Stay organized with collections
Save and categorize content based on your preferences.
McAfee Active Response
Integration version: 7.0
Configure McAfee Active Response integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in
Google Security Operations SOAR, see Configure
integrations.
Integration parameters
Use the following parameters to configure the integration:
Actions
Ping
Description
Test the connectivity to Active Response.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_success
True/False
is_success:False
JSON Result
N/A
Search
Description
Active Response searches data on your managed endpoints in real time.
Parameters
Parameter
Type
Default Value
Description
Collectors
String
N/A
The collectors to search in.
Filter Collector
String
N/A
The collector filter.
Filter By
String
N/A
The field to filter by.
Filter Operator
String
N/A
The operator of the filter. Must be one of these: GreaterEqualThan, GreaterThan, LessEqualThan, LessThan, Equals, Contains, StartWith, EndsWith, Before, and After.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["McAfee Active Response is now part of the Trellix product portfolio and is called Active Response, which will reach its end of life on December 31, 2023."],["The integration with Google Security Operations SOAR allows users to configure Active Response using a defined set of parameters."],["The Ping action tests the connectivity to Active Response without any required parameters and runs on all entities."],["The Search action enables real-time searching of data on managed endpoints with customizable parameters such as collectors, filters, and operators."]]],[]]
