Version:

Configuring McAfee EPO

Adding a Normalization Policy for McAfee EPO

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select Compiled Normalizers for McAfee EPO.

  5. Click Submit.

_images/mcafee_norm1.png

Adding a Normalization Policy

Adding McAfee EPO as a device

  1. Go to Settings >> Configuration >> Devices.

  2. Click Add.

Create Device Panel

Creating McAfee EPO as a device

  1. Enter a device Name.

  2. Enter the IP address(es) of the McAfee EPO server.

  3. Select the Device Groups.

  4. Select an appropriate Log Collection Policy for the logs.

  5. Select a collector or a forwarder from the Distributed Collector.

Note

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device must be the same as its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

Configuring the Syslog Collector for McAfee EPO

  1. Click Syslog Collector on the Available Collectors Fetchers.

Available Collectors Fetchers Panel

Available Collectors Fetchers Panel

  1. Select the Syslog Parser.

Syslog Collector Panel

Configuring Syslog Collector

  1. Select the Processing Policy which contains the previously added normalization policy.

  2. Select the Charset.

  3. In PROXY SERVER, select None.

  4. Click Submit.

Configuring the ODBC Fetcher for McAfee EPO

  1. Go to Settings >> Configuration >> Devices.

  2. Click the Add Collectors/Fetchers icon under the Actions column of the previously added device.

  3. Click ODBC Fetcher.

_images/norm5.png

Available Collectors Fetcher

  1. Click Add.

_images/norm6.png

Adding ODBC Fetcher

  1. In MODE, select General.

  2. In Template, select McAfee Configuration v5.1.

  3. In Driver, select MSSQL2.

  4. In Port, enter 1433.

  5. In Database, enter the McAfee database’s name.

  6. Enter the McAfee Username and Password.

  7. Enter the Fetch Interval.

  8. LogPoint adds the Query to fetch data from the table(s) when you select McAfee Configuration v5.1. The query is simple or based on joins.

  9. Enter the Incremental Key. It is a unique key used as a pointer to read data from the table. The default value is AutoID.

  10. Enter the Incremental Key Table. It is a table where the incremental key belongs. The default value is EPOEvents.

  11. Enter the New Line Separator. It is used only if newline characters are embedded in the log entries otherwise discarded.

  12. Select the Processing Policy.

  13. Select the Charset. The default value is utf_8.

  14. Click Submit.

_images/odbcpanel2.png

Adding a new configuration for ODBC Fetcher

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support