This McAfeeTrellix-ePO integration combines the reach of Lumeta’s Asset Manager’s network discovery with McAfeeTrellix's ePolicy Orchestrator (McAfee Trellix ePO) to improve your organization's security posture.
...
...
For more on McAfee ePO and McAfee DXL integrations including configuration and information and views of the McAfee Task Manager, see McAfee ePO & DXL.
The McAfee The Trellix ePO integration provides McAfee Trellix ePO customers with a way to ensure that the ePO agent is installed comprehensively on all network devices in a particular segment (or multiple segments) as intended. The integration reconciles McAfee Trellix findings with Lumeta Asset Manager findings and insodoing, uncovers:
- Assets lacking the McAfee Trellix ePO agent
- Assets to which visibility is blocked
- Assets with comprehensive management
To manage e-policy in LumetaAsset Manager, first configure the McAfee Trellix feed, then review the ePO Management dashboard, located on LumetaAsset Manager's main Dashboards menu.
To manage e-policy in McAfee Trellix ePO server, configure the McAfee Trellix feed, then install the Lumeta Asset Manager extension to your ePO server.
The dashboard provides a variety of useful information:
IPs Unmanaged by McAfeeTrellix - IPs Lumeta Asset Manager found on your network that McAfee Trellix doesn't know about and doesn't have under management. Together, these unknowns represent a policy-management gap and vulnerability that could be exploited. This information is presented visually, in a bar chart that shows the volume of unmanaged, and also in a table with details on each unmanaged IP address (i.e., IP and MAC address, responsiveness and when the first and last response was received, and the Zone in which the device is located).
IPs Unmanaged by LumetaAsset Manager - These are those IPs managed by McAfee Trellix that Lumeta Asset Manager did not find on the network. Typically there will not be any devices managed by McAfee Trellix that have not been indexed by LumetaAsset Manager. In the event these widgets show results, check your your Lumeta Asset Manager discovery configuration, which is not providing the level of visibility you require. Contact us for help in identifying the prospective source of the problem.
McAfeeTrellix- and LumetaAsset Manager-Managed IPs - When this subset becomes the whole (i.e., when all devices are managed by both resources, your organization's e-policy is well in hand.
Following is the ePO Management dashboard and a description of the data fields returned. All analytics from the McAfee Trellix feed go here. None affect Map filters, Reports or Search.
- IP Address - Device identifier
- MAC Address - Device identifier
- Active - device responded to Lumeta Asset Manager probe
- First Observed - Device came on the network
- Last Observed - Device left the network after this point
- Zone - Number corresponding to the zone to which the device belongs
...
The data in any dashboard widget can be exported by clicking the Export icon (i.e., the away-pointing arrow). After identifying LumetaAsset Manager-discovered IPs that you'd like to bring into McAfeeTrellix, you can either export the data from the source widget and then import it to McAfeeTrellix. Or, you can install the Lumeta Asset Manager extension on your McAfee Trellix ePO server.
Submit a comment at the bottom of this page if you have a question or need additional information about the ePO Management dashboard.