An analyser for McAfee ePo with included report template. Retrieve key McAfee ePo information on an IP or username (sAMAccountName) strings.
- McAfee ePo subscription
- McAfee ePo user/password (read role)
- Open Cortex-Analyzers/analyzers/
- Make a new Directory called "McAfeeEPO"
- Copy the "mcafee_epo_analyzer.py", "McAfee_ePo.json" and "mcafee.py" files inside
- Navigate to Cortex-Analyzers/thehive-templates/
- Create a new folder called "McAfeeEPO_1_1"
- Copy the "long.html" and "short.html" files there
- Open Cortex,
- Refresh your analysers
- Enable "McAfee_ePo_1_1"
- Input "hostname", "port, "user" and "password" of your McAfee ePo user. User should have read rights.
- Save
- Open TheHive
- Go To "Report Templates"
- "View Template" on Long Template for McAfee_ePo_1_1
- Copy the contents of long.html and short.html in here and save.
- Refresh your page.
I use native mcafee.py lib as it supports current ePo 5.10.x. The analyser has some weakness, but it works fine for my general needs. Any help in coding is appreciated.
- A username can be found on a few machines were AV is installed. Analyser brings only last one.
- General code optimizating due to my superficial knowledge of python :)
- A lot of featueres could be added. For example, initiate AV scan on an endpoint.