Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Integration: McAfee MVISION

            Modified on Thu, 16 Apr at 9:21 PM

            TABLE OF CONTENTS


            Overview

            Trellix (formerly McAfee) MVISION is a cloud-native security management platform that provides endpoint, network, and cloud visibility. Integrating MVISION with ADR (aiSIEM/aiXDR) via API enables secure log ingestion into CCE (Collection and Control Engine) → APE (Analytics and Policy Engine) for centralized visibility, proactive threat detection, and compliance monitoring.


            Prerequisites

            Before configuring the integration, ensure:

            • Administrative access to the Trellix MVISION Console.

            • Administrative access to the ADR UI.

            • A running CCE server in your ADR deployment.

            • Client ID and Client Secret generated from Trellix MVISION.

            • Network connectivity between CCE → Trellix API endpoints (HTTPS 443).


            Generate API Credentials in Trellix MVISION

            1. Log in to the Trellix MVISION Console.
            2. Navigate: Administration → MVISION API → API Clients.
            3. Click New Client.
            4. Provide:
              • Client Name (e.g., Seceon-Integration)
              • Description (optional)
            5. Select the required permissions (Events, Detections, Endpoints, Policies).
            6. Save and copy:
              • Client ID
              • Client Secret

            These credentials will be used in ADR.


            Configure Trellix MVISION in ADR

            1. Log in to the ADR UI.
            2. Navigate: Administration → Add-On Store.
            3. Search for and select MVISION.
            4. Click Add.
            5. Enter the following details:
            FieldValue/Instruction
            Device NameFriendly name (e.g., MVISION-Logs)
            CCE IPEnter your ADR CCE IP
            Access ID / UsernameEnter the Client ID from MVISION
            Password / Secret KeyEnter the Client Secret from MVISION
            Config (JSON){ } (leave empty JSON if no extra configuration is required)
            1. Click Save to complete integration.


            Verification (MSSP Only)

            On ADR UI

            1. Navigate: System → Logs and Flows Collection Status.
            2. Confirm that the MVISION device appears under Source Device IP.
            3. Check the System Alert tab for any errors or warnings.

            On CCE (CLI)

            1. SSH into the CCE server.
            2. Run:
              otmdoc -s addondevices
crontab -l
            3. Confirm the MVISION addon script is listed and scheduled.


            Notes

            • MVISION logs are typically generated once per day — allow up to 24 hours before events appear.
            • Use only {} in JSON unless additional customization is explicitly required.
            • If no logs appear, validate:
              • Client ID/Secret
              • API permissions
              • CCE network access to Trellix API endpoints


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0