McAfee Active Response
Integration version: 7.0
Configure McAfee Active Response integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Integration parameters
Use the following parameters to configure the integration:
Actions
Ping
Description
Test the connectivity to Active Response.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N
/
A
Search
Description
Active Response searches data on your managed endpoints in real time.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
Collectors
|
String | N/A | The collectors to search in. |
|
Filter Collector
|
String | N/A | The collector filter. |
|
Filter By
|
String | N/A | The field to filter by. |
|
Filter Operator
|
String | N/A | The operator of the filter. Must be one of these: GreaterEqualThan, GreaterThan, LessEqualThan, LessThan, Equals, Contains, StartWith, EndsWith, Before, and After. |
|
Filter Value
|
String | N/A | The filter value. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N
/
A
Need more help? Get answers from Community members and Google SecOps professionals.
