McAfee ePO v2
McAfee ePO Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
McAfee ePolicy Orchestrator This integration was integrated and tested with version 5.3.2 and 5.10 of McAfee ePO
#
PermissionsMcAfee ePO has a highly flexible and powerful permissions system. The permissions required for the user who uses this integration depend on which operations they need to perform. The API user should have the same permissions a regular user would have in order to access the data via the UI. It is possible to view the exact permissions needed for a specific command by running the !epo-help
command. The !epo-help
command's output will include help information for the specific command including required permissions.
More information about McAfee ePO's permissions model is available here.
Example !epo-help
outputs with permission information:
!epo-help command="repository.findPackages"
:!epo-help command="repository.deletePackage"
:
#
Configure McAfee ePO v2 in CortexParameter | Description | Required |
---|---|---|
McAfee ePO Server URI | True | |
Username | True | |
Password | True | |
Trust any certificate (not secure) | False | |
Use system proxy settings | False | |
HTTP Timeout | The timeout of the HTTP requests sent to McAfee ePO API (in seconds). | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
epo-helpDisplays help (information) for ePO commands. If no command argument is specified, returns all ePO commands.
#
Base Commandepo-help
#
InputArgument Name | Description | Required |
---|---|---|
search | String to search for in the core.help command output. | Optional |
command | The command for which to display help information. | Optional |
prefix | Displays help information for commands with the specified prefix. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-help command="core.help"
#
Human Readable Output#
ePO Help - core.helpcore.help [command][prefix=<>] Lists all registered commands and displays help strings. Returns the list of commands or throws on error. Parameters: command (param 1) - If specified, the help string for a specific command is displayed. If omitted, a list of all commands is displayed. prefix - if specified, only commands with the given prefix are listed. This is useful for showing the commands for a single plug-in. This has no effect if the 'command' argument is specified.
#
epo-get-latest-datChecks the latest available DAT file version in the public McAfee repository.
#
Base Commandepo-get-latest-dat
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.latestDAT | number | Latest available McAfee DAT file version. |
#
Command Example!epo-get-latest-dat
#
Context Example#
Human Readable OutputMcAfee ePO Latest DAT file version available is: 10200
#
epo-get-current-datChecks the existing DAT file version in the ePO repository.
#
Base Commandepo-get-current-dat
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.epoDAT | number | Current installed McAfee DAT file in ePO repository |
#
Command Example!epo-get-current-dat
#
Context Example#
Human Readable OutputMcAfee ePO Current DAT file version in repository is: 10200
#
epo-commandExecutes the ePO command. Receives the mandatory 'command' argument, and other optional arguments. Run the 'epo-help' command to get a list of available commands. You can control the response format to be text instead of the default json format using resp_type=text, You can also specify the 'headers' argument to filter table headers. Example/:/ !epo-command command=system.find searchText=10.0.0.1 headers=EPOBranchNode.AutoID,EPOComputerProperties.ComputerName
#
Base Commandepo-command
#
InputArgument Name | Description | Required |
---|
#
Context OutputThere is no context output for this command.
#
Command Example!epo-command command="system.find" searchText="10.0.0.1" headers="EPOBranchNode.AutoID,EPOComputerProperties.ComputerName"
#
Human Readable Output#
ePO command system.find results:
EPOBranchNode.AutoID EPOComputerProperties.ComputerName 2 10.0.0.1 2 10.0.0.11
#
epo-update-client-datRuns a client task to update the DAT file on the given endpoints.
#
Base Commandepo-update-client-dat
#
InputArgument Name | Description | Required |
---|---|---|
systems | A CSV list of IP addresses or system names. | Required |
retryAttempts | Number of times the server will attempt to send the task to the client. Default is 1 retry. | Optional |
retryIntervalInSeconds | Retry interval in seconds. Default is 30. | Optional |
abortAfterMinutes | The threshold (in minutes) after which attempts to send the task to the client are aborted. Default is 5. | Optional |
stopAfterMinutes | The threshold (in minutes) that the client task is allowed to run. Default is 20. | Optional |
randomizationInterval | Duration (in minutes) over which to randomly spread task execution. Default is 0 (executes on all clients immediately). | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-update-client-dat systems="TIE"
#
Human Readable OutputePO client DAT update task started: Succeeded
#
epo-update-repositoryTriggers a server task in specific ePO servers to retrieve the latest signatures from the updated server.
