Get started with the McAfee ESM- incident Enrichment integration
McAfee ESM protects endpoints against viruses, spyware, Trojan horses, and other malware threats and integrates easily with Security Operations. Before you can use the McAfee ESM - Incident Enrichment integration, you must download it from the ServiceNow Store and add the appropriate API Base URL and login credentials.
Before you begin
Procedure
- Download the integration from the ServiceNow Store.
-
When the installation is complete, navigate to Security Operations > Integrations > Integration Configuration.
The available security integrations appear as a series of cards.
- In the McAfee ESM - Incident Enrichment card, select New.
-
Fill in the fields, as needed.
Field Description Name The name of this configuration. McAfee ESM API Base URL The base URL you acquired from the McAfee ESM site. Link URL [Optional] The Link URL that links to an McAfee ESM instance, when available. Note:If you're getting an error, please use the McAfee ESM API Base URL.Username Your McAfee ESM username. Password Your McAfee ESM password. Max Rows The maximum number of rows you want to search. Earliest Result (days) The earliest results you want to see in number of days. Include raw data samples in search results Select this to include samples of raw data in your sightings search results. The amount of data returned depends on your setting in the number of rows of raw data property in Security Incident Response properties. MID Server Select Any to use any active MID Server, or select a specific MID Server name. Note:Configuring this integration activates workflows. To manage the workflows, navigate to the Workflow Editor. -
Select Submit.
The integration configuration card displays.
- When viewing the new configuration card, you can select Configure or Delete to change or delete the configuration, respectively.
- To return to the original list of integration configuration cards, select No from the Show Configurations drop-down list.