Cloud Workload Security cards and filters

After configuring and registering the cloud accounts with McAfee® ePolicy Orchestrator® (McAfee® ePO™) , you can view your account information.

Table 1: Option definitions — Summary card
Option Definition
Total Workloads Total number of VMs running in the registered cloud accounts.
Compliance Events Number of high and medium risk instances as per configured policies pertaining to security groups.
Threat Events Number of high and medium threats discovered by security products.
Table 2: Option definitions — Summary card filters
Filter Compliance Events Threat Events
Issue Displays the number of risk instances.
  • Instances with Cloud Workload Security assessment policies
  • Instances with security risks as per policies pertaining to security groups
  • Instances where security controls and encryption are not installed
Displays the number of issues discovered by various security products.
  • Malicious Connection
  • Risk Port Assessment
  • Suspicious Connection
  • Blocked Connection
  • Malware Detected
  • Exploit Prevention
  • Malicious Behavior Detected
  • Advanced Malware Detected
  • Network Prevention Alerts
  • GuardDuty
Product

Threat Source

Name of the product that discovers risk instances.
  • Security Group
  • Volume Encryption
  • Threat Prevention
  • Adaptive Threat Protection
  • Application Control
  • Change Control (FIM)
  • Network Intrusion Prevention
Name of the threat source that discovers risk instances.
  • Traffic Anomalies Detection
  • Threat Protection
  • Adaptive Threat Protection
  • Network Intrusion Prevention
  • Amazon Web Services
Tag Displays the tags associated with the instances. Displays the tags associated with the instances.
Workload Displays the name of the workload. Displays the name of the workload.
View Click to filter All, Workloads, Managed, and Unmanaged instances. Select a filter and search your instances in the search bar. Click to filter All, Workloads, Managed, and Unmanaged instances. Select a filter and search your instances in the search bar.
Take Action Click to install security controls.
  • Install McAfee Agent
  • Install Threat Prevention
  • Install Application Control
  • Install Change Control (FIM)
  • Install Network IPS
  • Install Adaptive Threat Protection
  • Show Security Groups
  • Shut Down Workload
  • Tag Workloads
NA
Graph NA Click to view traffic details and network flow logs for the selected workload.
Table 3: Option definitions — Traffic
Option Definition
Time Displays the system date and time.
Time Range (+/-) Click to filter instances based on occurrence over a particular period.
  • 1 minute
  • 5 minutes
  • 15 minutes
  • 30 minutes
Show Click inbound, outbound, and blocked connections or a combination of these filters to filter instances based on traffic flow.
Table Click to go back to Threat Events pane.
Show Security Groups Click to open the security groups associated with this instance.
Shut Down Workload Click to shut down the workload.
Table 4: Option definitions — McAfee ePO Management
Option Definition
Status Displays if your instance has McAfee Agent installed on it.

Managed — Your instance has McAfee Agent installed.

Unmanaged — McAfee Agent is not installed for your instance.