#
Base Commandepo-update-repository
#
InputArgument Name | Description | Required |
---|
#
Context OutputThere is no context output for this command.
#
Command Example!epo-update-repository
#
Human Readable OutputePO repository update started. success skipped: Current\LMASECORE2000\2.2.0.9309\SpamEngine\0000 skipped: Current\BOCVSE__1000\657\DAT\0000 skipped: Current\AMCORDAT1000\1359.1\DAT\0000 skipped: Current\VIRUSCAN8700\8.7.0\LangPack\0000 skipped: Current\VIRUSCAN8800\8.8.0\LangPack\0000 skipped: Current\SUPPMVTCT1000\8.3.0.357\MVTContentUpdate\0000 skipped: Current\PHCONTENMETA\6006\PHContent\0000 skipped: Current\MASECORE2000\2.2.0.9309\SpamEngine\0000 skipped: Current\DBSECDAMMETA\97.3112\DAT\0000 skipped: Current\MVEDR_R_3000\3.5.2\DAT\0000 skipped: Current\DBSECDVMMETA\195.2097\DVMCHECKS\0000 skipped: Current\Findings\1310\FNDContent\0000 skipped: Current\AUENGINEMETA\1335\BMContent\0000 skipped: Current\ENDPCNT_1000_LYNX\10.7.0\DAT\0000 skipped: Current\ENCPTCNT6000\8.0.0.11953\DAT\0000
#
epo-get-system-tree-groupReturns a system tree group.
#
Base Commandepo-get-system-tree-group
#
InputArgument Name | Description | Required |
---|---|---|
search | String to search for in the system tree group. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.SystemTreeGroups.groupId | number | System tree group ID. |
McAfee.ePO.SystemTreeGroups.groupPath | string | System tree group path. |
#
Command Example!epo-get-system-tree-group search="Lost"
#
Context Example#
Human Readable Output#
ePO System Tree groups
Group ID Group path 3 My Organization\Lost&Found
#
epo-find-systemsFinds computers within a specified group in the McAfee ePO system tree.
#
Base Commandepo-find-systems
#
InputArgument Name | Description | Required |
---|---|---|
groupId | System tree group ID. | Required |
verbose | Whether to return all system data. Possible values are: true, false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Endpoint.ID | String | The unique ID within the tool retrieving the endpoint. |
Endpoint.Domain | string | Endpoint domain. |
Endpoint.Hostname | string | Endpoint hostname. |
Endpoint.IPAddress | string | Endpoint IP address. |
Endpoint.OS | string | Endpoint OS. |
Endpoint.OSVersion | string | Endpoint OS version. |
Endpoint.Processor | string | Processor model. |
Endpoint.Processors | number | Number of processors. |
Endpoint.Memory | number | The amount of memory in the endpoint. |
McAfee.ePO.Endpoint.ParentID | Number | Endpoint parent ID. |
McAfee.ePO.Endpoint.ComputerName | String | Endpoint computer name. |
McAfee.ePO.Endpoint.Description | String | Endpoint description. |
McAfee.ePO.Endpoint.SystemDescription | String | Endpoint system description. |
McAfee.ePO.Endpoint.TimeZone | String | Endpoint time zone. |
McAfee.ePO.Endpoint.DefaultLangID | String | Endpoint default language ID. |
McAfee.ePO.Endpoint.UserName | String | Endpoint username. |
McAfee.ePO.Endpoint.Domain | String | Endpoint domain name. |
