Set up your ServiceNow AI Platform instance for the McAfee ePO integration

Release version: Washingtondc

Updated February 1, 2024

2 minutes to read

Summarize

Summarized using AI

Summary of Set up your ServiceNow AI Platform instance for the McAfee ePO integration

This guide outlines the essential setup tasks required to integrate your ServiceNow AI Platform instance with McAfee ePolicy Orchestrator (ePO). Completing these tasks ensures a seamless installation and configuration of the integration application.

Show full answer Show less

Key Features

Role Requirements: Ensure that the necessary roles are assigned:
- System Administrator (admin) for installation.
- Security Incident Administrator (snsi.admin) for configuration and profile management.
- Security Incident Analyst (snsi.analyst) for incident management and profile launching.
Compatibility: Confirm that you are using McAfee ePO version 5.9 and the integration supports version 10.4.3.
ServiceNow Plugin: Install the ServiceNow extension plugin in your McAfee ePO console.
Required Plugins: Install the Security Incident Response Dependency plugin (com.snc.sidep) to support the integration.
Security Operations Applications: Ensure that the following applications are installed in the specified order:
- Security Incident Response
- Security Incident Response Workspace
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
MID Server: Verify installation and configuration of a MID Server in your instance.
Approval Process: Optionally create an approval group for host isolation and restoration processes.

Key Outcomes

Upon completing these setup tasks, you will be able to successfully integrate the ServiceNow AI Platform with McAfee ePO, enabling efficient management of security incidents and providing an optional approval workflow for critical actions. This integration enhances your organization's security incident response capabilities, ensuring a more controlled and efficient process for handling security events.

The following section lists the setup tasks that you’re required to complete in your ServiceNow AI Platform® instance prior to installing the application for the McAfee ePO integration.

Set up requirements

Role required: ServiceNow AI Platform administrator (admin). Review the following information before your ServiceNow AI Platform® instance for the McAfee ePO integration.

The following table is a list of setup requirements for the application. Verify that you’ve completed these tasks before you install the application for the integration from the ServiceNow Store.


Set up task	Description
Verify that you’ve assigned the required ServiceNow AI Platform® and Security Incident Response (SIR) roles.	The following roles are required: A user with the system administrator (admin) role to install the application. A user with the security incident administrator (sn_si.admin) role configures the application, and creates, activates, and removes profiles. A user with the security incident analyst (sn_si.analyst) role works with security incidents. Tasks include manually launching profiles from security incidents. If the approval option is selected in a profile during the configuration step, users with this role also submit requests for isolating hosts and returning them to the network.
Verify that you are using version 5.9 of McAfee ePO.	The integration supports version 10.4.3 of the McAfee ePolicy Orchestrator.
Verify that you have installed the ServiceNow extension plugin in your McAfee ePO console.	Install the ServiceNow plugin in your McAfee ePO console. For more information and to obtain the plugin file, in your ServiceNow AI Platform instance, navigate to Knowledge > Articles > All and, in the Search field, enter, ServiceNow Security Operations Extension for McAfee ePO .
Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration.	Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications required by the integration. Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation. Security Incident Response Security Incident Response Workspace Security Integration Framework Security Support Common Security Support Orchestration For more information about installing the Security Operations core applications, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application.
Verify that you have installed and configured a MID Server.	An installed and configured MID Server is required in your ServiceNow AI Platform® instance. See the ServiceNow Product Documentation website for more information about MID Servers.
If you want to enable the approval process for profiles, verify that you have created an approval group to process requests.	There is an optional approval process available for isolating host machines and restoring them to the network. If this option is enabled, prior approval is required before host machines are isolated and restored to your network. If your organization wants an extra level of control over these actions, enable the Require approval option during the configuration step for a profile. By default, approval authority is assigned to the ServiceNow AI Platform® security incident administrator (sn_si.admin). This authority can be reassigned to an approval group. Within the group, any member has permission to approve or reject requests. You select an active approval group during the configuration step of your profile setup. For more information, see Create an approval group.