Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

McAfee Application / Change Control

 

The McAfee Application / Change Control DSM for JSA accepts change control events by using Java Database Connectivity (JDBC). JSA records all relevant McAfee Application / Change Control events. This document includes information on configuring JSA to access the database that contains events by using the JDBC protocol.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. Click the Log Sources icon.
  4. Click Add.
  5. From the Log Source Type list, select McAfee Application / Change Control.
  6. From the Protocol Configuration list, select JDBC.

    You must refer to the Configure Database Settings on your Application / Change Control Management Console to configure the McAfee Application / Change Control DSM in JSA.

  7. Configure the following values:

    Table 1: McAfee Application / Change Control JDBC Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the identifier for the log source. Type the log source identifier in the following format:

    <McAfee Change Control Database>@<Change Control Database Server IP or Host Name>

    Where:

    • <McAfee Change Control Database> is the database name, as entered in the Database Name parameter.

    • <Change Control Database Server IP or Host Name> is the host name or IP address for this log source, as entered in the IP or Hostname parameter.

    When you define a name for your Log Source Identifier, you must use the values of the McAfee Change Control Database and Database Server IP address or host name from the ePO Management Console.

    Database Type

    From the list, select MSDE.

    Database Name

    Type the exact name of the McAfee Application / Change Control database.

    IP or Hostname

    Type the IP address or host name of the McAfee Application / Change Control SQL Server.

    Port

    Type the port number that is used by the database server. The default port for MSDE is 1433.

    The JDBC configuration port must match the listener port of the McAfee Application / Change Control database. The McAfee Application / Change Control database must have incoming TCP connections enabled to communicate with JSA.

    If you define a Database Instance when you use MSDE as the database type, you must leave the Port parameter blank in your configuration.

    Username

    Type the user name required to access the database.

    Password

    Type the password required to access the database. The password can be up to 255 characters in length.

    Confirm Password

    Confirm the password required to access the database. The confirmation password must be identical to the password entered in the Password parameter.

    Authentication Domain

    If you select MSDE as the Database Type and the database is configured for Windows, you must define the WindowsAuthentication Domain. Otherwise, leave this field blank.

    Database Instance

    Optional. Type the database instance, if you have multiple SQL server instances on your database server.

    If you use a non-standard port in your database configuration, or blocked access to port 1434 for SQL database resolution, you must leave the Database Instance parameter blank in your configuration.

    Table Name

    Type SCOR_EVENTS as the name of the table or view that includes the event records.

    Select List

    Type * for all fields from the table or view.

    You can use a comma-separated list to define specific fields from tables or views, if it's needed for your configuration. The list must contain the field that is defined in the Compare Field parameter. The comma-separated list can be up to 255 alphanumeric characters in length. The list can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    Compare Field

    Type AutoID as the compare field. The compare field is used to identify new events added between queries to the table.

    Start Date and Time

    Optional. Type the start date and time for database polling.

    The Start Date and Time parameter must be formatted as yyyy-MM-dd HH: mm with HH specified by using a 24-hour clock. If the start date or time is clear, polling begins immediately and repeats at the specified polling interval.

    Use Prepared Statements

    Select this check box to use prepared statements.

    Prepared statements allows the JDBC protocol source to setup the SQL statement one time, then run the SQL statement many times with different parameters. For security and performance reasons, it is better to use prepared statements.

    Clearing this check box requires you to use an alternative method of querying that does not use pre-compiled statements.

    Polling Interval

    Type the polling interval, which is the amount of time between queries to the event table. The default polling interval is 10 seconds.

    You can define a longer polling interval by appending H for hours or M for minutes to the numeric value. The maximum polling interval is 1 week in any time format. Numeric values that are entered without an H or M poll in seconds.

    EPS Throttle

    Type the number of Events Per Second (EPS) that you do not want this protocol to exceed. The default value is 20000 EPS.

    Use Named Pipe Communication

    Clear the Use Named Pipe Communications check box.

    When you use a Named Pipe connection, the user name and password must be the appropriate Windows authentication user name and password and not the database user name and password. Also, you must use the default Named Pipe.

    Database Cluster Name

    If you select the Use Named Pipe Communication check box, the Database Cluster Name parameter is displayed. If you are running your SQL server in a cluster environment, define the cluster name to ensure Named Pipe communication functions properly.

    Note

    Selecting a value greater than 5 for the Credibility parameter weights your McAfee Application / Change Control log source with a higher importance compared to other log sources in JSA.

  8. Click Save.
  9. On the Admin tab, click Deploy Changes.