McAfee.ePO.Endpoint.Hostname | String | Endpoint IP host name |
McAfee.ePO.Endpoint.IPV6 | String | Endpoint IPv6 address. |
McAfee.ePO.Endpoint.IPAddress | String | Endpoint IP address. |
McAfee.ePO.Endpoint.IPSubnet | String | Endpoint IP subnet. |
McAfee.ePO.Endpoint.IPSubnetMask | String | Endpoint IP subnet mask |
McAfee.ePO.Endpoint.IPV4x | Number | Endpoint IPV4x address. |
McAfee.ePO.Endpoint.IPXAddress | String | Endpoint IPX address. |
McAfee.ePO.Endpoint.SubnetAddress | String | Endpoint subnet address. |
McAfee.ePO.Endpoint.SubnetMask | String | Endpoint subnet mask. |
McAfee.ePO.Endpoint.NetAddress | String | Endpoint net address. |
McAfee.ePO.Endpoint.OSType | String | Endpoint OS type. |
McAfee.ePO.Endpoint.OSVersion | String | Endpoint OS version. |
McAfee.ePO.Endpoint.OSServicePackVer | String | Endpoint OS service pack version. |
McAfee.ePO.Endpoint.OSBuildNum | Number | Endpoint OS build number. |
McAfee.ePO.Endpoint.OSPlatform | String | Endpoint OS platform. |
McAfee.ePO.Endpoint.OSOEMID | String | Endpoint OS OEM ID. |
McAfee.ePO.Endpoint.Processor | String | Endpoint CPU type. |
McAfee.ePO.Endpoint.CPUSpeed | Number | Endpoint CPU speed. |
McAfee.ePO.Endpoint.Processors | Number | The number of CPUs in the endpoint. |
McAfee.ePO.Endpoint.CPUSerialNum | String | The CPU serial number in the endpoint. |
McAfee.ePO.Endpoint.Memory | Number | The total amount of physical memory in the endpoint. |
McAfee.ePO.Endpoint.FreeMemory | Number | The amount of free memory in the endpoint. |
McAfee.ePO.Endpoint.FreeDiskSpace | Number | The amount of free disk space in the endpoint. |
McAfee.ePO.Endpoint.TotalDiskSpace | Number | The total amount of disk space in the endpoint. |
McAfee.ePO.Endpoint.UserProperty1 | String | Endpoint user property 1. |
McAfee.ePO.Endpoint.UserProperty2 | String | Endpoint user property 2. |
McAfee.ePO.Endpoint.UserProperty3 | String | Endpoint user property 3. |
McAfee.ePO.Endpoint.UserProperty4 | String | Endpoint user property 4. |
McAfee.ePO.Endpoint.SysvolFreeSpace | Number | EThe amount of system volume free space in the endpoint. |
McAfee.ePO.Endpoint.SysvolTotalSpace | Number | The amount of system volume total space in the endpoint. |
McAfee.ePO.Endpoint.Tags | String | Endpoint EPO tags. |
McAfee.ePO.Endpoint.ExcludedTags | String | Endpoint EPO excluded tags. |
McAfee.ePO.Endpoint.LastUpdate | Date | The date the endpoint ePO was last updated. |
McAfee.ePO.Endpoint.ManagedState | Number | Endpoint EPO managed state. |
McAfee.ePO.Endpoint.AgentGUID | String | Endpoint EPO agent GUID. |
McAfee.ePO.Endpoint.AgentVersion | String | Endpoint EPO agent version. |
McAfee.ePO.Endpoint.AutoID | Number | Endpoint EPO auto ID. |
#
Command Example!epo-find-systems groupId="2"
#
Context Example#
Human Readable Output#
Endpoint information:
Memory Name Processors 0 10.0.0.1 0
#
epo-find-systemFinds systems in the McAfee ePO system tree.
