Collect McAfee Configurations activity The Collect McAfee Configurations workflow activity gathers configuration information to use in the workflow. The Collect McAfee Configurations activity can be used with any workflow to gather the McAfee ESM configuration settings. Results Possible results for this activity are: Table 1. Results Result Description Success Configuration succeeded. . Failure An error occurred while attempting to verify the configuration. More error information is available in the activity output error. Input variables Input variables determine the initial behavior of the activity. Variable Description source Source of the request to run the workflow. Supported inputs are: Trusted Security Circles or security incident task. days_to_search Days to search from the current day backwards. Default is 7. max_rows Maximum rows to return from the query. The limit depends on the third-party integration. observables The list of observables from Trusted Security Circles or the security incident task to search for. Returned in JSON format. query Search syntax. $(observable) is the default. Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description endpoint_base Base URL of the third-party integration API. link_endpoint_base Link to a McAfee web interface, when available. use_default_workflows Determines use of the workflow that was installed with the plugin. Possible values are: true - use the workflow false - do not use the workflow elastic_username McAfee user name elastic_password McAfee password source Source of the request to run the workflow. Supported inputs are: Trusted Security Circles or security incident task. max_rows Maximum rows to return from the query. The limit depends on the third-party integration. . days_to_search Days to search from the current day backwards. Default is 7. query Search syntax. $(observable) is the default. Capability Execution Tracking - Failure activityThe Capability Execution Tracking - Failure workflow activity records a failure to the audit record.
Collect McAfee Configurations activity The Collect McAfee Configurations workflow activity gathers configuration information to use in the workflow. The Collect McAfee Configurations activity can be used with any workflow to gather the McAfee ESM configuration settings. Results Possible results for this activity are: Table 1. Results Result Description Success Configuration succeeded. . Failure An error occurred while attempting to verify the configuration. More error information is available in the activity output error. Input variables Input variables determine the initial behavior of the activity. Variable Description source Source of the request to run the workflow. Supported inputs are: Trusted Security Circles or security incident task. days_to_search Days to search from the current day backwards. Default is 7. max_rows Maximum rows to return from the query. The limit depends on the third-party integration. observables The list of observables from Trusted Security Circles or the security incident task to search for. Returned in JSON format. query Search syntax. $(observable) is the default. Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description endpoint_base Base URL of the third-party integration API. link_endpoint_base Link to a McAfee web interface, when available. use_default_workflows Determines use of the workflow that was installed with the plugin. Possible values are: true - use the workflow false - do not use the workflow elastic_username McAfee user name elastic_password McAfee password source Source of the request to run the workflow. Supported inputs are: Trusted Security Circles or security incident task. max_rows Maximum rows to return from the query. The limit depends on the third-party integration. . days_to_search Days to search from the current day backwards. Default is 7. query Search syntax. $(observable) is the default. Capability Execution Tracking - Failure activityThe Capability Execution Tracking - Failure workflow activity records a failure to the audit record.
