McAfee ePO antivirus threat event logs to RSA SA
I've integrated McAfee ePO 5.9.1 via ODBC to RSA SA. I'm receiving logs as well. However, on closer inspection, what I've noticed is that only ePO administrative event logs are being sent to SA. I'm not receiving the anti-virus threat event logs, which is what I'm actually after.
Any ideas on how to receive ePO threat event logs?
I've added the DB name in the McAfee ePO DSN, and it is this DB that contains all the threat event logs as well. Yet, all I'm receiving are the admin logs.
- Community Thread
- Forum Thread
- NetWitness Orchestrator
- RSA NetWitness
- RSA NetWitness Orchestrator
- RSA NetWitness Platform
I've got to integrate several products from within the McAfee suite. I've managed to integrate
1. ePolicy Orchestrator 5.9.1
2. VSE 8.8
3. HIPS 8.0
I'm having problems integrating the following products
4. MSME 8.5 : For McAfee Security for Microsoft Exchange, I'm unable to find the parser and event source type, both of which are listed as 'mcafeesecurity'.
5. ENS 10.2.x. : For McAfee Endpoint Security ENS, I'm unable to find the event source type 'epolicyens10_5autoid'.
Please note, my RSA SA version is 10.6.4.1, and the documents say it qualifies for integration (anything 10.0 and above).
Also, as an added note, I've also been asked to integrate
6. McAfee VirusScan Enterprise for Linux VSES
7. McAfee VirusScan Enterprise for Storage VSEL
They have VSES 1.2 and VSEL 1.9 and 2.3 deployed. Now, in the documentation I see that VSE 8.8 can be integrated, which I've done as well, but I'm not sure what to do with VSES and VSEL.
Any insight on the above?