#
Base Commandepo-find-system
#
InputArgument Name | Description | Required |
---|---|---|
searchText | Hostname to search for. | Required |
verbose | Whether to display all system data. Possible values are: true, false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Endpoint.ID | String | The unique ID within the tool retrieving the endpoint. |
Endpoint.Domain | string | Endpoint domain. |
Endpoint.Hostname | string | Endpoint hostname. |
Endpoint.IPAddress | string | Endpoint IP address. |
Endpoint.OS | string | Endpoint OS. |
Endpoint.OSVersion | string | Endpoint OS version. |
Endpoint.Processor | string | Processor model. |
Endpoint.Processors | number | Number of processors. |
Endpoint.Memory | number | The amount of memory in the endpoint. |
McAfee.ePO.Endpoint.ParentID | Number | Endpoint Parent ID. |
McAfee.ePO.Endpoint.ComputerName | String | Endpoint computer name. |
McAfee.ePO.Endpoint.Description | String | Endpoint description. |
McAfee.ePO.Endpoint.SystemDescription | String | Endpoint system description. |
McAfee.ePO.Endpoint.TimeZone | String | Endpoint time zone. |
McAfee.ePO.Endpoint.DefaultLangID | String | Endpoint default language ID. |
McAfee.ePO.Endpoint.UserName | String | Endpoint username. |
McAfee.ePO.Endpoint.Domain | String | Endpoint domain name. |
McAfee.ePO.Endpoint.Hostname | String | Endpoint IP host name. |
McAfee.ePO.Endpoint.IPV6 | String | Endpoint IPv6 address. |
McAfee.ePO.Endpoint.IPAddress | String | Endpoint IP address. |
McAfee.ePO.Endpoint.IPSubnet | String | Endpoint IP subnet. |
McAfee.ePO.Endpoint.IPSubnetMask | String | Endpoint IP subnet mask. |
McAfee.ePO.Endpoint.IPV4x | Number | Endpoint IPV4x address. |
McAfee.ePO.Endpoint.IPXAddress | String | Endpoint IPX address. |
McAfee.ePO.Endpoint.SubnetAddress | String | Endpoint subnet address. |
McAfee.ePO.Endpoint.SubnetMask | String | Endpoint subnet mask. |
McAfee.ePO.Endpoint.NetAddress | String | Endpoint net address. |
McAfee.ePO.Endpoint.OSType | String | Endpoint OS type. |
McAfee.ePO.Endpoint.OSVersion | String | Endpoint OS version. |
McAfee.ePO.Endpoint.OSServicePackVer | String | Endpoint OS service pack version. |
McAfee.ePO.Endpoint.OSBuildNum | Number | Endpoint OS build number. |
McAfee.ePO.Endpoint.OSPlatform | String | Endpoint OS platform. |
McAfee.ePO.Endpoint.OSOEMID | String | Endpoint OS OEM ID. |
McAfee.ePO.Endpoint.Processor | String | Endpoint CPU type. |
McAfee.ePO.Endpoint.CPUSpeed | Number | Endpoint CPU speed. |
McAfee.ePO.Endpoint.Processors | Number | Number of CPUs in the endpoint. |
McAfee.ePO.Endpoint.CPUSerialNum | String | Endpoint CPU serial number. |
McAfee.ePO.Endpoint.Memory | Number | The total amount of physical memory in the endpoint. |
McAfee.ePO.Endpoint.FreeMemory | Number | The amount of free memory in the endpoint. |
McAfee.ePO.Endpoint.FreeDiskSpace | Number | The amount of free disk space in the endpoint. |
McAfee.ePO.Endpoint.TotalDiskSpace | Number | The total amount of disk space in the endpoint. |
McAfee.ePO.Endpoint.UserProperty1 | String | Endpoint user property 1. |
McAfee.ePO.Endpoint.UserProperty2 | String | Endpoint user property 2. |
McAfee.ePO.Endpoint.UserProperty3 | String | Endpoint user property 3. |
McAfee.ePO.Endpoint.UserProperty4 | String | Endpoint user property 4. |
McAfee.ePO.Endpoint.SysvolFreeSpace | Number | The amount of system volume free space in the endpoint. |
McAfee.ePO.Endpoint.SysvolTotalSpace | Number | The total amount of system volume space in the endpoint. |
McAfee.ePO.Endpoint.Tags | String | Endpoint ePO tags. |
McAfee.ePO.Endpoint.ExcludedTags | String | Endpoint EPO excluded tags. |
McAfee.ePO.Endpoint.LastUpdate | Date | Endpoint he date the endpoint was last updated. |
McAfee.ePO.Endpoint.ManagedState | Number | Endpoint managed state. |
McAfee.ePO.Endpoint.AgentGUID | String | Endpoint agent GUID. |
McAfee.ePO.Endpoint.AgentVersion | String | Endpoint agent version. |
McAfee.ePO.Endpoint.AutoID | Number | Endpoint auto ID. |
#
Command Example!epo-find-system searchText="TIE"
#
Context Example#
Human Readable Output#
Systems in the System Tree
Name Domain Hostname IPAddress OS OSVersion Processor Processors Memory tie (none) tie 192.168.1.102 Linux 4.9 Intel(R) Xeon(R) CPU E5-2697A v4 @ 2.60GHz 8 8364199936
#
epo-wakeup-agentWakes up an agent.
