McAfee Network Security Manager is an advanced solution for up to six McAfee Network Security Platform sensors, McAfee Network Access Control appliances, or McAfee Network Threat Behavior Analysis appliances deployed in small and medium-size networks and enterprise branch offices.
This document provides information about the McAfee Network Security Manager connector, which facilitates automated interactions with McAfee Network Security Manager using FortiSOAR™ playbooks. Add the McAfee Network Security Manager connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details for a specific domain from McAfee Network Security Manager and creating a new domain in McAfee Network Security Manager.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 6.4.4-3164
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the McAfee Network Security Manager connector in version 1.1.0:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-mcafee-network-security-manager
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the McAfee Network Security Manager connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Username | Username to access the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Password | Password to access the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Domain | Creates a new domain in McAfee Network Security Manager based on the domain name, contact person, email address, and default IPs and Recon policy you have specified. | add_domain Investigation |
Update Domain | Updates details for an existing domain in McAfee Network Security Manager based on the domain name, contact person, and other input parameters you have specified | update_domain Investigation |
Get Domain Details | Retrieves details for an existing domain from McAfee Network Security Manager based on the domain ID you have specified. | get_domain_details Investigation |
Delete Domain | Deletes an existing domain from McAfee Network Security Manager based on the domain ID you have specified. | delete_domain Investigation |
Get All Domains | Retrieves a list of all domains present in McAfee Network Security Manager. | get_domains Investigation |
Get Domain Sensors | Retrieves a list of all sensors in a specified domain from McAfee Network Security Manager based on the domain ID you have specified. | get_domain_sensors Investigation |
Get Sensor Details | Retrieves details for a specified sensor from McAfee Network Security Manager based on the sensor ID you have specified. | get_sensor_details Investigation |
Get Domain Firewall Policies | Retrieves firewall policies for a specified domain from McAfee Network Security Manager based on the domain ID you have specified. | list_policies Investigation |
Get Policy Details | Retrieves details of a specified firewall policy from McAfee Network Security Manager based on the policy ID you have specified. | get_policy_details Investigation |
Delete Policy | Deletes a specific firewall policy from McAfee Network Security Manager based on the policy ID you have specified. | delete_policy Investigation |
Block IP | Blocks a specific IP address on McAfee Network Security Manager based on the sensor ID, IP address, and other input parameters you have specified. | block_ip Investigation |
UnBlock IP | Unblocks a specific IP address on McAfee Network Security Manager based on the sensor ID and IP address you have specified. | unblock_ip Investigation |
Update Block IP Duration | Updates the block duration for a specific IP address in McAfee Network Security Manager based on the sensor ID, IP address, duration, and other input parameters you have specified. | update_block_ip_duration Investigation |
Get Blocked IP List | Retrieves a list of the blocked IP addresses on a specific sensor in McAfee Network Security Manager based on the sensor ID you have specified. | get_blocked_ip_list Investigation |
Get Blocked IP Details | Retrieves details of the blocked IP addresses on a specific sensor in McAfee Network Security Manager based on the sensor ID you have specified. | get_blocked_ip_details Investigation |
Parameter | Description |
---|---|
Domain Name | Name of the domain that you want to create in McAfee Network Security Manager. |
Contact Person | Name of the contact person associated with the domain that you want to create in McAfee Network Security Manager. |
Email Address | Email address associated with the domain that you want to create in McAfee Network Security Manager. |
Default IPS Policy | Default IPs policy to be applied to the domain that you want to create in McAfee Network Security Manager. |
Default Recon Policy | Default Recon policy to be applied to the domain that you want to create in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"createdResourceId": ""
}
Parameter | Description |
---|---|
Domain ID | Unique identifier of the domain that you want to update in McAfee Network Security Manager. |
Domain Name | Name of the domain that you want to update in McAfee Network Security Manager. |
Contact Person | Name of the contact person associated with the domain that you want to update in McAfee Network Security Manager. |
Email Address | Email address associated with the domain that you want to update in McAfee Network Security Manager. |
Default IPS Policy | Default IPs policy to be applied to the domain that you want to update in McAfee Network Security Manager. |
Default Recon Policy | Default Recon policy to be applied to the domain that you want to update in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"parentDomainId": "",
"domainName": "",
"contactPerson": "",
"emailAddress": "",
"title": "",
"contactPhoneNumber": "",
"companyPhoneNumber": "",
"organization": "",
"address": {
"address1": "",
"address2": ""
},
"city": "",
"state": "",
"country": "",
"allowChildAdminDomain": "",
"allowDevices": "",
"defaultIPSPolicy": "",
"defaultReconPolicy": ""
}
Parameter | Description |
---|---|
Domain ID | ID of the domain that you want to delete from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
None.
