McAfee Database Security Trellix

Integration of McAfee Database Security Trellix with Callgoose SQIBS

Overview

This document provides a detailed guide to integrating McAfee Database Security Trellix with Callgoose SQIBS for real-time Incident Management, Incident Auto Remediation, Event-Driven Automation, and other Automation purposes. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on alerts triggered in McAfee Database Security Trellix. The guide includes steps for setting up alerts in McAfee Database Security Trellix, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.

Prerequisites

• McAfee Database Security Trellix Account: Access to McAfee Database Security Trellix for creating alerts and managing notifications.
• Callgoose SQIBS Account: With valid privileges to set up API filters and receive notifications.
• Webhook/API Endpoint: Available in Callgoose SQIBS to receive alerts from McAfee Database Security Trellix.

1. Obtain API Token and Endpoint Details

To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.

1. Generate an API Token:

• Follow the guide on How to Create API Token in Callgoose SQIBS: https://docs.callgoose.com/sqibs/api_token.

1. Find the API Endpoint:

• Refer to the Callgoose SQIBS API Endpoint Documentation: https://docs.callgoose.com/sqibs/api_end_point to get the endpoint details where the JSON payloads from McAfee Database Security Trellix will be sent.

2. Debugging and Troubleshooting

Enable debugging in the API tokens used with McAfee Database Security Trellix notifications for troubleshooting purposes.

• Enable Debugging:
• You can update the debug value when adding or updating an API token.
• When API tracking is enabled, logs are stored in the API log section for your review. The debugging option will automatically disable after 48 hours.
• When API tracking is turned off, no logs are saved in the API log.
• Using API Log for Troubleshooting:
• The API log provides detailed information on all API calls made to Callgoose SQIBS.
• You can check the JSON values in each API log entry for troubleshooting purposes.
• Use the information in the API log to create or refine API filters to ensure incidents are created correctly based on the API payloads received.
• Callgoose SQIBS creates incidents according to your API filter configuration, giving you full control over how alerts from different services trigger incidents and alerts for your support team or automation processes.

3. Configuring McAfee Database Security Trellix to Send JSON Payloads

McAfee Database Security Trellix provides real-time monitoring and alerting to detect unauthorized database access, insider threats, and policy violations. It generates alerts based on predefined security rules and can send notifications via webhooks.

3.1 Setting Up Alerts in McAfee Database Security Trellix

1. Log in to the McAfee Database Security Trellix Console:

• Access the McAfee Database Security Trellix platform using your account credentials.

1. Navigate to the Alerts Section:

• In the McAfee Database Security Trellix console, go to Alerts > Create Alert.

1. Create a New Alert:

• Click on Add Alert to create a new alert.
• Specify Alert Conditions: Define the conditions that will trigger the alert, such as unauthorized access, SQL injection attempts, or other suspicious activities.

1. Configure the Notification Method:

• Choose Webhook as the notification method to send data to a webhook.
• Webhook URL: Enter the webhook URL provided by Callgoose SQIBS.

4. Configuring Callgoose SQIBS

To correctly map incidents from McAfee Database Security Trellix alerts, create API filters based on the JSON payloads received.

• Refer to the API Filter Instructions and FAQ: https://docs.callgoose.com/sqibs/api_integration for more details.

5. Testing and Validation

• Triggering Alerts:
• Simulate a security alert in McAfee Database Security Trellix.
• Verify that an incident is created in Callgoose SQIBS with the correct details.
• Resolving Alerts:
• Investigate and resolve the alert in McAfee Database Security Trellix.
• Ensure that the corresponding incident in Callgoose SQIBS is updated or resolved accordingly.

6. Security Considerations

• API Security: Ensure that the Callgoose SQIBS API endpoint is correctly configured and that API tokens are securely stored.
• McAfee Database Security Trellix Permissions: Verify that webhook permissions allow sending security event data to Callgoose SQIBS.
• Data Encryption: Ensure encrypted data transmission between McAfee Database Security Trellix and Callgoose SQIBS.

7. Conclusion

This guide provides a comprehensive overview of how to integrate McAfee Database Security Trellix with Callgoose SQIBS for effective database security management. By following these steps, organizations can ensure security alerts from McAfee Database Security Trellix trigger automated responses in Callgoose SQIBS, reducing manual intervention and improving security incident response times.

For further customization or advanced use cases, refer to:

• McAfee Database Security Trellix Documentation
• McAfee Database Security Trellix Documentation
• McAfee Database Security Trellix Documentation
• McAfee Database Security Trellix Documentation
• Callgoose SQIBS API Token Documentation
• Callgoose SQIBS API Endpoint Documentation
• API Filter Instructions and FAQ
• How to Send API