McAfee Active Response
Integration version: 7.0
Important: McAfee Active Response became part of the Trellix product portfolioand is known as Active Response. Active Response will reach end of life onDecember 31, 2023.Configure McAfee Active Response integration in Google Security Operations
For detailed instructions on how to configure an integration inGoogle SecOps, seeConfigureintegrations.
Integration parameters
Use the following parameters to configure the integration:
Actions
Ping
Description
Test the connectivity to Active Response.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/ASearch
Description
Active Response searches data on your managed endpoints in real time.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Collectors | String | N/A | The collectors to search in. |
| Filter Collector | String | N/A | The collector filter. |
| Filter By | String | N/A | The field to filter by. |
| Filter Operator | String | N/A | The operator of the filter. Must be one of these: GreaterEqualThan, GreaterThan, LessEqualThan, LessThan, Equals, Contains, StartWith, EndsWith, Before, and After. |
| Filter Value | String | N/A | The filter value. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/ANeed more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.