#
Base Commandepo-wakeup-agent
#
InputArgument Name | Description | Required |
---|---|---|
names | A comma-separated list of agent host names. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-wakeup-agent names="TIE"
#
Human Readable Output#
ePO agents was awaken.
Completed Failed Expired 1 0 0
#
epo-apply-tagApplies a tag to the specified host names.
#
Base Commandepo-apply-tag
#
InputArgument Name | Description | Required |
---|---|---|
names | A comma-separated list of host names on which to apply tags. | Required |
tagName | Tag name. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-apply-tag names="TIE" tagName="Server"
#
Human Readable OutputePO could not find server or server already assigned to the given tag.
#
epo-clear-tagClears a tag from the specified host names.
#
Base Commandepo-clear-tag
#
InputArgument Name | Description | Required |
---|---|---|
names | A comma-separated list of host names from which to clear tags. | Required |
tagName | Tag name. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-clear-tag names="TIE" tagName="MARSERVER"
#
Human Readable OutputePO could not find server or server already assigned to the given tag.
#
epo-list-tagList tags that contain the searchText. If no searchText is specified, list all tags available in the ePO system.
#
Base Commandepo-list-tag
#
InputArgument Name | Description | Required |
---|---|---|
searchText | List tags that contains the searchText in their name field. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.Tags.tagId | number | Tag ID.. |
McAfee.ePO.Tags.tagName | string | Tag name. |
McAfee.ePO.Tags.tagNotes | string | Tag notes. |
#
Command Example!epo-list-tag searchText="server"
#
Context Example#
Human Readable Output#
ePO Tags
tagId tagName tagNotes 1 Server Default tag for systems identified as a Server 4 TIESERVER Apply Tag to TIEServers 5 MARSERVER Apply Tag to Active Response Server
#
epo-get-tablesReturns the ePO table of the table argument that is specified. If no table argument is specified, returns all ePO tables.
#
Base Commandepo-get-tables
#
InputArgument Name | Description | Required |
---|---|---|
table | Name of the table to retrieve. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-get-tables table="Client Events"
#
Human Readable Output#
ePO tables:
name target type databaseType description columns relatedTables foreignKeys Client Events EPOProductEvents target Retrieves information on client events from managed systems.
Name Type Select? Condition? GroupBy? Order? Number?
------------- -------------- ------- ---------- -------- ------ -------
AutoID long False False False True True
AgentGUID string True False False True False
NodeID int False False False True True
TVDEventID eventIdInt True True True True True
TVDSeverity enum True True True True False
ReceivedUTC timestamp True True True True False
DetectedUTC timestamp True True True True False
HostName string True True True True False
UserName string True True True True False
IPV6 ipv6 True True True True False
ProductCode string False False False True False
version productVersion True True True True False
SPHotFix string True True True True False
ExtraDATNames string True True True True False
Type string_lookup True True True True False
Error enum True True True True False
Locale int True True True True True
SiteName string True True True True False
InitiatorID string True True True True False
InitiatorType string_lookup True True True True False
TenantId int False False False True True
Name
------------------
EPOLeafNode
EPOSoftwareView
EPOEventFilterDesc
Source table Source Columns Destination table Destination columns Allows inverse? One-to-one? Many-to-one?
---------------- -------------- ----------------- ------------------- --------------- ----------- ------------
EPOProductEvents AgentGUID EPOLeafNode AgentGUID False False True
EPOProductEvents TVDEventID EPOEventFilterDesc EventId False False True
EPOProductEvents ProductCode EPOSoftwareView ProductCode False False True
#
epo-query-tableQueries an ePO table.