The output contains the following populated JSON schema:
{
"DomainDescriptor": {
"childdomains": [
{
"childdomains": "",
"id": "",
"name": ""
}
],
"id": "",
"name": ""
}
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose sensor information you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"SensorDescriptor": [
{
"DomainID": "",
"name": "",
"model": "",
"ReconPolicyID": "",
"IPSPolicyID": "",
"SigsetVersion": "",
"SoftwareVersion": "",
"LastSignatureUpdateTs": "",
"sensorId": "",
"LastModTs": "",
"Description": "",
"sensorIPAddress": "",
"nsmVersion": "",
"isFailOver": "",
"MemberSensors": [
{
"sensorId": "",
"name": "",
"sensorIPAddress": "",
"SigsetVersion": ""
}
]
}
]
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"SensorInfo": {
"SensorDescriptor": {
"DomainID": "",
"name": "",
"ReconPolicyID": "",
"IPSPolicyID": "",
"SoftwareVersion": "",
"SigsetVersion": "",
"LastSignatureUpdateTs": "",
"sensorId": "",
"model": "",
"LastModTs": "",
"Description": ""
},
"Interfaces": {
"InterfaceInfo": [
{
"DomainId": "",
"Description": "",
"IPSPolicyId": "",
"Interfacetype": {
"Dedicated": {}
},
"vidsId": "",
"LastModTs": "",
"name": ""
}
]
},
"Ports": {
"PortInfo": [
{
"portId": "",
"ResponseMode": {
"sendResponseFrom": ""
},
"operatingMode": {
"peerPort": "",
"connectedTo": "",
"mode": ""
},
"portSettings": {
"portName": "",
"portType": "",
"configuration": {
"duplex": "",
"speed": ""
},
"administrativeStatus": "",
"operationalStatus": ""
}
}
]
}
}
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose firewall policies you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"FirewallPoliciesForDomainResponseList": [
{
"policyId": "",
"policyName": "",
"domainId": "",
"visibleToChild": "",
"description": "",
"isEditable": "",
"policyType": "",
"policyVersion": "",
"lastModUser": ""
}
]
}
Parameter | Description |
---|---|
Policy ID | ID of the policy whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"FirewallPolicyId": "",
"Name": "",
"DomainId": "",
"VisibleToChild": "",
"Description": "",
"LastModifiedTime": "",
"IsEditable": "",
"PolicyType": "",
"PolicyVersion": "",
"LastModifiedUser": "",
"MemberDetails": {
"MemberRuleList": [
{
"Description": "",
"Enabled": "",
"Response": "",
"IsLogging": "",
"Direction": "",
"SourceAddressObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"DestinationAddressObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"SourceUserObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"ServiceObjectList": [],
"ApplicationObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": "",
"ApplicationType": ""
}
],
"TimeObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
nbsp; }
]
}
]
}
}
Parameter | Description |
---|---|
Policy ID | ID of the domain that you want to delete from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP address you want to block in McAfee Network Security Manager. |
IP Address | IP address to be quarantined in McAfee Network Security Manager. |
Duration Time | Select the duration time for which you want to block the specified IP address in McAfee Network Security Manager. |
Remediate | Select this option to enable or activate remediation for the specified IP address along with quarantining the IP address. By default this option is disabled, i.e., remediation is not activated. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP address you want to unblock in McAfee Network Security Manager. |
IP Address | IP address to be unblocked in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP addresses block duration you want to extend in McAfee Network Security Manager. |
IP Address | Quarantined IP address whose block duration you want to update in McAfee Network Security Manager. |
Duration Time | Duration for which the quarantine of the IP address needs to be extended. You can extend the quarantine by "FIVE_MINUTES" / "FIFTEEN_MINUTES" / "THIRTY_MINUTES" / "FORTYFIVE_MINUTES" / "SIXTY_MINUTES" / "UNTIL_EXPLICITLY_RELEASED" |
Override | Select this option to enable overriding previous data if it is present for the specified IP address. By default this option is disabled, i.e., previous data for the specified IP address is not overridden. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose blocked IP address list you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"QuarantineHostDescriptor": [
{
"IPAddress": "",
"Duration": ""
}
]
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose blocked IP address details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"QuarantineHostDetail": [
{
"ipAddress": "",
"hostname": "",
"OS": "",
"user": "",
"quarantineDetails": {
"device": "",
"quarantineZone": ""
},
"addedToQuarantine": {
"by": "",
"time": ""
},
"remediate": "",
"pendingRelease": ""
}
]
}
The Sample - McAfee Network Security Manager - 1.1.0
playbook collection comes bundled with the McAfee Network Security Manager connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the McAfee Network Security Manager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
McAfee Network Security Manager is an advanced solution for up to six McAfee Network Security Platform sensors, McAfee Network Access Control appliances, or McAfee Network Threat Behavior Analysis appliances deployed in small and medium-size networks and enterprise branch offices.
