Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)

This connection allows InsightVM to collect information from McAfee Data Exchange Layer about information discovered by Security McAfee Vulnerability Manager. Configuring an McAfee Data Exchange Layer discovery connection allows you to monitor malicious file detection events generated by McAfee Threat Intelligence Exchange (TIE). You can then set InsightVM Automated Actions to automatically tag the asset if the malicious file detection events occur. Applying a criticality tag with an automated action can automatically adjust the risk score of the asset and therefore potentially affect the list of highest-risk assets in the ePO dashboard. For more information, see Discovering assets managed by McAfee ePolicy Orchestrator.

Version(s) of DXL currently supported:

  • 1.1.0

McAfee Data Exchange Layer connections must be created outside a site configuration, from the Administration page. To learn more, see Creating a connection outside of a site configuration .

Preparing the target environment for connection through McAfee Data Exchange Layer

In order to use the McAfee Data Exchange Layer connection with InsightVM, you must install the Rapid7 Nexpose extension in McAfee ePolicy Orchestrator. The extension can be downloaded from https://download2.rapid7.com/download/NeXpose-v4/epo-extension/Rapid7Nexpose.zip.

Create a service user specifically designated for use with this connection. The user should be in an ePO permission set with the DXL McAfee MePO Certificate Creation permission assigned.

When you save a DXL configuration, a service topic will be automatically created in the DXL fabric, since the Find details of a vulnerability setting is always on. When Nexpose is shut down for an hour, the service topic will be shut down – a new one will be created upon restarting Nexpose.