McAfee ePO integration for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of McAfee ePO integration for Security Operations release notes

    The McAfee ePO integration for Security Operations provides a seamless connection between ServiceNow Security Operations and McAfee ePolicy Orchestrator (ePO), enabling automated and manual security actions directly from ServiceNow. This integration enhances incident response by allowing security teams to trigger McAfee ePO queries and actions, such as malware scans and system isolation, based on specific incident conditions.

    Show full answer Show less

    Key Features

    • Automated triggering of McAfee ePO queries and actions based on ServiceNow Security Incident Response (SIR) conditions.
    • Manual launch capability of McAfee ePO features from SIR security incidents.
    • Support for creating multiple profiles to tailor triggering rules for different incident types (e.g., malware).
    • Preview of McAfee ePO query results within SIR incidents for validation of profile configurations.
    • Actions include initiating malware scans, isolating compromised systems from the network, and returning them post-remediation.
    • Security tags for tracking which McAfee ePO capabilities are launched and their completion status.
    • Audit trails linking McAfee ePO queries and actions to SIR incidents, with command logging in the McAfee ePO console.
    • Support for multiple McAfee ePO consoles to manage policies across user groups and regions.
    • Enhanced security controls by upgrading read-only fields to strict enforcement to prevent unauthorized modifications.
    • Migration of default workflows to Flow Designer for improved automation and maintenance.
    • Localization support and UI improvements for better user experience and capability framework integration.
    • Resolved access control and localization issues to ensure appropriate visibility and security analyst access.

    Key Outcomes

    • Improved security operations efficiency by automating response actions and reducing manual effort.
    • Enhanced security posture through consistent enforcement of read-only permissions and robust audit trails.
    • Greater flexibility and customization in incident handling via multiple profiles and Flow Designer workflows.
    • Better user experience with UI enhancements, localization, and capability framework integration.
    • Increased reliability and security of integration with resolved bugs related to access controls, password policies, and key management.

    Version history for the McAfee ePO integration for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.6.1 - June 2026
    Fixed: Access issues for Security Analyst while querying tables.
    Version 10.6.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.5.11 - August 2025
    Fixed: Error sys_scope during Lookup Source in McAfee EPO Integration.
    Version 10.5.1 - February 2025
    New: Migrated existing default Workflows to Flow Designs using Flow Designer.
    Version 10.4.7 - November 2024
    New: Migrated existing default Workflows to Flow Designs using Flow Designer.
    Version 10.4.6 - December 2023
    Fixed: Misconfiguration of table/field ACLs within com.snc.secops.mcafee.epo plugin.
    Version 10.4.5 - November 2023
    • Changed: Added localization translations.
    • Fixed: The report_view access control list (ACL) was missing for some tables.
    Version 10.4.3 - August 2023
    Changed:
    • Migrated this integration to the capability framework.
    • UI Framework built for capabilities in the new workspace.
    Version 10.3.6 - June 2022
    Fixed: Localization and Internationalization issues in UI messages, and ACL-related issues are resolved to enable the Security Analyst to see capability profile records.
    Version 10.3.5 - October 2021
    Fixed: Added additional password-related policies.
    Version 10.3.3 - December 2020
    Changed: With Key Management Framework plugin, developers will have an ability to manage keys used for Password2 fields through crypto module definition.
    Version 5.0.0 - April 2019
    • Supports automated triggering of McAfee ePO queries and actions based on incident conditions
    • Supports launching McAfee ePO capabilities manually from ServiceNow AI Platform® Security Incident Response (SIR) security incidents
    • The flexibility to create multiple profiles for triggering different types of McAfee ePO and ServiceNow AI Platform Security Operations capabilities. These profiles automatically gather threat event information that is based on the conditions of specific incident types such as malware.
    • Validate your profile configuration with a preview of the McAfee ePO results on SIR security incidents.
    • Initiate malware scans from a SIR security incident to identify potential system compromise.
    • Isolate compromised systems from the network, and, after remediation, return the systems to the network.
    • If tagging is enabled, security tags identify which McAfee ePO capabilities are initially launched by a workflow and when the queries or actions are successfully completed.
    • A complete audit trail of the McAfee ePO queries and actions is posted on SIR security incidents, and commands from the ServiceNow AI Platform are logged in the McAfee ePO console.
    • Supports multiple McAfee ePO consoles so that you can apply different policies to user groups and regions.