McAfee Web Gateway
Integration version: 8.0
Configure McAfee Web Gateway
To configure the McAfee Web Gateway to work with the Google Security Operations SOAR integration, follow these steps:
Enable REST API interface:
- On Web Gateway page, select Configuration → Appliances.
- On the appliances tree, select the appliance you want to administer using the REST interface and click User Interface.
- Under UI Access, select Enable REST interface over HTTPS (HTTP REST interface is optional).
- Click Save Changes.
Give permission to access REST interface:
- On Web Gateway page, select Accounts → Administrator Accounts.
- In the Roles area, select an administrator role and click Edit. The Edit Role window opens.
- Select REST interface accessible.
- Click OK to close the window.
- Click Save Changes.
Configure McAfee Web Gateway integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Block IP
Description
Insert IP addresses to an "IP range"-type group.
Parameters
| Parameters | Type | Default Value | Description |
|---|---|---|---|
| Group Name | String | N/A | The group name. |
| Description | String | N/A | The entry description. |
Use cases
N/A
Run On
This action runs on the IP Address entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_blocked | True/False | is_blocked:False |
JSON Result
N/A
Insert Item to Group
Description
Insert a network object to a group (IP, URL, etc.). Note that each group is type stricted.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Group Name | String | N/A | The group name. |
| Item to Insert | String | N/A | The item to insert to the group. Default: x.x.x.x/24. |
| Description | String | N/A | The entry description. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_blocked | True/False | is_blocked:False |
JSON Result
N/A
Ping
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_connect | True/False | is_connect:False |
JSON Result
N/A
Remove Item From Group
Description
Remove a network object to a group (IP, URL, etc.). Note that each group is type stricted.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Group Name | String | N/A | The group name. |
| Item to Delete | String | N/A | The item to delete from the group. Default: x.x.x.x/32. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_unblocked | True/False | is_unblocked:False |
JSON Result
N/A
Unblock IP
Description
Delete IP addresses from an "IP range"-type group.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Group Name | String | N/A | The group name to unblock the IP in. |
Use cases
N/A
Run On
his action runs on the IP Address entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_unblocked | True/False | is_unblocked:False |
JSON Result
N/A