SNS ProTip for  SIEM: Resolve Issues with Incorrect Packets in the ESM

Version 2

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

    Are you seeing incorrect packets associated with event data in the McAfee SIEM Enterprise Security Manager (ESM) user interface? 

    See KB82099 for steps to correct this situation, starting with ensuring you are on the latest ESM build (currently 9.4.0). After you have confirmed the correct build, if the packets still do not match the event, the article provides instructions for restarting ESM service, and determining the root cause..

    For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs and visit the McAfee SIEM Community: