Tenable for McAfee epolicy Orchestrator

Similar documents
Tenable for McAfee epolicy Orchestrator

How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

Nessus Manager Registration Process

PVS Subscription Registration Process

How to Add, Deactivate, or Edit a Contact

Tenable.io for Thycotic

How to Register for Training

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

Tenable for Google Cloud Platform

Tenable for Palo Alto Networks

How to Transition from Nessus to SecurityCenter Reports

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

Tenable for ServiceNow. Last Updated: March 19, 2018

McAfee Security-as-a-Service

Services. This document. describes how comments and. it is in. Tenable.io and. Tenable.io

McAfee Security Connected Integrating epo and MFECC

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

McAfee Security Connected Integrating EPO and MAM

McAfee Security Connected Integrating epo and MVM

Tenable Nessus Customer Loyalty Program to Purchase PVS Subscription

McAfee epolicy Orchestrator

Tenable SecurityCenter Data Feeds for RSA Archer IT Security Vulnerability Program

Moving from McAfee SecurityCenter to McAfee epo Cloud

McAfee MVISION Mobile epo Extension Product Guide

Deploying the hybrid solution

McAfee Red and Greyscale

Total Protection for Compliance: Unified IT Policy Auditing

McAfee Endpoint Threat Defense and Response Family

ForeScout Extended Module for Tenable Vulnerability Management

McAfee MVISION Mobile Microsoft Intune Integration Guide

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Digital Defense Frontline VM 6.0

IC L17 Strategic Understanding using Symantec Protection Center Hands-On Lab

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Vulnerability Manager 7.0.1

Integrate Saint Security Suite. EventTracker v8.x and above

Tenable.io User Guide. Last Revised: November 03, 2017

How-to Guide: Tenable Applications for Splunk. Last Revised: August 21, 2018

Industrial Defender ASM. for Automation Systems Management

July 18, (Revision 3)

USM Anywhere AlienApps Guide

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

McAfee MVISION Mobile Microsoft Intune Integration Guide

Comodo Device Manager Software Version 4.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

AKAMAI CLOUD SECURITY SOLUTIONS

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

Firewall Enterprise epolicy Orchestrator

Data Breach Risk Scanning and Reporting

SIEM: Five Requirements that Solve the Bigger Business Issues

Tenable.sc-Tenable.io Upgrade Assistant Guide, Version 2.0. Last Revised: January 16, 2019

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Speed Up Incident Response with Actionable Forensic Analytics

Vulnerability Management

CounterACT VMware vsphere Plugin

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

Risk Intelligence. Quick Start Guide - Data Breach Risk

Enhanced Threat Detection, Investigation, and Response

SecurityCenter Upgrade Guide. July 21, 2015 (Revision 1)

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

McAfee Data Protection for Cloud 1.0.1

SecurityCenter 5.1 Upgrade Guide. November 12, 2015 (Revision 2)

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide

DASHBOARD PERFORMANCE INDICATOR DATABASE SYSTEM (PIDS) USER MANUAL LIBERIA STRATEGIC ANALYSIS TABLE OF CONTETABLE OF CONT. Version 1.

Qualys Cloud Platform

SecurityCenter 4.8.x Upgrade Guide. December 16, 2014 (Revision 1)

Nessus v6 SCAP Assessments. November 18, 2014 (Revision 1)

Application Notes for Integrating Vitel Ivize with Avaya Modular Messaging - Issue 1.0

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. RiskLens <Partner Product>

OnCommand Insight 7.2

Decoding security frameworks for effective cyber defense. David Allott McAfee

OnCommand Insight 7.1 Planning Guide

Comodo cwatch Web Security Software Version 1.0

IBM Internet Security Systems Proventia Management SiteProtector

SecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)

Endpoint Security for DeltaV Systems

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

ForeScout CounterACT. Configuration Guide. Version 1.1

McAfee Application Control/ McAfee Change Control Administration

McAfee Advanced Threat Defense Release Notes

IBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

ACTIONABLE SECURITY INTELLIGENCE

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

How-to Guide: JIRA Plug-in for Tenable.io. Last Revised: January 29, 2019

SailPoint IdentityIQ 6.4

SYMANTEC DATA CENTER SECURITY

ForeScout Extended Module for IBM BigFix

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

McAfee Data Loss Prevention Endpoint 10.0

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Transcription:

How-To Guide Tenable for McAfee epolicy Orchestrator Introduction This document describes how to deploy Tenable SecurityCenter for integration with McAfee epolicy Orchestrator (epo). Please email any comments and suggestions to support@tenable.com. As the most advanced security management software in the industry, McAfee epo provides a unified view of an organization s security posture along with streamlined workflows for improved security operation efficiency. Utilized by more than 30 thousand customers worldwide, and deployed to more than 60 million nodes, McAfee epo simplifies risk and compliance for organizations of all sizes by combining security management of endpoints, networks, data and compliance solutions within a single pane of glass. Tenable has partnered with McAfee to allow McAfee epo customers the ability to import Tenable vulnerability data into epo for a consolidated view of assets and their vulnerability state. A custom, McAfeecertified application created by Tenable allows McAfee epo to integrate with Tenable SecurityCenter. The custom application, which resides on the McAfee epo system, calls to the SecurityCenter API to retrieve vulnerability data. McAfee epo customers have the ability to configure how often the connection is made and the amount of vulnerability data that is imported in order to meet their specific needs. By simplifying and automating the access to Tenable vulnerability data, epo customers can now gain an even more complete view of the assets, and the risk to those assets, within their organization. Integration Requirements The following are required in order to integrate SecurityCenter with McAfee epo: McAfee epo version 5.3 or higher McAfee Rogue System Detection (RSD) extension 5.0.2 or higher (refer to the McAfee Rogue System Detection Product Guide located at https://support.mcafee.com for download and installation instructions) SecurityCenter version 5.1.0 or higher SecurityCenter Security Manager account dedicated for use with McAfee epo Tenable SecurityCenter Extension for epo (available for download at https://support.tenable.com, filename McAfee-ePO-Connector.zip)

Integration Configuration SecurityCenter Configuration To create the dedicated Security Manager account, log in to SecurityCenter using a previously created administrator account, navigate to Users and select Users (highlighted below) from the drop-down menu. Click +Add (highlighted below) to create a new user. 2

Enter an account username and password (confirm password). Next, click the Role drop-down under the Membership section and select Security Manager. Click the Organization drop-down and select the organization for the account. Click Submit. The SecurityCenter Security Manager account and password will be required during the McAfee epo configuration. McAfee epo will authenticate to SecurityCenter via this account in order to pull the vulnerability assessment data into epo. 3

McAfee epo Configuration Prior to beginning the McAfee epo configuration, log in to the Tenable Support Portal, navigate to Downloads > SecurityCenter and download the Tenable SecurityCenter Extension for McAfee epo (McAfee-ePO-Connector.zip). Save the file in a location accessible from your McAfee epo console. Once the Tenable SecurityCenter Extension for epo has been downloaded, log in to your McAfee epo console and click the Menu drop-down (highlighted below) in the top left-hand corner. Select Extensions (highlighted below) under the Software section. 4

Click Install Extension (highlighted below). Select Choose File (highlighted below) from the Install Extension pop-up window. 5

Navigate to the previously downloaded McAfee-ePO-Connector.zip file and click Open (highlighted below). Click OK to install the extension. 6

Verify the extension is listed as TenableSecurityCenter (as shown below) and click OK. Select Tenable Security (highlighted below) in the left-hand pane to ensure the extension has been installed. In the right-hand pane, verify that the extension is Running (highlighted below). If the extension is not listed as an installed extension or is not running, please contact Tenable Support. 7

The Tenable Security extension is listed under the Unsigned section in this example. Once signed by McAfee, the extension will be listed under the Signed section. Once the extension has been installed, permissions will need to be added to the epo user role. To add the permissions, navigate to Menu > Permissions Sets (highlighted below). 8

Select an existing Permission Set from the list in the left-hand menu, or select New Permission Set (highlighted below) to create a new set of permissions. Once a new permission set is created or selected, scroll down and click Edit next to the Tenable SecurityCenter role (highlighted below). 9