#
Base Commandepo-query-table
#
InputArgument Name | Description | Required |
---|---|---|
target | Name of the table. | Required |
select | The columns to return, in SQUID syntax. Example: "(select EPOEvents.AutoID EPOEvents.DetectedUTC EPOEvents.ReceivedUTC)". | Optional |
where | Filter results, in SQUID syntax. Example: "(where ( eq ( OrionTaskLogTask .UserName "ga" )))". | Optional |
order | Order in which to return the results, in SQUID syntax. Example: "(order (asc OrionTaskLogTask.StartDate) )"). | Optional |
group | Group the results, in SQUID Syntax. Example: "(group EPOBranchNode.NodeName)". | Optional |
joinTables | Perform join, in SQUID syntax. | Optional |
query_name | Name for the query to appear in the context. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.Query | unknown | Query result. |
#
Command Example!epo-query-table target="FW_Rule" query_name="Test Query"
#
Context Example#
Human Readable Output#
ePO Table Query:
FW_Rule.localServiceList FW_Rule.trafficLogged FW_Rule.lastModifyingUsername FW_Rule.transportProtocol FW_Rule.remoteServiceList FW_Rule.name FW_Rule.schedule_offHours FW_Rule.note FW_Rule.schedule_start FW_Rule.mediaFlags FW_Rule.intrusion FW_Rule.schedule_end FW_Rule.action FW_Rule.direction FW_Rule.lastModified FW_Rule.enabled false system 1024 Outlook NONE 0:00 7 false 0:00 JUMP EITHER 2014-06-20T11:42:38-07:00 1 0 false admin 1 Allow ICMP Echo Reply Incoming for Services NONE 0:00 7 false 0:00 ALLOW IN 2010-03-29T11:54:22-07:00 1 false admin 6 Block System TCP Incoming NONE 0:00 7 false 0:00 BLOCK IN 2009-10-22T17:32:08-07:00 1
#
epo-get-versionReturns the ePO version.
#
Base Commandepo-get-version
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.Version | string | ePO version. |
#
Command Example!epo-get-version
#
Context Example#
Human Readable Output#
ePO version is: 5.3.2
#
epo-move-systemMoves a system to a different group in the McAfee ePO.
#
Base Commandepo-move-system
#
InputArgument Name | Description | Required |
---|---|---|
names | A comma-separated list of asset names. | Required |
parentGroupId | Group ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-move-system names="TIE" parentGroupId="3"
#
Human Readable OutputSystem(s) TIE moved successfully to GroupId 3
#
epo-advanced-commandExecutes the ePO command. Run the 'epo-help' command to get a list of available commands. For example/:/ !epo-advanced-command command=clienttask.find commandArgs=searchText:On-Demand. You can specify the 'headers' argument to filter table headers, for example/:/ !epo-command command=system.find searchText=10.0.0.1 headers=EPOBranchNode.AutoID,EPOComputerProperties.ComputerName.
#
Base Commandepo-advanced-command
#
InputArgument Name | Description | Required |
---|---|---|
command | The command to execute. Run either the core.help command or the !epo-help to get all available commands. | Required |
commandArgs | CSV list of key value pairs as additional arguments to pass, for example, "argName1:argValue1,argName2:argValue2". | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-advanced-command command="clienttask.find" commandArgs="searchText:On-Demand"
#
Human Readable Output#
ePO command clienttask.find results:
objectName productId productName objectId typeName typeId On-Demand Scan - Full Scan ENDP_AM_1000 Endpoint Security Threat Prevention 26 Endpoint Security Threat Prevention: Policy Based On-Demand Scan 11 On-Demand Scan - Quick Scan ENDP_AM_1000 Endpoint Security Threat Prevention 27 Endpoint Security Threat Prevention: Policy Based On-Demand Scan 11
#
epo-find-client-taskFinds client tasks.
#
Base Commandepo-find-client-task
#
InputArgument Name | Description | Required |
---|---|---|
searchText | List client tasks that contains the searchText in their name field. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.ClientTask.objectId | number | Client task object ID. |
McAfee.ePO.ClientTask.objectName | string | Client task object name. |
McAfee.ePO.ClientTask.productId | string | Client task product ID. |
McAfee.ePO.ClientTask.productName | string | Client task product name. |
McAfee.ePO.ClientTask.typeId | number | Client task type ID. |
McAfee.ePO.ClientTask.typeName | string | Client task type name. |
#
Command Example!epo-find-client-task searchText="On-Demand"
#
Context Example#
Human Readable Output#
ePO Client Tasks:
productName objectName productId typeId objectId typeName Endpoint Security Threat Prevention On-Demand Scan - Full Scan ENDP_AM_1000 11 26 Endpoint Security Threat Prevention: Policy Based On-Demand Scan Endpoint Security Threat Prevention On-Demand Scan - Quick Scan ENDP_AM_1000 11 27 Endpoint Security Threat Prevention: Policy Based On-Demand Scan
#
epo-find-policyFinds policy.
