Trigger additional actions in McAfee ePO integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • The List Threat Events and Initiate Malware Scan capabilities can be triggered from Run Additional Actions.​

    Before you begin

    Role required: sn_si.admin

    About this task

    You can configure and trigger additional actions in the McAfee ePO integration enables by using Run Additional Actions on Endpoint, which include the McAfee ePO List Threat Events and McAfee ePO Initiate Malware Scan capabilities.

    Procedure

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident on which you want to run the additional actions.
    3. In the Related Links section, click Run Additional Action(s) on Endpoint.
    4. Browse and select the capability implementation that you want to trigger from the list of additional actions.
      For example, McAfee ePO List Threat Events.
    5. Select Include Related CI to run this additional action on all the related CIs of the profile.
      For example, if there are five CIs associated with the security incident, then the selected profile runs on all the five CIs.
    6. Click Run Additional Actions.
      Figure 1. McAfee ePO Threat Event Details
      McAfee ePO Threat Event Details
      Note:
      All the related list tables extend the base tables. In this example, the McAfee EPO Threat Event Details table is an extended table of the Additional Actions on Endpoint base table.
    7. View and validate the McAfee ePO Threat Event Details on the related lists.