Hi,
I've integrated McAfee ePO 5.9.1 via ODBC to RSA SA. I'm receiving logs as well. However, on closer inspection, what I've noticed is that only ePO administrative event logs are being sent to SA. I'm not receiving the anti-virus threat event logs, which is what I'm actually after.
Any ideas on how to receive ePO threat event logs?
I've added the DB name in the McAfee ePO DSN, and it is this DB that contains all the threat event logs as well. Yet, all I'm receiving are the admin logs.
Need assistance.
What version of AV are you on?
There should be a secondary "event source" that you need to set up for the AV events.