#
Base Commandepo-find-policy
#
InputArgument Name | Description | Required |
---|---|---|
searchText | List policies that contains the searchText in their name field. If no searchText is specified, list all policies in the ePO system. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-find-policy searchText="On-Access"
#
Context Example#
Human Readable Output#
ePO Policies:
objectName featureName productId productName objectId typeName featureId typeId McAfee Default Policy Category ENDP_AM_1000 Endpoint Security Threat Prevention 84 On-Access Scan ENDP_AM_1000 40 On-Access Scan for Exchange Policy Category ENDP_AM_1000 Endpoint Security Threat Prevention 86 On-Access Scan ENDP_AM_1000 40 My Default Policy Category ENDP_AM_1000 Endpoint Security Threat Prevention 90 On-Access Scan ENDP_AM_1000 40
#
epo-assign-policy-to-groupAssigns a policy to the specified group or resets the group's inheritance for the specified policy.
#
Base Commandepo-assign-policy-to-group
#
InputArgument Name | Description | Required |
---|---|---|
groupId | System tree group ID (as returned by system.findGroups). | Required |
productId | Product ID (as returned by policy.find). | Required |
objectId | Object ID (as returned by policy.find). | Required |
resetInheritance | If true, resets the inheritance for the specified policy on the given group. Default is false. Possible values are: true, false. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-assign-policy-to-group groupId="2" productId="ENDP_AM_1000" objectId="86"
#
Human Readable OutputPolicy productId:ENDP_AM_1000 objectId:86 assigned successfully to GroupId 2
#
epo-assign-policy-to-systemAssigns a policy to a supplied list of systems or resets the systems' inheritance for the specified policy.
#
Base Commandepo-assign-policy-to-system
#
InputArgument Name | Description | Required |
---|---|---|
names | EEither supply a comma-separated list of names/ip addresses or a comma-separated list of IDs to which the policy is to be assigned. | Required |
productId | Product ID (as returned by policy.find). | Required |
typeId | Type ID (as returned by policy.find). | Required |
objectId | Object ID (as returned by policy.find). | Required |
resetInheritance | If true, resets the inheritance for the specified object. Default is false. Possible values are: true, false. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-assign-policy-to-system names="TIE" productId="ENDP_AM_1000" typeId="40" objectId="84"
#
Human Readable Output#
ePO Policies:
status name message id 0 TIE Assign policy succeeded 2
#
epo-list-issuesList the issue for the ID that is specified. If no ID is specified, list all issues in the McAfee ePO system.
#
Base Commandepo-list-issues
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the issue to display. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.Issue.activityLog.date | string | Date of the issue activity log. |
McAfee.ePO.Issue.activityLog.details | string | Details of the issue activity log. |
McAfee.ePO.Issue.activityLog.id | number | The ID of the issue activity log. |
McAfee.ePO.Issue.activityLog.issueId | number | The issue ID of the activity log. |
McAfee.ePO.Issue.activityLog.title | string | The title of the issue activity log. |
McAfee.ePO.Issue.activityLog.username | string | The username of the issue activity log. |
McAfee.ePO.Issue.id | number | Issue ID. |
McAfee.ePO.Issue.name | string | Issue name. |
McAfee.ePO.Issue.type | string | Issue type. |
McAfee.ePO.Issue.description | string | Issue description. |
McAfee.ePO.Issue.state | string | Issue state. |
McAfee.ePO.Issue.priority | string | Issue priority. |
McAfee.ePO.Issue.severity | string | Issue severity. |
McAfee.ePO.Issue.resolution | string | Issue resolution. |
McAfee.ePO.Issue.creatorName | string | Issue creator name. |
McAfee.ePO.Issue.assignee | number | Issue assignee ID. |
McAfee.ePO.Issue.assigneeName | string | Issue assignee name. |
McAfee.ePO.Issue.createdDate | string | Date the issue was created. |