This document provides information about the McAfee Network Security Manager connector, which facilitates automated interactions with McAfee Network Security Manager using FortiSOAR™ playbooks. Add the McAfee Network Security Manager connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details for a specific domain from McAfee Network Security Manager and creating a new domain in McAfee Network Security Manager.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 6.4.4-3164
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the McAfee Network Security Manager connector in version 1.1.0:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-mcafee-network-security-manager
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the McAfee Network Security Manager connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Username | Username to access the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Password | Password to access the McAfee Network Security Manager server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Domain | Creates a new domain in McAfee Network Security Manager based on the domain name, contact person, email address, and default IPs and Recon policy you have specified. | add_domain Investigation |
Update Domain | Updates details for an existing domain in McAfee Network Security Manager based on the domain name, contact person, and other input parameters you have specified | update_domain Investigation |
Get Domain Details | Retrieves details for an existing domain from McAfee Network Security Manager based on the domain ID you have specified. | get_domain_details Investigation |
Delete Domain | Deletes an existing domain from McAfee Network Security Manager based on the domain ID you have specified. | delete_domain Investigation |
Get All Domains | Retrieves a list of all domains present in McAfee Network Security Manager. | get_domains Investigation |
Get Domain Sensors | Retrieves a list of all sensors in a specified domain from McAfee Network Security Manager based on the domain ID you have specified. | get_domain_sensors Investigation |
Get Sensor Details | Retrieves details for a specified sensor from McAfee Network Security Manager based on the sensor ID you have specified. | get_sensor_details Investigation |
Get Domain Firewall Policies | Retrieves firewall policies for a specified domain from McAfee Network Security Manager based on the domain ID you have specified. | list_policies Investigation |
Get Policy Details | Retrieves details of a specified firewall policy from McAfee Network Security Manager based on the policy ID you have specified. | get_policy_details Investigation |
Delete Policy | Deletes a specific firewall policy from McAfee Network Security Manager based on the policy ID you have specified. | delete_policy Investigation |
Block IP | Blocks a specific IP address on McAfee Network Security Manager based on the sensor ID, IP address, and other input parameters you have specified. | block_ip Investigation |
UnBlock IP | Unblocks a specific IP address on McAfee Network Security Manager based on the sensor ID and IP address you have specified. | unblock_ip Investigation |
Update Block IP Duration | Updates the block duration for a specific IP address in McAfee Network Security Manager based on the sensor ID, IP address, duration, and other input parameters you have specified. | update_block_ip_duration Investigation |
Get Blocked IP List | Retrieves a list of the blocked IP addresses on a specific sensor in McAfee Network Security Manager based on the sensor ID you have specified. | get_blocked_ip_list Investigation |
Get Blocked IP Details | Retrieves details of the blocked IP addresses on a specific sensor in McAfee Network Security Manager based on the sensor ID you have specified. | get_blocked_ip_details Investigation |
Parameter | Description |
---|---|
Domain Name | Name of the domain that you want to create in McAfee Network Security Manager. |
Contact Person | Name of the contact person associated with the domain that you want to create in McAfee Network Security Manager. |
Email Address | Email address associated with the domain that you want to create in McAfee Network Security Manager. |
Default IPS Policy | Default IPs policy to be applied to the domain that you want to create in McAfee Network Security Manager. |
Default Recon Policy | Default Recon policy to be applied to the domain that you want to create in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"createdResourceId": ""
}
Parameter | Description |
---|---|
Domain ID | Unique identifier of the domain that you want to update in McAfee Network Security Manager. |
Domain Name | Name of the domain that you want to update in McAfee Network Security Manager. |
Contact Person | Name of the contact person associated with the domain that you want to update in McAfee Network Security Manager. |
Email Address | Email address associated with the domain that you want to update in McAfee Network Security Manager. |
Default IPS Policy | Default IPs policy to be applied to the domain that you want to update in McAfee Network Security Manager. |
Default Recon Policy | Default Recon policy to be applied to the domain that you want to update in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"parentDomainId": "",
"domainName": "",
"contactPerson": "",
"emailAddress": "",
"title": "",
"contactPhoneNumber": "",
"companyPhoneNumber": "",
"organization": "",
"address": {
"address1": "",
"address2": ""
},
"city": "",
"state": "",
"country": "",
"allowChildAdminDomain": "",
"allowDevices": "",
"defaultIPSPolicy": "",
"defaultReconPolicy": ""
}
Parameter | Description |
---|---|
Domain ID | ID of the domain that you want to delete from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
None.
