To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.
Occasionally, you might need to perform a manual rules update on the SIEM Enterprise Security Manager, for example, if data is not being parsed, if any default rule is corrupt, or after an upgrade. There is a difference between manual and automatic rule updates. A manual rule update will reset all default rules while an automatic rule update is incremental.
Steps to perform a manual rule update are in KB83046 - How to perform a manual rules update on the ESM