To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.

In this article, you will find out how to configure McAfee Web Gateway to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.

Requirements

• McAfee Web Gateway
  
• McAfee Web Gateway 8.2+ and above.
  

• Lumu License        
  
• Lumu defender subscription
  

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen.

2. Locate the McAfee Web Gateway integration in the available apps area and click to add, then click to view details.

3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

4. To generate the integration URL, add a description and select the threat types you want to include in the list.

5. Once you create the integration, you will be provided with the Integration URL:

Setup McAfee Web Gateway

Now that you have the integration URL, it’s necessary to configure your instance of McAfee Web Gateway.

Remember to enable and configure the HTTPS Scanning feature to be able to block URLs with HTTPS protocol.

You will work with the Rule Sets and Lists options. First, you need to subscribe to the Lumu list. Then, you add it to a Rule to enhance your proxy protection capabilities.

​

Add a subscribed list

1. Using your McAfee Web Gateway console, click on the Lists tab located under the Policy section.

2. Using the left navigation tree, locate the Subscribed lists section. Add a new Subscribed list using the Plus icon.

3. In the Add list window, fill the required data following these criteria:   

a. Set the name of your list, and on the Type option set it as a String.

b. Set Contains as URLs (this is what Lumu will send).

c. To keep synchronicity with the Lumu list,select the List Content as managed remotely.

d. On the Source option, select Customer Maintained List and click on Setup.

4. In the Setup window:

a. Paste the Lumu URL on the URL to download field.

b. Then, in the List Content Update section, select the option more convenient for you. The recommended setting is Hourly at 30 minutes past every hour.

c. Click OK and Save Changes.

Add a Rule and reference the subscribed list in it

1. In your McAfee Web Gateway console, click on the Rulesets tab located under the Policy section. Using the left navigation tree, locate the Common rules leaf. Add a new rule under it.

2. In the Add rule window:

a. Set the name and the description for your rule. Click Next.

b. Set the Rule Criteria. Here, you are going to add the subscribed list created. Toggle the radio button If the following criteria is matched, add a URL/Host criteria.

c. Select the property URL. Then, select the operation is in list. Finally, in the Compare with section, select the list that you just created. Click OK and Next.

d. Configure the Action. To block the traffic to the URLs included in the Lumu list, set the action to Block. Click Next.

e. Verify your configuration in the Summary section. Click Finish when you have validated your configuration. You now have a new policy using the Lumu subscription.

 

Bear in mind that the configuration depends on your environment’s characteristics and must be done according to your business needs. For more information on how to carry out this procedure, please refer to McAfee’s official documentation.