McAfee ESM Integration

Ayehu’s integration with McAfee ESM accelerates cyber security incident response to SIEM alerts by using advanced automation!

About the integration

  • Ayehu’s McAfee ESM integration pack supports SIEM-specific activities out-of-the-box that can be integrated into playbooks which touch other platforms, such as Active Directory, Exchange, VMware, and many others. This provides security operations teams with a robust capability to quickly orchestrate sophisticated multi-platform cyber security incident response playbooks, all with a drag-and-drop interface that requires zero programming.
  • Playbooks can pause their execution to accept operator input on which decision branch to follow, or they can run on a fully automated basis and make the decisions themselves. Either way, the result is high-fidelity remediation that minimizes or even eliminates acting on false positives.
  • With Ayehu, you maintain complete control over the automation process at all times. Key ‘decision points’ can be embedded within playbooks to pause execution and send status notifications to the appropriate individuals or teams via SMS, IM, or email. The response chosen by a human decision-maker then determines which action the playbook executes next.
  • Ayehu can run playbooks based on pre-determined policy-based rules defined for particular types of incidents. The playbooks can do as little as just gathering information about the incident from a multitude of sources to provide data enrichment for human operators, all the way to full service incident remediation.
  • The Ayehu integration pack for McAfeeESM significantly extends your SIEM’s capabilities by accelerating response time to cyber security incident resolution, ensuring that a best practice response is provided 24/7/365 to any breach, regardless of who’s on duty.

[Security Solution Brief]
Ayehu NG

Sample Use Cases

Opening a ticket in the ITSM Help Desk system to document the alert, as well as documenting the alert in any other system necessary to be in compliance with various regulatory regimes

Updating the ITSM Help Desk system in real time with any action, operator response, or forensic information related to the alert  

Integration with an array of systems & platforms to enable fully automated cyber security incident responses in complex, heterogeneous environments

Zero programming is required to author playbooks, just parameter configuration. That makes building automated playbooks as fast & easy as working with Lego building blocks. Everything is modular & fits together

 

 

An agentless architecture that requires no agent software to be installed on any device, whether it be servers, routers, storage appliances, or anything else

Scheduling playbooks to run during off-hours or other designated times, i.e. creating & sending a CISO-level report at 6am of all security breaches in the previous 24 hours that were automatically remediated

Schedule your personalized demo

Trusted by Over 220 Businesses