Contributor.. pfrewin1 Contributor..
Contributor..
726 views

McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Hi all,

Just a quick query, are there any plans for a MES 10.1 to be supported via the McAfee ePolicy Orchestrator DB smartconnector?


We've been running this with Virusscan Enterprise 8.8 quite happily, but a new service has come on board running MES 10.1

None of this MES traffic is being picked up by the SmartConnector, only other components of the ePO database.

I've upgraded the SmartConnector (to 7.2.3.7789.0) just in case this has been sorted in a later version, but to no avail.

Judging by the lack of mention in SmartConnector supported documents, I assume this functionality isn't currently available?

Kind regards,
Paul.

Labels (1)
0 Likes
9 Replies
mike_of_many Trusted Contributor.
Trusted Contributor.

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Paul,

With the ePO connector, even after the upgrade and the on boarding of MES into ePO, are you using the same query string to pull logs into the connector?  I don't have my doc's with me, but if I recall the default query string isn't going to pull a number of extra sources that you can tie into ePO and the MES event tables are one of them.

I would suggest look at your ePO db and the query string, then include the extra MES tables to be pulled into ArcSight.

Mike

0 Likes
Contributor.. pfrewin1 Contributor..
Contributor..

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Hi Mike,

Thanks for your reply. Happy to check that, do you have any idea or documentation on where the default SQL queries are held on the ePO database connector so these can be assessed and if required amended? I've not tweaked them to this level before, only specified the components to lookup when configuring in ./runsetupagent.

Thanks,
Paul

0 Likes
MarcNZ1
New Member.

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Hi Paul

I assume you've still had no luck?

Have you looked at the eventtypelist on the ArcSight agent properties file?

agents[0].databases[0].eventtypelist=virusscan

There may be a new eventtype in the ePO DB which hopefully is still readable by the connector.

Add something like the following if the identifier in the DB is es10:

agents[0].databases[0].eventtypelist=virusscan,es10

Regards

Marc

0 Likes
zameer991 Absent Member.
Absent Member.

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Is HP supporting McAfee Endpoint Security 10.1 ?

0 Likes
Super Contributor.. bdeerinwater Super Contributor..
Super Contributor..

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Has there been any update. I am having the same issue.

0 Likes
guido.moscarell Respected Contributor.
Respected Contributor.

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Has there been any update. I am having the same issue.

0 Likes
Contributor.. pfrewin1 Contributor..
Contributor..

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

No, no updates sadly. 
Raised a support call only to be told it's not currently supported.

0 Likes
Highlighted
guido.moscarell Respected Contributor.
Respected Contributor.

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

No one try to implement somethings of custom?

Thanks,

Guido

0 Likes
Contributor.. pfrewin1 Contributor..
Contributor..

Re: McAfee Endpoint Security 10.1 via ePO DB smartconnector support?

Well, just been advised through another thread.....

SmartConnector version 7.6 has been released.

It contains a new device: McAfee Endpoint Security (ENS) 10.5 with ePO 5.3

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.