trellix-enterprise / mvision-edr-activity-feed Goto Github PK
View Code? Open in Web Editor NEWA command line tool to consume and subscribe to DXL events from MVISION EDR
License: Apache License 2.0
A command line tool to consume and subscribe to DXL events from MVISION EDR
License: Apache License 2.0
Why do I have to run a docker image to forward threat events to ESM? Why doesn't the ESM have the capability to pull threat events directly from EDR?
Hello, I am receiving forbidden errors when testing EDR endpoints with the mvision_edr_creds_generator client and secret.
Does anyone know if the creds generator will work with the developer portal APIs https://www.mcafee.com/enterprise/en-us/solutions/mvision/developer-portal.html?
We are currently ignoring the --consumer-timeout
parameter. We need to map this to the session_timeout
on the OpenDXL SDK
When my org enforce enabled MFA for authen, so How to use this tool with those account?
Hi there! I had posted this question on the Trellix community forums and was referred to here for an answer to my question. I am hoping that someone will be able to point me in the right direction here.
Right now we are grabbing MVISION EDR cloud logs using this mvision-edr-activity-feed script. The script is currently subscribed to case, case-mgmt-events, threat, and threatEvents. However, we are finding that the information in the events is missing some of the details we are looking for. For example, we might get a threat event that includes the name of the file or process detected as a threat, the location on disk of the file, as well as the hashes. However, we would also like to pull in specific information from the host that this file/process is running on.
For example, in our MVISION EDR cloud portal we see host information like what is highlighted in red here:
We are interested in pulling out some of this information into the activity feed such as some of the DNS activity entries from the host.
Is there a way to modify the script to capture this information, or would we need to pull this information a different way? It wasn't clear to me what all of the different types of feeds are that can be pulled using the script or if this script will even allow us to grab the additional details we are wanting. Any advice on how to accomplish this is greatly appreciated! Thank you for your help!
When pulling threat events, the tool is not receiving all events that I can see on the EDR monitoring dashboard, how can I achieve this?
Also, I currently do not receive the hostname in the threat event payload, is there a way that I can achieve this?
Is there a way to pull EDR threat detections using this tool?
When testing, I only receive empty payloads
When I ran setup.py, I got the following error and could not setup.
Installed /usr/local/lib/python3.9/dist-packages/furl-2.0.0-py3.9.egg
Searching for dxlstreamingclient==0.1.2
Reading https://pypi.org/simple/dxlstreamingclient/
No local packages or working download links found for dxlstreamingclient==0.1.2
error: Could not find suitable distribution for Requirement.parse('dxlstreamingclient==0.1.2')
It can't seem to find the 0.1.2 module for dxlstreamingclient on the following site.
Hello,
I have got an official notification from Trellix, former McAfee, which the domain is changed from mcafee.com to trellix.com.
Could you confirm whether mvision-edr-activity-feed is affected by this change?
Trellix SNS [email protected]
Please bookmark the SNS Subscription Center, to securely update your SNS subscription preferences.
McAfee | SNS
Trellix and Skyhigh Security will change their company domains from mcafee.com to trellix.com. This change is planned for December 12, 2022.
After that date, to sign into the products, use the URL:
https://auth.ui.trellix.com
Please update your bookmarks. This will also impact signing in using your SSO or IDP and may require reconfiguration. For more information, see KB96089 - IAM domain name change from mcafee.com to trellix.com.
We will update the documentation with more information in the coming weeks. If you have any questions, contact Trellix Support.
We are currently adding the samples
folder into the package, which results in the addition of a top-level samples
module in Python when installing our module. This causes confusion, because the top-level package will always shadow the local samples
folder. For example, if I modify one of the samples in the local folder (e.g., samples.individual
), and then try to load the modified module, I'll still be using the previous version that is now installed in my Python module directory. Another example is adding a new local sample on the samples
folder (e.g., samples/foobar.py
) and then trying to load this module: This will fail because the global samples
folder will override the local one, and the new file is not available on the global module (this happened to #40).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.