[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eMcAfee Web Gateway version 8.0 can be integrated with Google Security Operations SOAR by enabling the REST API interface and granting the appropriate administrator role permission to access it.\u003c/p\u003e\n"],["\u003cp\u003eThe integration supports actions such as blocking and unblocking IP addresses by adding or removing them from specified IP range groups within McAfee Web Gateway.\u003c/p\u003e\n"],["\u003cp\u003eNetwork objects (IPs, URLs, etc.) can be added to or removed from designated groups within the Web Gateway via the Insert Item to Group and Remove Item From Group actions.\u003c/p\u003e\n"],["\u003cp\u003eThe integration offers a "Ping" action to test the connectivity between Google Security Operations SOAR and the configured McAfee Web Gateway.\u003c/p\u003e\n"],["\u003cp\u003eEach action returns a boolean response in its script results, like is_blocked, is_unblocked, or is_connect, which can be used to verify the success of the operation.\u003c/p\u003e\n"]]],[],null,["# McAfee Web Gateway\n==================\n\nIntegration version: 8.0\n\nConfigure McAfee Web Gateway\n----------------------------\n\nTo configure the McAfee Web Gateway to work with the Google Security Operations\nintegration, follow these steps:\n\n1. Enable REST API interface:\n\n 1. On Web Gateway page, select Configuration → Appliances.\n 2. On the appliances tree, select the appliance you want to administer using the REST interface and click User Interface.\n 3. Under UI Access, select Enable REST interface over HTTPS (HTTP REST interface is optional).\n 4. Click Save Changes.\n2. Give permission to access REST interface:\n\n 1. On Web Gateway page, select Accounts → Administrator Accounts.\n 2. In the Roles area, select an administrator role and click Edit. The Edit Role window opens.\n 3. Select REST interface accessible.\n 4. Click OK to close the window.\n 5. Click Save Changes.\n\nConfigure McAfee Web Gateway integration in Google SecOps\n---------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Block IP\n\n#### Description\n\nInsert IP addresses to an \"IP range\"-type group.\n| **Note:** This group should be a part of rule used to block IP addresses.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on the IP Address entity.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Insert Item to Group\n\n#### Description\n\nInsert a network object to a group (IP, URL, etc.). Note that each group is type\nstricted.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Ping\n\n#### Description\n\nTest Connectivity.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Remove Item From Group\n\n#### Description\n\nRemove a network object to a group (IP, URL, etc.). Note that each group is type\nstricted.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Unblock IP\n\n#### Description\n\nDelete IP addresses from an \"IP range\"-type group.\n| **Note:** This group should be a part of a rule used to block IP addresses.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nhis action runs on the IP Address entity.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
