Stay organized with collectionsSave and categorize content based on your preferences.
McAfee Active Response
Integration version: 7.0
Configure McAfee Active Response integration in Google Security Operations
For detailed instructions on how to configure an integration in
Google SecOps, seeConfigure
integrations.
Integration parameters
Use the following parameters to configure the integration:
Actions
Ping
Description
Test the connectivity to Active Response.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_success
True/False
is_success:False
JSON Result
N/A
Search
Description
Active Response searches data on your managed endpoints in real time.
Parameters
Parameter
Type
Default Value
Description
Collectors
String
N/A
The collectors to search in.
Filter Collector
String
N/A
The collector filter.
Filter By
String
N/A
The field to filter by.
Filter Operator
String
N/A
The operator of the filter. Must be one of these: GreaterEqualThan, GreaterThan, LessEqualThan, LessThan, Equals, Contains, StartWith, EndsWith, Before, and After.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eMcAfee Active Response is now part of the Trellix product portfolio and is called Active Response, which will reach its end of life on December 31, 2023.\u003c/p\u003e\n"],["\u003cp\u003eThe integration with Google Security Operations SOAR allows users to configure Active Response using a defined set of parameters.\u003c/p\u003e\n"],["\u003cp\u003eThe Ping action tests the connectivity to Active Response without any required parameters and runs on all entities.\u003c/p\u003e\n"],["\u003cp\u003eThe Search action enables real-time searching of data on managed endpoints with customizable parameters such as collectors, filters, and operators.\u003c/p\u003e\n"]]],[],null,["# McAfee Active Response\n======================\n\nIntegration version: 7.0\n| **Important:** McAfee Active Response became part of the Trellix product portfolio and is known as Active Response. Active Response will reach end of life on December 31, 2023.\n\nConfigure McAfee Active Response integration in Google Security Operations\n--------------------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\n### Integration parameters\n\nUse the following parameters to configure the integration:\n\nActions\n-------\n\n### Ping\n\n#### Description\n\nTest the connectivity to Active Response.\n\n#### Parameters\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Search\n\n#### Description\n\nActive Response searches data on your managed endpoints in real time.\n\n#### Parameters\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
