This app is archived. Learn more
The System Tagger for McAfee ePO add-on allows Splunk users who are also using McAfee ePolicy Orchestrator (ePO) for endpoint security management to apply or remove ePO tags to systems in ePO as the result of a search. Once the system is tagged in ePO, new endpoint policies can be automatically applied and/or new tasks can be assigned in ePO. E.g., if a Splunk query detects an endpoint communicating with a malicious host (e.g. via proxy logs with threat intel), the add-on can tag that system as "compromised" in ePO. ePO can automatically run tag-specific tasks such as AV scans, and/or apply policies like blocking outbound communications via the endpoint firewall on the compromised host. This enables automation between any data in Splunk and McAfee endpoint security.
(0)
Categories
Created By
Contributors
Type
Downloads
Licensing
Splunk Answers
Resources