Configure Intel McAfee ESM - Email Parser integration

Intel McAfee ESM - Email Parser integration uses email notifications from ESM to drive enrichment, and response workflows.

Before you begin

Role required: sn_si_admin

About this task

An Intel McAfee ESM email parser template is provided to use for the integration. It must be configured and activated before the integration takes place. Updating the parser activates it.

Procedure

  1. Navigate to Security Operations > Integrations > Integration Configurations.
    The available security integrations appear as a series of cards.
    Intel McAfee ESM - Email Parser integration card
  2. In the Intel McAfee ESM - Email Parser card, click Configure.
  3. In the Intel McAfee ESM - Email Parser Configuration dialog box, click the Configure Email Parser link.
  4. Click the Intel McAfee ESM link to edit the settings in the template email parser provided. At a minimum, fill in the Email is from field.
    To create you own email parser, see Create email parsers in Security Operations.
  5. Check the Active box.
  6. Click Update in the Email Parser form.
    The email parser is active. You do not need to return to Integration Configurations.