Manage Security with ePO
This McAfee-ePO integration combines the reach of Asset Manager’s network discovery with McAfee's ePolicy Orchestrator (McAfee ePO) to improve your organization's security posture.
For more on McAfee ePO and McAfee DXL integrations including configuration and information and views of the McAfee Task Manager, see McAfee ePO & DXL.
The McAfee ePO integration provides McAfee ePO customers with a way to ensure that the ePO agent is installed comprehensively on all network devices in a particular segment (or multiple segments) as intended. The integration reconciles McAfee findings with Asset Manager findings and insodoing, uncovers:
- Assets lacking the McAfee ePO agent
- Assets to which visibility is blocked
- Assets with comprehensive management
To manage e-policy in Asset Manager, first configure the McAfee feed, then review the ePO Management dashboard, located on Asset Manager's main Dashboards menu.
To manage e-policy in McAfee ePO server, configure the McAfee feed, then install the Asset Manager Asset Manager extension to your ePO server.
The dashboard provides a variety of useful information:
IPs Unmanaged by McAfee - IPs Asset Manager found on your network that McAfee doesn't know about and doesn't have under management. Together, these unknowns represent a policy-management gap and vulnerability that could be exploited. This information is presented visually, in a bar chart that shows the volume of unmanaged, and also in a table with details on each unmanaged IP address (i.e., IP and MAC address, responsiveness and when the first and last response was received, and the Zone in which the device is located).
IPs Unmanaged by Asset Manager - These are those IPs managed by McAfee that Asset Manager did not find on the network. Typically there will not be any devices managed by McAfee that have not been indexed by Asset Manager. In the event these widgets show results, check your your Asset Manager discovery configuration, which is not providing the level of visibility you require. Contact us for help in identifying the prospective source of the problem.
McAfee- and Asset Manager-Managed IPs - When this subset becomes the whole (i.e., when all devices are managed by both resources, your organization's e-policy is well in hand.
Following is the ePO Management dashboard and a description of the data fields returned. All analytics from the McAfee feed go here. None affect Map filters, Reports or Search.
- IP Address - Device identifier
- MAC Address - Device identifier
- Active - device responded to Asset Manager probe
- First Observed - Device came on the network
- Last Observed - Device left the network after this point
- ZoneID - Number corresponding to the zone to which the device belongs
The data in any dashboard widget can be exported by clicking the Export icon (i.e., the away-pointing arrow). After identifying Asset Manager-discovered IPs that you'd like to bring into McAfee, you can either export the data from the source widget and then import it to McAfee. Or, you can install the Asset Manager Asset Manager extension on your McAfee ePO server.
Submit a comment at the bottom of this page if you have a question or need additional information about the ePO Management dashboard.