The output contains the following populated JSON schema:
{
"DomainDescriptor": {
"childdomains": [
{
"childdomains": "",
"id": "",
"name": ""
}
],
"id": "",
"name": ""
}
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose sensor information you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"SensorDescriptor": [
{
"DomainID": "",
"name": "",
"model": "",
"ReconPolicyID": "",
"IPSPolicyID": "",
"SigsetVersion": "",
"SoftwareVersion": "",
"LastSignatureUpdateTs": "",
"sensorId": "",
"LastModTs": "",
"Description": "",
"sensorIPAddress": "",
"nsmVersion": "",
"isFailOver": "",
"MemberSensors": [
{
"sensorId": "",
"name": "",
"sensorIPAddress": "",
"SigsetVersion": ""
}
]
}
]
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"SensorInfo": {
"SensorDescriptor": {
"DomainID": "",
"name": "",
"ReconPolicyID": "",
"IPSPolicyID": "",
"SoftwareVersion": "",
"SigsetVersion": "",
"LastSignatureUpdateTs": "",
"sensorId": "",
"model": "",
"LastModTs": "",
"Description": ""
},
"Interfaces": {
"InterfaceInfo": [
{
"DomainId": "",
"Description": "",
"IPSPolicyId": "",
"Interfacetype": {
"Dedicated": {}
},
"vidsId": "",
"LastModTs": "",
"name": ""
}
]
},
"Ports": {
"PortInfo": [
{
"portId": "",
"ResponseMode": {
"sendResponseFrom": ""
},
"operatingMode": {
"peerPort": "",
"connectedTo": "",
"mode": ""
},
"portSettings": {
"portName": "",
"portType": "",
"configuration": {
"duplex": "",
"speed": ""
},
"administrativeStatus": "",
"operationalStatus": ""
}
}
]
}
}
}
Parameter | Description |
---|---|
Domain ID | ID of the domain whose firewall policies you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"FirewallPoliciesForDomainResponseList": [
{
"policyId": "",
"policyName": "",
"domainId": "",
"visibleToChild": "",
"description": "",
"isEditable": "",
"policyType": "",
"policyVersion": "",
"lastModUser": ""
}
]
}
Parameter | Description |
---|---|
Policy ID | ID of the policy whose details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"FirewallPolicyId": "",
"Name": "",
"DomainId": "",
"VisibleToChild": "",
"Description": "",
"LastModifiedTime": "",
"IsEditable": "",
"PolicyType": "",
"PolicyVersion": "",
"LastModifiedUser": "",
"MemberDetails": {
"MemberRuleList": [
{
"Description": "",
"Enabled": "",
"Response": "",
"IsLogging": "",
"Direction": "",
"SourceAddressObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"DestinationAddressObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"SourceUserObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
}
],
"ServiceObjectList": [],
"ApplicationObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": "",
"ApplicationType": ""
}
],
"TimeObjectList": [
{
"RuleObjectId": "",
"Name": "",
"RuleObjectType": ""
nbsp; }
]
}
]
}
}
Parameter | Description |
---|---|
Policy ID | ID of the domain that you want to delete from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP address you want to block in McAfee Network Security Manager. |
IP Address | IP address to be quarantined in McAfee Network Security Manager. |
Duration Time | Select the duration time for which you want to block the specified IP address in McAfee Network Security Manager. |
Remediate | Select this option to enable or activate remediation for the specified IP address along with quarantining the IP address. By default this option is disabled, i.e., remediation is not activated. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP address you want to unblock in McAfee Network Security Manager. |
IP Address | IP address to be unblocked in McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose associated IP addresses block duration you want to extend in McAfee Network Security Manager. |
IP Address | Quarantined IP address whose block duration you want to update in McAfee Network Security Manager. |
Duration Time | Duration for which the quarantine of the IP address needs to be extended. You can extend the quarantine by "FIVE_MINUTES" / "FIFTEEN_MINUTES" / "THIRTY_MINUTES" / "FORTYFIVE_MINUTES" / "SIXTY_MINUTES" / "UNTIL_EXPLICITLY_RELEASED" |
Override | Select this option to enable overriding previous data if it is present for the specified IP address. By default this option is disabled, i.e., previous data for the specified IP address is not overridden. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose blocked IP address list you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"QuarantineHostDescriptor": [
{
"IPAddress": "",
"Duration": ""
}
]
}
Parameter | Description |
---|---|
Sensor ID | ID of the sensor whose blocked IP address details you want to retrieve from McAfee Network Security Manager. |
The output contains the following populated JSON schema:
{
"QuarantineHostDetail": [
{
"ipAddress": "",
"hostname": "",
"OS": "",
"user": "",
"quarantineDetails": {
"device": "",
"quarantineZone": ""
},
"addedToQuarantine": {
"by": "",
"time": ""
},
"remediate": "",
"pendingRelease": ""
}
]
}
The Sample - McAfee Network Security Manager - 1.1.0
playbook collection comes bundled with the McAfee Network Security Manager connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the McAfee Network Security Manager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.