Use McAfee Active Response to collect data from an endpoint for IR purposes (requires ePO as well).
Input:
- Hostname (Default: ${Endpoint.Hostname})
McAfee Active Response
- Details
- Content
- Dependencies
- Version History
Connect to MAR using its DXL client
Playbooks
| Name | Description |
|---|---|
| MAR - Endpoint data collection |
Integrations
| Name | Description |
|---|---|
| McAfee Active Response | Connect to MAR using its DXL client |
Playbooks
| Name | Description |
|---|---|
| MAR - Endpoint data collection | Use McAfee Active Response to collect data from an endpoint for IR purposes (requires ePO as well). Input:
|
Integrations
| Name | Description |
|---|---|
| McAfee Active Response | Connect to MAR using its DXL client |
Required Content Packs (3)
| Pack Name | Pack By |
|---|---|
| epo | By: Cortex XSOAR |
| CommonScripts | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
1.0.3 - 2183875 (December 30, 2021)
Playbooks
MAR - Endpoint data collection
Change the playbook flow to use the McAfee ePO v2 integration if it is installed and configured.
1.0.2 - R2146019 (December 21, 2021)
Integrations
McAfee Active Response
- Updated the Docker image to: demisto/dxl2:1.0.0.24033.
1.0.1 - R264879 (November 9, 2020)
Integrations
- README.md
Fixed image paths in documentation.
PUBLISHER
Cortex
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | November 9, 2020 | |
| Last Release | September 10, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