The Tenable SecurityCenter role will not appear in the list until the Tenable SecurityCenter Extension for epo has been installed. Select the Run Permission for Tenable SecurityCenter Command and Queries radio button and click Save (highlighted below) to finalize the setting. 10

After the Tenable SecurityCenter permission has been set, navigate to Menu > Registered Servers (highlighted below) under the Configuration section. Select New Server. 11

Click the Server Type drop-down and select Tenable SecurityCenter. Enter a descriptive name for the server and click Next. Enter the Tenable SecurityCenter Settings (highlighted below). See Table 1 Registered Server Configuration for a description of each field. 12

Table 1 Registered Server Configuration Tenable SecurityCenter Settings IP Address Port Number User Name Password Import Results Debug Mode Description IP address of the Tenable SecurityCenter instance Port number used to connect to Tenable SecurityCenter (443 default) Username of the Security Manager account created in Tenable SecurityCenter Password of the Security Manager account created in Tenable SecurityCenter Selects the amount of data (in days) to import from Tenable SecurityCenter Enables debug mode. Leave unchecked unless specified by Tenable Support Click Test Connection to verify that McAfee epo can successfully connect to Tenable SecurityCenter using the information provided above. If the connection is successful, it will display Tenable SecurityCenter connection successful (highlighted below). If you receive the success message, click Save. If the connection fails, please verify the information entered above is correct. If the problem persists, contact Tenable Support. Only one Tenable SecurityCenter type is allowed at any given time. To make changes, either edit the configured server or delete it and recreate it. 13

Once the registered server has been configured, navigate to Menu > Server Tasks (highlighted below) under the Automation section. In the Quick Find search box, type Tenable and click Apply. 14

Click Edit (highlighted below) on the action for Tenable SecurityCenter Collect Task. Set the Scheduled status to Enabled (default is disabled) and click Next. 15

Click the Select the Server Name drop-down and select the previously configured registered server. Click Next. Schedule the frequency the Server Task should run and click Next. See Table 2 Server Task Builder for a description of each option. 16

Table 2 Server Task Builder Server Task Builder Settings Schedule type Start date End date Schedule Description Click the drop-down to select the frequency that log data will be collected from Tenable SecurityCenter. Options include: Hourly, Daily, Weekly, Monthly, Yearly and Advanced. If Advanced is selected, you will be presented with the option to enter Cron Syntax instead of the scheduled start time. The date that log collection will begin. The date the log collection will end. To allow log collection to recur indefinitely, check the No end date radio button instead of setting an end date. Click the drop-down to set the log collection to begin at a specific time by selecting at, or select between to have the log collection only run between a certain time period. Once the schedule is configured, you will be presented with a Summary of the server task. Verify all the settings are correct and click Save. 17

To run a server task, click the Menu drop-down in the top left-hand corner and select Server Tasks (highlighted below) under the Automation section. To run the extension, select the Tenable SecurityCenter Collection Task from the list of Server Tasks and click Run. 18

To view the task status, click on the Tenable SecurityCenter Collection Task. It will display the status of the task on the Server Task Log Information screen as shown below. Click Close to return to the Server Task Log screen. The configuration is now complete and the task will run on the previously configured automated schedule. 19

Once a server task has completed and logs have been collected from Tenable SecurityCenter, the results can be viewed within McAfee epo dashboards. To view the dashboards, click on the Menu drop-down in the top left-hand corner and select Dashboards (highlighted below) in the Reporting section. Click the drop-down to the left of Dashboard Actions (highlighted below) and select Tenable SecurityCenter Dashboard to display the vulnerability data collected from SecurityCenter. Clicking the drop-down arrow (highlighted below) in the top left-hand corner of each widget gives you the option to Refresh the information within that widget or to display it Full Screen. 20

To view data in the System Tree, click on the Menu drop-down in the top left-hand corner and select System Tree (highlighted below) in the Systems section. Select a Managed Host from the System Tree. 21

If there is data on the Managed Host, it will be displayed on the Tenable System Detail tab (highlighted below) of the selected host. About Tenable Network Security Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats and reduces exposure and loss. With more than one million users and more than 21,000 customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com. 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback