Set up your ServiceNow AI Platform instance for the McAfee ePO integration

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Set up your ServiceNow AI Platform instance for the McAfee ePO integration

    This guide outlines the essential setup tasks required in your ServiceNow AI Platform® instance before installing the McAfee ePO integration application. Completing these tasks ensures a successful integration and smooth operation between ServiceNow and McAfee ePolicy Orchestrator (ePO).

    Show full answer Show less

    Key Setup Requirements

    • Roles: Ensure appropriate roles are assigned:
      • System administrator (admin) – to install the application
      • Security incident administrator (snsi.admin) – to configure the application, manage profiles
      • Security incident analyst (snsi.analyst) – to handle security incidents and optionally submit isolation/restoration requests if approval is enabled
    • McAfee ePO Version: Confirm you are using McAfee ePO version 10.4.3 or later, supported by this integration.
    • ServiceNow Extension Plugin: Install the ServiceNow extension plugin within your McAfee ePO console. This plugin is available via the ServiceNow AI Platform Knowledge Articles.
    • Core ServiceNow Applications: Verify installation and activation of necessary Security Operations applications in the following order for proper dependencies:
      • Security Incident Response
      • Security Incident Response Workspace
      • Security Integration Framework
      • Security Support Common
      • Security Support Orchestration
      Also ensure the Security Incident Response Dependency plugin (com.snc.sidep) is installed and activated beforehand to support these applications.
    • MID Server: Confirm that a MID Server is installed and properly configured in your ServiceNow AI Platform instance, as it is required for integration communication.
    • Approval Process (Optional): If your organization needs control over isolating and restoring host machines, enable the approval option during profile setup.
      • Create an approval group to manage these requests.
      • Assign approval authority either to the default security incident administrator role or to the designated approval group.
      • Approval is required before isolating or restoring hosts when this option is enabled.

    Next Steps

    After completing these setup tasks, proceed to install the McAfee ePO integration application from the ServiceNow Store. Following installation, configure your McAfee ePO console to complete the integration with Security Incident Response (SIR).

    The following section lists the setup tasks that you’re required to complete in your ServiceNow AI Platform® instance prior to installing the application for the McAfee ePO integration.

    Set up requirements

    Role required: ServiceNow AI Platform administrator (admin). Review the following information before your ServiceNow AI Platform® instance for the McAfee ePO integration.

    The following table is a list of setup requirements for the application. Verify that you’ve completed these tasks before you install the application for the integration from the ServiceNow Store.
    Set up task Description
    Verify that you’ve assigned the required ServiceNow AI Platform® and Security Incident Response (SIR) roles. The following roles are required:
    • A user with the system administrator (admin) role to install the application.
    • A user with the security incident administrator (sn_si.admin) role configures the application, and creates, activates, and removes profiles.
    • A user with the security incident analyst (sn_si.analyst) role works with security incidents. Tasks include manually launching profiles from security incidents. If the approval option is selected in a profile during the configuration step, users with this role also submit requests for isolating hosts and returning them to the network.
    Verify that you are using version 5.9 of McAfee ePO. The integration supports version 10.4.3 of the McAfee ePolicy Orchestrator.
    Verify that you have installed the ServiceNow extension plugin in your McAfee ePO console. Install the ServiceNow plugin in your McAfee ePO console.

    For more information and to obtain the plugin file, in your ServiceNow AI Platform instance, navigate to Knowledge > Articles > All and, in the Search field, enter, ServiceNow Security Operations Extension for McAfee ePO .
    Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration.

    Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications required by the integration.

    Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation.

    1. Security Incident Response
    2. Security Incident Response Workspace
    3. Security Integration Framework
    4. Security Support Common
    5. Security Support Orchestration

    For more information about installing the Security Operations core applications, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application.
    Verify that you have installed and configured a MID Server. An installed and configured MID Server is required in your ServiceNow AI Platform® instance. See the ServiceNow Product Documentation website for more information about MID Servers.
    If you want to enable the approval process for profiles, verify that you have created an approval group to process requests.

    There is an optional approval process available for isolating host machines and restoring them to the network.

    If this option is enabled, prior approval is required before host machines are isolated and restored to your network.

    If your organization wants an extra level of control over these actions, enable the Require approval option during the configuration step for a profile.

    By default, approval authority is assigned to the ServiceNow AI Platform® security incident administrator (sn_si.admin). This authority can be reassigned to an approval group. Within the group, any member has permission to approve or reject requests.

    You select an active approval group during the configuration step of your profile setup. For more information, see Create an approval group.