SNS ProTip for SIEM: How to disable Advanced Syslog Parser rules that are not needed

Version 1

    Are you experiencing issues where the Advanced Syslog Parser (ASP) is running slowly? This can occur when you have rules enabled at a system-wide level. McAfee recommends that you only enable ASP rules at the data source level.

    For information on how to change this, see KB82879 - How to disable Advanced Syslog Parser rules that are not needed (https://kc.mcafee.com/corporate/index?page=content&id=KB82879).

    For more resources, visit the McAfee KnowledgeBase (https://support.mcafee.com) and search for SIEM-related KBs and visit the McAfee SIEM Community (https://community.mcafee.com/community/business/siem).

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links in-depth KnowledgeBase resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.