McAfee Advanced Threat Defense
App Vendor: McAfee Advanced Threat Defense
App Category: Forensics & Malware Analysis
Connector Version: 1.1.0
API Version: 1.0.0
About App
McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats.
McAfee Advanced Threat Defense provides you with detailed reports that contain critical information about investigations, including MITRE ATT&CK™ framework mapping.
The McAfee Advanced Threat Defense app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Hash Lookup | This action finds out if an MD5 hash is whitelisted or blacklisted. |
Check Analysis Status | This action checks the analysis status of up to 100 job IDs or task IDs. |
File Upload | This action uploads a file or URL for dynamic analysis using the provided Analyzer profile. Only one file or URL can be submitted at a time. |
Get Report by Task ID | This action downloads an analysis report file by task ID. |
Get Report by MD5 Hash | This action downloads an analysis report file by task ID. |
Get Task ID | This action retrieves the list of task IDs associated with a job ID. |
List Profiles | This action retrieves the list of analyzer profiles. Only the Analyzer profiles of the logged-in users are retrieved. |
List User | This action retrieves the user information based on the User Type. |
Configuration Parameters
The following configuration parameters are required for the McAfee Advanced Threat Defense app to communicate with the McAfee Advanced Threat Defense enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host | Enter your McAfee Advanced Threat Defense host. Example: "host.mcafee.com" | Text | Required | |
Port | Enter your McAfee Advanced Threat Defense port. Example: "443" | Text | Required | |
Username | Enter your McAfee Advanced Threat Defense username. Example: "cliadmin" | Text | Required | |
Password | Enter your McAfee Advanced Threat Defense password. | Password | Required | |
Verify | Choose to enable SSL verification . | Boolean | Optional | Allowed values:
|
Action: Hash Lookup
This action finds out if an MD5 hash is whitelisted or blacklisted.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
MD5 Hash | Enter the MD5 hash value to find out if it is whitelisted or blacklisted. Example: 8743b52063cd84097a65d1633f5c74f5 | Text | Required |
Example Request
[
{
"file_hash": "8743b52063cd84097a65d1633f5c74f5"
}
]Action: Check Analysis Status
This action checks the analysis status of up to 100 job IDs or task IDs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task ID | Enter the task ID to check the analysis status. Example: 52 | Integer | Required |
Example Request
[
{
"task_id": 52
}
]Action: File Upload
This action uploads a file or URL for dynamic analysis using the provided Analyzer profile. Only one file or URL can be submitted at a time.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL/File | Enter the URL or path of the file to be uploaded. Example:
| Text | Required |
Example Request
[
{
"fileobj": "https://sub.domain.tld/pathto/file.php"
}
]Action: Get Report by Task ID
This action downloads an analysis report file by task ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task ID | Enter the task ID to download the report. Example: 121 | Integer | Required | You can retrieve the task ID using the Get Task ID action. |
Example Request
[
{
"taskid": 121
}
]Action: Get Report by MD5 Hash
This action downloads an analysis report file by task ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
MD5 Hash | Enter the MD5 hash value to download the analysis report. Example: 8743b52063cd84097a65d1633f5c74f5 | Text | Required |
Example Request
[
{
"md5hash": 8743b52063cd84097a65d1633f5c74f5
}
]Action: Get Task ID
This action retrieves the list of task IDs associated with a job ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the job ID to retrieve the corresponding task ID. Example: 218 | Integer | Required | You can retrieve the Job ID using the File Upload action. |
Example Request
[
{
"jobid": 218
}
]Action: List Profiles
This action retrieves the list of Analyzer profiles. Only the Analyzer profiles of the logged-in users are retrieved.
Action Input Parameters
This action does not require any input parameters.
Action: List User
This action retrieves user profile information present on McAfee Advanced Threat Defense.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User Type | Enter the user type to list the user profile information. Example: "NSP", "MWG", "STAND_ALONE" | Text | Required |
Example Request
[
{
"usertype": "NSP"
}
]