SNS ProTip for SIEM: How to perform a manual rules update on the ESM

Version 1

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

     

    Occasionally, you might need to perform a manual rules update on the SIEM Enterprise Security Manager, for example, if data is not being parsed, if any default rule is corrupt, or after an upgrade. There is a difference between manual and automatic rule updates.  A manual rule update will reset all default rules while an automatic rule update is incremental.

     

    Steps to perform a manual rule update are in KB83046 - How to perform a manual rules update on the ESM

     

    For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs and visit the McAfee SIEM Community.