McAfee SIEM POC Setup Guide (9.4).pdf

Version 1

    This document was created to assist customers with the installation and configuration of the McAfee SIEM in a Proof of Concept environment (though it can also be used for Production deployments as well).

    It covers the following:

     

    1. Deploying VMWare ESX OVF templates (for virtual appliance installations)

    2. Hardware overview and physical port locations (for physical hardware installations)

    3. Initial power-up configuration (setting IP address information)

    4. Connecting to the SIEM GUI

    5. Performing a manual rules update (for environments without external Internet connectivity)

    6. Tuning Event/Flow polling interval

    7. Configuring Data Allocation policy

    8. Configuring and testing SMTP Mail settings

    9. Defining ESM backup

    10. Connecting (Keying) additional SIEM appliances

    11. Configuring data source Inactivity settings

    12. Tuning Port Index settings

    13. Configuring a simple SYSLOG data source

    14. Creating a Windows data source Profile and data source

    15. Connecting a McAfee ePO data source

    16. Performing code upgrades to SIEM appliances

    17. Configuring event-specific Aggregation

    18. Configuring Rule-based Correlation on a Receiver

    19. Connecting the SIEM to a Windows Domain Controller

     

    This document is meant to be a primer on setting up the most common features used during a POC.  It will be converted to an online section of Community in the near future where each section will be a separate content 'module' and will be extended to cover more advanced deployment models and specific use-case security examples.