Accenture MDR Quick Start Guide for McAfee® Network Security Manager Intrushield
- KM
This quick start guide will help Accenture MDR customers configure McAfee® Network Security Manager (NSM) Intrushield to allow log collection from the Log Collection Platform (LCP).
The guide details the CLI configuration process. Please refer to the vendor document for more information on the GUI configuration.
This document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found at
Accenture Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
LCP | McAfee NSM Database | 3306 (TCP) | Default database port |
Configuring McAfee NSM Intrushield
To configure McAfee NSM Intrushield with MySQL database, follow the steps below.
Login to MySQL CLI as an administrator by doing one of the following steps:
For Unix-based Operating Systems (OS), at the Unix prompt, enter the following command: mysql -u root -p
For Windows OS,
Go to Start > All Programs, right-click Command prompt, and select Run as administrator.
In the Command Prompt window, navigate to the MySQL installation folder and enter the command: mysql -u root -p
2. Run any database shell that works with MySQL. For example: SQuirreL SQL client and MySQL Workbench (Query Browser).
3. Type the password for the root account.
4. To assign read-only permission to a user, enter the following command:
If the collector is installed on the same host as the database then type the command: grant select on <database_name> * to '<readonly_user_name>' identified by '<password>';
To give access to a specific host, type the command: grant select on <database_name> * to '<readonly_user_name>' @ '<LCP IP Address or DNS resolvable hostname>' identified by '<password>';
To give access to any host, type the command: grant select on <database_name> * to '<readonly_user_name>' @'%' identified by '<password>';
5. To reload the grant table, type the command: flush privileges
6. Enter quit
Sample Command Output
mysql> grant select on dbname.* to 'readonly_user_name' @ '%' identified by 'pogo$23';
Query OK,0 rows affected (0.11sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00sec)
mysql> quit
The read-only database user that is created must have read-only access to the following tables:
iv_alert
iv_alert_type
iv_attack
iv_signature
iv_categories
iv_subcategories
iv_direction
iv_result_set
iv_sensor
iv_prs
iv_packetlog
iv_policy
Note: Disable “alert suppression settings" in the IPS Alerting option.
LCP Configuration Parameters
Table 1-2: McAfee NSM Intrushield event collector(DB-3654) properties to be configured by MDR are shown in the table.
Property | Default Value | Description |
Database URL | jdbc:mysql://<Hostname>:3306/ <database_name> ?useOldAliasMetadataBehavior=true
| The database URL string that needs to be configured on the collector by MDR. Hostname - Hostname or IP address of the database. Databasename - The name of the database in which the McAfee NSM Intrushield events are stored. 3306 (TCP) - The default port number for DB connectivity. Note: If the database is configured to use a different port number, please advise the MDR onboarding team. |
User Name | Custom Value | The username mentioned in the Pre-Installation Questionnaire (PIQ). |
Password | Custom Value | The password mentioned in the PIQ. |
Related content
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.