MVISION-EDR extension:
After you check in the MVISION EDR extension, all dependent extensions and packages are installed:
MVISION Cloud Bridge 2.0.0
MVISION-EDR-Client
MVISION EDR Endpoint Snapshot Tool
MVISION-EDR-Client-Package
MVISION-EDR
McAfee Data Exchange Layer extensions
Security Information
and Event
Management (SIEM)
MVISION EDR supports the following SIEM integrations:
McAfee Enterprise Security Manager (McAfee ESM) 10.0.0 or later. NOTE: See the ArcSight statement below for 11.3.1 and earlier limitations.
11.3.2 and later natively supports EDR without the ArcSight limitation detailed below. For integration steps, see the ESM Data Sources Configuration Reference Guide.
Micro Focus ArcSight Enterprise Security Manager (ArcSight® ESM) 6.9.1 IMPORTANT: For 11.3.1 and earlier, ArcSight ESM and McAfee ESM integration is supported only for automating the creation of guided investigations. One of the following is used:
An external FQDN
An external IP address
The host name or IP address of an endpoint that is using the MVISION EDR client.
Splunk Enterprise Security Manager (Splunk ESM) 7.1.0 using the Common Information Model (CIM).
NOTE: You can feed detections from MVISION EDR into your SIEM tool by configuring your McAfee ESM to consume standard Syslogs.
You can download the code from the McAfee GitHub page.
You can also contribute to this project and share the code for integrations with other products.
IMPORTANT: McAfee Enterprise doesn’t support custom scripts from any other cloned or forked sites with changes.
McAfee Advanced Threat Defense (ATD)
MVISION EDR supports ATD 4.8 or later.
IMPORTANT: ATD reputation information and reports are available only with MVISION EDR on-premises extension 3.2.0.1 or later. This feature isn’t supported on MVISION ePO.
Only a single appliance of ATD in a single ePO is supported. MVISION EDR doesn’t support Multi-cluster ATD setup.
McAfee Threat Intelligence Exchange (TIE)
MVISION EDR supports TIE 2.3 or later.
IMPORTANT: TIE reputation information is available only with MVISION EDR On-premises extension 3.2.0.1 or later. This feature isn’t supported on MVISION ePO.
Only bridged scenarios are supported; only one TIE is displayed in the Data Source list.
Endpoint Protection Platforms (EPP)
MVISION EDR supports the following endpoint protection platforms only on Windows 10 64 bits:
2 System Integrity Protection (SIP) must be enabled.
Virtual infrastructure software versions for EDR client
EDR client supports any virtualization solution, assuming that the following criteria are met:
EDR client and required dependencies (Data Exchange Layer and McAfee Agent) support the operating system being virtualized.
The virtualization solution is a supported solution from the virtualization solution vendor. The solution isn’t End of Life, beta, or an otherwise unsupported virtualization solution.
The virtualization solution supports the operating system being virtualized. To confirm operating system support, see the virtualization solution documentation.
The virtualization solution runs under full virtualization or paravirt mode, if supported.
Compatible Endpoint Security (ENS) versions
Although ENS isn’t a requirement, EDR and ENS share the Core Components (SysCore). So, there are certain versions with which it isn’t compatible.
Mouse - Microsoft mouse or compatible pointing device
Monitor- 256-color or higher VGA monitor
CPU/RAM - The CPU requirement is a minimum of a Single Core. We recommend aDual Core Intel Pentium processor or compatible architecture. The following specifications are subject to change.The processor specifications are a recommended guideline, but aren’t a hard requirement. Only x86 and AMD64 (x64) CPU architectures are supported. EDR doesn’t support ARM processors.