Version Displays the installed McAfee Agent version.
DevOps Deployment Script Use this script to deploy McAfee Agent.
Take Action Select Install McAfee Agent to install McAfee Agent on your instance.
Table 5: Option definitions — Show Security Groups
Option Definition
Firewall (Security Groups) Security groups associated with this instance.
View Details Click to view more details about the security group.
Security Groups The name of the Security or Network Security group.
ID The ID of the Security or Network Security group.
Association Displays how many instances this security or the network security group is associated with.
Edit Click to edit the rules in this security group.
Detach Click to detach this security group from this instance. You can detach a security group only from your AWS instances.
Table 6: Option definitions — Rules
Property Definition
Security Group Name of the security group rule. For Azure instances, every security group rule has a name. This is not applicable for AWS instances.
Associated Workloads Displays other instances which are associated with this security group (firewall).
Type Displays the protocol type. You can change the protocol type.
Protocol Displays the protocol allowed.
Port Range Displays the port range allowed.
Priority Displays the priority of this rule in the security group.
Note: Priority is applicable only for Microsoft Azure Network Security Groups.
Access Displays if this is an allow rule or deny rule for Microsoft Azure instances. You cannot edit the deny rules.
Source The source IP address. You can choose Anywhere to allow connections from all traffic or Custom IP to provide an IP address that you want to allow. For AWS instances you can also provide the security group for which you want to allow traffic.
Add Rule Click to add a new rule to this security group.
Apply Changes Click to save your changes.
You can see if your instance has McAfee anti-malware software such as McAfee VirusScan Enterprise and McAfee Endpoint Security installed and configured on it.
Table 7: Option definitions — Threat Prevention
Option Definition
On-Access General Displays whether the On-Access General feature is installed.
On-Access ScriptScan Displays whether the On-Access ScriptScan feature is installed.
Access Protection Displays whether the Access Protection feature is installed.
Exploit Prevention Displays whether the Exploit Prevention feature is installed.
DAT Displays whether the DAT feature is installed.
Take Action Select Install McAfee Threat Prevention to install Threat Prevention on your instances.
Table 8: Option definitions — Adaptive Threat Protection
Option Definition
Adaptive Threat Protection Displays whether Adaptive Threat Protection is installed.
Take Action Select Install McAfee Adaptive Threat Protection to install Adaptive Threat Protection on your instances.
Table 9: Option definitions — Application Control
Option Definition
Application Control Displays whether Application Control is installed.
Take Action Select Install McAfee Application Control to install Application Control on your instances.
Table 10: Option definitions — File Integrity Monitor
Option Definition
Change Control Displays whether Change Control is installed.
Take Action Select Install McAfee Change Control to install Change Control on your instances.
Table 11: Option definitions — Volume Encryption
Option Definition
Status Displays the encryption status of the volumes.
Type Displays the type of the volume (root or data volume).
ID Displays the volume ID.
Table 12: Option definitions — Network Intrusion Prevention
Option Definition
Probe Status Displays whether the vNSP probe is installed.
Protected Groups Displays the list of protected groups.
Cluster Displays the network cluster.
NSP Probe Deployment Script Download Use deployment script given here to deploy NSP probe.
Take Action Select Install Network Intrusion Prevention to install Network Intrusion Prevention on your instances.
Table 13: Option definitions — Event Details
Option Definition
Event ID Identification number of this instance.
Detected By Name of the product that discovered this event.
Severity Displays whether this event is a high risk event or low risk event.
Direction Displays if the traffic is Inbound (N-S), Outbound (N-S), Inbound (E-W), Outbound (E-W), Bi-Directional (E-W), Bi-Directional (N-S).

Note: N-S indicates external traffic and E-W indicates internal traffic.

Source The source IP address of the traffic to this instance.
Country of Origin Name of the country from where the traffic for this instance originated.
GTI Reputation The GTI reputation status for this instance.
Source Port The source port number.
Destination The destination IP address for the traffic to this instance.
Destination Port The destination port number.
Protocol The protocol name.
Action Taken Displays whether the traffic to this instance is accepted or blocked.
Occurrence The number of occurrences of this event.
Workload The name of the workload.
Compliance The number of compliance alarms associated with this instance.
Edit Inbound Rules for Click to open the security groups associated with this instance.
Group The name of the group associated with this instance.
Shut Down Workload Click to shut down the workload.
Table 14: Option definitions — Threats
Option Definition
High Risk Number of high risk instances.
Low Risk Number of low risk instances.
Table 15: Option definitions — System Properties
Option Definition
Location The region of the instance as shown on the cloud vendor console.
Instance ID The instance ID as shown on the cloud vendor console.
Instance Name The instance name as shown on the cloud vendor console.
Instance Type The hardware configuration selected for an instance during the launch.
Platform Displays whether the platform is Microsoft Windows or Linux.
Power Status Displays if this instance is running or if it is stopped.
Private DNS Name The private DNS name from the cloud vendor console.
Private IP Address The private IP address from AWS.
Public DNS Name The public DNS name from the cloud vendor console.
Public IP Address The public IP address from AWS, are accessed by McAfee ePO.
McAfee ePO Managed Displays if this instance is managed by McAfee ePO.
Virtual Network ID The ID of the virtual network of this instance.
Table 16: Option definitions — McAfee ePO Tags
Option Definition
McAfee ePO Tags McAfee ePO tags for this instance.
Tag Workloads Click to add a tag to this instance.
Table 17: Option definitions — Assessment Policy
Option Definition
Take Action Click to select an assessment policy for this instance.
Policy Catalog Click to go to the Policy Catalog page to select or create a policy for this instance.