option exports assets as a target group.

4. Enter the SecurityCenter or Tenable.IO settings. See Table 1 Registered Server Configuration for a description of each field. Enter the username and password for SecurityCenter or enter access and secret keys for Tenable.IO. Table 1 - Registered Server Configuration Tenable SecurityCenter Settings Import Server Type IP Address Port Number Access Key Secret Key User Name Description Client type is either Tenable.io or SecurityCenter IP address of the Tenable SecurityCenter instance Port number used to connect to Tenable SecurityCenter (443 default) Access Key is the username for Tenable.io Secret Key is the password for Tenable.io Username of the Security Manager account created in Tenable SecurityCenter

Password Import Results Debug Mode Password of the Security Manager account created in Tenable SecurityCenter Selects the amount of data (in days) to import from Tenable SecurityCenter Enables debug mode. Leave unchecked unless specified by Tenable Support

Test Connection Test Connection Click Test Connection to verify that McAfee epo can successfully connect to Tenable.IO or SecurityCenter using the information provided above. If the connection is successful, it will display Tenable connection successful (highlighted below). If you receive the success message, click Save. If the connection fails, please verify the information entered above is correct. If the problem persists, contact Tenable Support. Note: Only one Tenable SecurityCenter type is allowed at any given time. To make changes, either edit the configured server or delete it and recreate it.

Schedule Import Once the registered server has been configured: 1. Navigate to Menu > Server Tasks (highlighted below) under the Automation section. 2. In the Quick Find search box, type Tenable and click Apply.

3. Click Edit (highlighted below) on the action for Tenable Import.

4. Set the Schedule status to Enabled (default is disabled) and click Next.

5. Click the Select the Server Name drop-down and select the previously configured registered server. Click Next.

6. Schedule the frequency the Server Task should run and click Next. See Table 2 Server Task Builder for a description of each option.

Table 2 Server Task Builder Server Task Builder Settings Schedule Type Start Date End Date Schedule Description Click the drop-down to select the frequency that log data will be collected from Tenable SecurityCenter. Options include: Hourly, Daily, Weekly, Monthly, Yearly, and Advanced. If Advanced is selected, you will be presented with the option to enter Cron Syntax instead of the scheduled start time. The date that log collection will begin The date the log collection will end. To allow log collection to recur indefinitely, check the No end date radio button instead of setting an end date. Click the drop-down to set the log collection to begin at a specific time by selecting at, or select between to have the log collection only run between a certain time period.

7. Once the schedule is configured, you will be presented with a Summary of the server task. Verify all the settings are correct and click Save.

Schedule Export 1. In the Quick Find search box, type Tenable and click Apply. 2. Click Edit (highlighted below) on the action for Tenable Export.

3. Set the Schedule status to Enabled (default is disabled) and click Next.

4. Click the Select the Server Name drop-down and select the previously configured registered server. Click Next.

5. Schedule the frequency the Server Task should run and click Next. See Table 2 Server Task Builder for a description of each option.

6. Once the schedule is configured, you will be presented with a Summary of the server task. Verify all the settings are correct and click Save.

Run Server Tasks 1. Click the Menu drop-down in the top left-hand corner and select Server Tasks (highlighted below) under the Automation section. 2. To run the extension, select the Tenable Import Task from the list of Server Tasks and click Run.

3. To view the task status, click on the Tenable Import Task. It will display the status of the task on the Server Task Log Information screen as shown below. Click Close to return to the Server Task Log screen.

4. The configuration is now complete and the task will run on the previously configured automated schedule.

View Dashboards Once a server task has completed and vulnerability data has been collected from Tenable SecurityCenter, the results can be viewed within McAfee epo dashboards. To view the dashboards: 1. Click on the Menu drop-down in the top left-hand corner and select Dashboards (highlighted below) in the Reporting section. 2. Click the drop-down to the left of Dashboard Actions (highlighted below) and select Tenable Dashboard to display the vulnerability data collected from SecurityCenter. Clicking the dropdown arrow (highlighted below) in the top left-hand corner of each widget gives you the option

to Refresh the information within that widget or to display it Full Screen.

View System Tree 1. Click on the Menu drop-down in the top left-hand corner and select System Tree (highlighted below) in the Systems section. 2. Select a Managed Host from the System Tree. 3. If there is data on the Managed Host, it will be displayed on the Tenable Vulnerability

Details tab (highlighted below) of the selected host.

View in Tenable.io 1. Click on the Scans option in the top menu. 2. Click the Target Groups option in the left navigation menu.

3. Click the User tab. The epo export will be listed here.

View in SecurityCenter 1. Click on the Assets option in the top menu. 2. The exported epo results are displayed in the Asset list.

About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail, and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback