Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

McAfee EPolicy Orchestrator (EPO)

 

Use the JSA Content Extension for McAfee ePolicy Orchestrator (EPO) to closely monitor your McAfee EPO Antivirus extraction deployment.

JSA Content Extensions for McAfee EPolicy Orchestrator (EPO)

JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.3

The following table shows the changed custom properties in JSA Content Extension for McAfee ePolicy Orchestrator (EPO) V1.0.3.

Table 1:  

Name

Optimized

Capture Group

Regex

UrlHost

Yes

1

TargetURL:\s"(?:.*?:\/\/)?(?:www\.)?([^\/:\,\"]+)

SourceURL:\s"(?:.*?:\/\/)?(?:www\.)?([^\/:\,\"]+)

All custom property descriptions were updated, and changes were made to allow custom properties to be translated.

(Back to top)Use the JSA Content Extension for McAfee ePolicy Orchestrator (EPO) to closely monitor your McAfee EPO Antivirus extraction deployment.

JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.2

The following table shows the changed custom properties in JSA Content Extension for McAfee ePolicy Orchestrator (EPO) V1.0.2.

Table 2: Changed Custom Properties in JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.2

Name

Optimized

Action

1

Filename

1

File Extension

1

URL

1

UrlHost

1

(Back to top)Use the JSA Content Extension for McAfee ePolicy Orchestrator (EPO) to closely monitor your McAfee EPO Antivirus extraction deployment.

JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.1

The following table shows the custom properties in JSA Content Extension for McAfee ePolicy Orchestrator (EPO) V1.0.1.

Table 3: Custom Properties in JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.1

Name

Capture Group

Regex

Computer Name

1

TargetHostName:\s"([^"]+)\"

File Path

1

TargetPath:\s"([^"]+)\"

TargetFileName:\s"([^\"]+\\).*?\"

Filename

1

TargetFileName:\s"(?:[^\"]+\\)(.*?)\"

TargetName:\s"([^"]+)\"

File Extension

1

TargetName:\s"[^\.\"]+\.([^\"]+)\"

TargetFileName:\s"[^\.\"]+\.([^\"]+)\"

File Hash

1

TargetHash:\s"([^"]+)\"

(?:SHA(?:256|1)|MD5):\s;(\w{32})\;

MD5 Hash

1

MD5:\s"(\w{32})\"

URL

1

TargetURL:\s"([^"]+)\"

SourceURL:\s"([^"]+)\"

UrlHost

1

TargetURL:\s"(?:.*?:\/\/)?(?:www\.)?([^\/:\

SourceURL:\s"(?:.*?:\/\/)?(?:www\.)?([^\/:\

Threat Name

1

ThreatName:\s"([^"]+)\"

Threat Category

1

ThreatCategory:\s"([^"]+)\"

Threat Type

1

ThreatType:\s"([^"]+)\"

Threat Severity

1

ThreatSeverity:\s"([^"]+)\"

Detection Method

1

AnalyzerDetectionMethod:\s"([^"]+)\"

Action

1

ThreatActionTaken:\s+"(.*)"\s+ThreatHandled

Action Result

1

ThreatHandled:\s"([^"]+)\"

Agent GUID

1

AgentGUID:\s"([^"]+)\"

(Back to top)Use the JSA Content Extension for McAfee ePolicy Orchestrator (EPO) to closely monitor your McAfee EPO Antivirus extraction deployment.

JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.0

The following table shows the custom properties in JSA Content Extension for McAfee ePolicy Orchestrator (EPO) V1.0.0.

Table 4: Custom Properties in JSA Content Extension for McAfee EPolicy Orchestrator (EPO) V1.0.0

Name

Regex

Analyzer

Analyzer:\s+"(.*)"\s+AnalyzerName

Analyzer Name

AnalyzerName:\s+"(.*)"\s+AnalyzerVersion

Analyzer Host Name

AnalyzerHostName:\s+"(.*)"\s+AnalyzerIPV4

Threat Action Taken

ThreatActionTaken:\s+"(.*)"\s+ThreatHandled

URL

SourceURL:\s+"(.*)"\s+TargetHostName

(Back to top)Use the JSA Content Extension for McAfee ePolicy Orchestrator (EPO) to closely monitor your McAfee EPO Antivirus extraction deployment.