Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

McAfee Application / Change Control

 

The McAfee Application / Change Control DSM for JSA accepts change control events by using Java Database Connectivity (JDBC). JSA records all relevant McAfee Application / Change Control events. This document includes information on configuring JSA to access the database that contains events by using the JDBC protocol.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. Click the Log Sources icon.
  4. Click Add.

    You must refer to the Configure Database Settings on your Application / Change Control Management Console to configure the McAfee Application / Change Control DSM in JSA.

  5. Configure the parameters. The following table describes the JDBC protocol parameters that require specific values to collect events from McAfee Application/Change Control:

    Table 1: McAfee Application/Change Control JDBC Protocol Parameters

    Parameter

    Description

    Log Source Type

    McAfee Application/Change Control

    Protocol Configuration

    JDBC

    Log Source Identifier

    Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

    If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

    Database Type

    MSDE

    Database Name

    Type the name of the McAfee Application / Change Control database.

    IP or Hostname

    Type the IP address or host name of the McAfee Application / Change Control SQL Server.

    Port

    Type the port number that is used by the database server. The default port for MSDE is 1433.

    The JDBC configuration port must match the listener port of the McAfee Application / Change Control database. The McAfee Application / Change Control database must have incoming TCP connections enabled to communicate with JSA.

    If you define a Database Instance when you use MSDE as the database type, you must leave the Port parameter blank in your configuration.

    Username

    Type the user name required to access the database.

    Password

    Type the password required to access the database. The password can be up to 255 characters in length.

    Authentication Domain

    If you did not select Use Microsoft JDBC, Authentication Domain is displayed.

    The domain for MSDE that is a Windows domain. If your network does not use a domain, leave this field blank.

    Predefined Query (Optional)

    Select a predefined database query for the log source. If a predefined query is not available for the log source type, administrators can select the none option.

    Database Instance

    Optional. Type the database instance, if you have multiple SQL server instances on your database server.

    If you use a non-standard port in your database configuration, or blocked access to port 1434 for SQL database resolution, you must leave the Database Instance parameter blank in your configuration.

    Table Name

    Type SCOR_EVENTS as the name of the table or view that includes the event records.

    Select List

    Type * for all fields from the table or view.

    You can use a comma-separated list to define specific fields from tables or views, if it's needed for your configuration. The list must contain the field that is defined in the Compare Field parameter. The comma-separated list can be up to 255 alphanumeric characters in length. The list can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    Compare Field

    Type AutoID as the compare field. The compare field is used to identify new events added between queries to the table.

    Use Prepared Statements

    Prepared statements enable the JDBC protocol source to set up the SQL statement, and then run the SQL statement numerous times with different parameters. For security and performance reasons, most JDBC protocol configurations can use prepared statements.

    Start Date and Time (Optional)

    Type the start date and time for database polling in the following format: yyyy-MM-dd HH:mm with HH specified by using a 24-hour clock. If the start date or time is clear, polling begins immediately and repeats at the specified polling interval.

    Polling Interval

    Type the polling interval, which is the amount of time between queries to the event table. The default polling interval is 10 seconds.

    You can define a longer polling interval by appending H for hours or M for minutes to the numeric value. The maximum polling interval is 1 week in any time format. Numeric values that are entered without an H or M poll in seconds.

    EPS Throttle

    Type the number of Events Per Second (EPS) that you do not want this protocol to exceed. The default value is 20000 EPS.

    Use Named Pipe Communication

    If you did not select Use Microsoft JDBC, Use Named Pipe Communication is displayed.

    MSDE databases require the user name and password field to use a Windows authentication user name and password and not the database user name and password. The log source configuration must use the default that is named pipe on the MSDE database.

    Database Cluster Name

    If you selected the Use Named Pipe Communication check box, the Database Cluster Name parameter is displayed. If you are running your SQL server in a cluster environment, define the cluster name to ensure Named Pipe communication functions properly.

    Use NTLMv2

    If you did not select Use Microsoft JDBC, Use NTLMv2 is displayed.

    Select this option if you want MSDE connections to use the NTLMv2 protocol when they are communicating with SQL servers that require NTLMv2 authentication. This option does not interrupt communications for MSDE connections that do not require NTLMv2 authentication.

    Does not interrupt communications for MSDE connections that do not require NTLMv2 authentication.

    Use Microsoft JDBC

    If you want to use the Microsoft JDBC driver, you must enable Use Microsoft JDBC.

    Use SSL

    Select this option if your connection supports SSL. This option appears only for MSDE.

    Microsoft SQL Server Hostname

    If you selected Use Microsoft JDBC and Use SSL, the Microsoft SQL Server Hostname parameter is displayed.

    You must type the host name for the Microsoft SQL server.

    Note

    Selecting a value greater than 5 for the Credibility parameter weights your McAfee Application / Change Control log source with a higher importance compared to other log sources in JSA.

  6. Click Save.
  7. On the Admin tab, click Deploy Changes.