Set up your ServiceNow AI Platform instance for the McAfee ePO integration

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Set up your ServiceNow AI Platform instance for the McAfee ePO integration

    This guidance outlines the essential setup tasks ServiceNow AI Platform administrators must complete before installing the McAfee ePO integration application. Proper preparation ensures a smooth installation and functionality of the integration between ServiceNow Security Incident Response (SIR) and McAfee ePolicy Orchestrator (ePO).

    Show full answer Show less

    Key Setup Requirements

    • Roles: Ensure appropriate roles are assigned:
      • System Administrator (admin): For installing the application.
      • Security Incident Administrator (snsi.admin): For configuring the application and managing profiles.
      • Security Incident Analyst (snsi.analyst): For working with security incidents, launching profiles, and submitting isolation or restoration requests if approval is enabled.
    • McAfee ePO Version: Use version 10.4.3 of McAfee ePolicy Orchestrator, compatible with integration version 5.9.
    • ServiceNow Extension Plugin for McAfee ePO: Install this plugin in your McAfee ePO console to enable integration features. The plugin is available via the ServiceNow AI Platform knowledge base.
    • Security Operations Core Applications: Confirm installation and activation of these applications from the ServiceNow Store in this order:
      1. Security Incident Response
      2. Security Incident Response Workspace
      3. Security Integration Framework
      4. Security Support Common
      5. Security Support Orchestration
    • Security Incident Response Dependency Plugin: Install and activate (com.snc.sidep) before other Security Operations apps to ensure all dependencies are met.
    • MID Server: Install and configure a MID Server in your ServiceNow AI Platform instance to support communication and integration functions.
    • Approval Process (Optional): For enhanced control over isolating and restoring hosts:
      • Create an approval group to manage requests.
      • Enable the “Require approval” option during profile configuration.
      • By default, approval authority resides with the security incident administrator but can be reassigned to an approval group.

    Practical Impact

    Completing these setup tasks ensures your ServiceNow AI Platform instance is fully prepared to integrate with McAfee ePO, enabling automated and controlled security incident responses. The structured installation order and role assignments facilitate efficient management, while optional approval workflows provide additional governance over critical host isolation actions.

    The following section lists the setup tasks that you’re required to complete in your ServiceNow AI Platform® instance prior to installing the application for the McAfee ePO integration.

    Set up requirements

    Role required: ServiceNow AI Platform administrator (admin). Review the following information before your ServiceNow AI Platform® instance for the McAfee ePO integration.

    The following table is a list of setup requirements for the application. Verify that you’ve completed these tasks before you install the application for the integration from the ServiceNow Store.
    Set up task Description
    Verify that you’ve assigned the required ServiceNow AI Platform® and Security Incident Response (SIR) roles. The following roles are required:
    • A user with the system administrator (admin) role to install the application.
    • A user with the security incident administrator (sn_si.admin) role configures the application, and creates, activates, and removes profiles.
    • A user with the security incident analyst (sn_si.analyst) role works with security incidents. Tasks include manually launching profiles from security incidents. If the approval option is selected in a profile during the configuration step, users with this role also submit requests for isolating hosts and returning them to the network.
    Verify that you are using version 5.9 of McAfee ePO. The integration supports version 10.4.3 of the McAfee ePolicy Orchestrator.
    Verify that you have installed the ServiceNow extension plugin in your McAfee ePO console. Install the ServiceNow plugin in your McAfee ePO console.

    For more information and to obtain the plugin file, in your ServiceNow AI Platform instance, navigate to Knowledge > Articles > All and, in the Search field, enter, ServiceNow Security Operations Extension for McAfee ePO .
    Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration.

    Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications required by the integration.

    Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation.

    1. Security Incident Response
    2. Security Incident Response Workspace
    3. Security Integration Framework
    4. Security Support Common
    5. Security Support Orchestration

    For more information about installing the Security Operations core applications, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application.
    Verify that you have installed and configured a MID Server. An installed and configured MID Server is required in your ServiceNow AI Platform® instance. See the ServiceNow Product Documentation website for more information about MID Servers.
    If you want to enable the approval process for profiles, verify that you have created an approval group to process requests.

    There is an optional approval process available for isolating host machines and restoring them to the network.

    If this option is enabled, prior approval is required before host machines are isolated and restored to your network.

    If your organization wants an extra level of control over these actions, enable the Require approval option during the configuration step for a profile.

    By default, approval authority is assigned to the ServiceNow AI Platform® security incident administrator (sn_si.admin). This authority can be reassigned to an approval group. Within the group, any member has permission to approve or reject requests.

    You select an active approval group during the configuration step of your profile setup. For more information, see Create an approval group.