McAfee.ePO.Issue.dueDate | string | Date the issue is due. |
McAfee.ePO.Issue.ticketId | string | Ticket ID of the issue. |
McAfee.ePO.Issue.ticketServerName | string | Issue ticket server name. |
#
Command Example!epo-list-issues
#
Context Example#
Human Readable Output#
ePO Issue List:
ticketId dueDate createdDate creatorName resolution subtype assigneeName description priority type ticketServerName name assignee severity activityLog id state 2021-05-09T03:36:56-07:00 admin NONE dxl aaaa MEDIUM issue.type.untyped aaaa LOWEST {'date': '2021-05-09T03:36:56-07:00', 'details': '', 'id': 1, 'issueId': 1, 'title': 'Issue Created', 'username': 'admin'} 1 NEW 2021-11-23T00:46:25-08:00 admin NONE admin test1 HIGH issue.type.untyped Wissam MEDIUM {'date': '2021-11-23T00:46:25-08:00', 'details': '', 'id': 2, 'issueId': 2, 'title': 'Issue Created', 'username': 'admin'},
{'date': '2021-11-23T23:26:20-08:00', 'details': 'assignee changed from test_api to admin', 'id': 3, 'issueId': 2, 'title': 'Issue Changed', 'username': 'admin'},
{'date': '2021-11-23T23:32:08-08:00', 'details': 'yakovi', 'id': 4, 'issueId': 2, 'title': 'User Comment', 'username': 'admin'}2 NEW
#
epo-delete-issueDelete an issue.
#
Base Commandepo-delete-issue
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the issue to delete. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-delete-issue id=8
#
Human Readable OutputIssue with id=0 was deleted
#
epo-create-issueCreate an issue.
#
Base Commandepo-create-issue
#
InputArgument Name | Description | Required |
---|---|---|
name | Issue name. | Required |
description | Issue description. | Required |
type | Issue type. | Optional |
state | Issue state. Possible values are: UNKNOWN, NEW, ASSIGNED, RESOLVED, CLOSED, TICKETED, TICKET_PENDING. | Optional |
priority | Issue priority. Possible values are: UNKNOWN, LOWEST, LOW, MEDIUM, HIGH, HIGHEST. | Optional |
severity | Issue severity. Possible values are: UNKNOWN, LOWEST, LOW, MEDIUM, HIGH, HIGHEST. | Optional |
resolution | Issue resolution. Possible values are: NONE, FIXED, WAIVED, WILLNOTFIX. | Optional |
due | Due date of the issue in the format yyyy-mm-dd hh:mm:ss. | Optional |
assignee_name | Name of the user assigned to the issue. | Optional |
ticketServerName | Ticket server name of the issue. | Optional |
ticketId | Ticket ID of the issue. | Optional |
properties | Properties of the issue. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
McAfee.ePO.Issue.id | number | Issue ID. |
McAfee.ePO.Issue.name | string | Issue name. |
McAfee.ePO.Issue.description | string | Issue description. |
#
Command Example!epo-create-issue name="test-epo-integration" description="automatically generated by epo integration" assignee_name="admin"
#
Context Example#
Human Readable OutputIssue with the following ID: 35 was created successfully
#
epo-update-issueUpdate an issue.
#
Base Commandepo-update-issue
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the issue to update. | Required |
name | Name of the issue to update. | Required |
description | Description of the issue to update. | Required |
state | State of the issue to update. Possible values are: UNKNOWN, NEW, ASSIGNED, RESOLVED, CLOSED, TICKETED, TICKET_PENDING. | Optional |
priority | Priority of the issue to update. Possible values are: UNKNOWN, LOWEST, LOW, MEDIUM, HIGH, HIGHEST. | Optional |
severity | Severity of the issue to update. Possible values are: UNKNOWN, LOWEST, LOW, MEDIUM, HIGH, HIGHEST. | Optional |
resolution | Resolution of the issue to update. Possible values are: NONE, FIXED, WAIVED, WILLNOTFIX. | Optional |
due | Due date of the issue to update. | Optional |
assignee_name | Name of the user assigned to the issue. | Optional |
ticketServerName | Ticket server name of the issue. | Optional |
ticketId | Ticket ID of the issue. | Optional |
properties | Properties of the issue. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!epo-update-issue id=10 name="test" description="testing epo integration" state="NEW"
#
Human Readable OutputIssue with id=10 was updated