Showing results for 
Search instead for 
Did you mean: 

How to use Compliance Regulations in ESM 10.x Dashboards and Filter Sets For Investigation

The following article explains the steps to use compliance regulations in ESM 10 - however, the content is available since McAfee ESM version 10.0 and above.

The complete list of supported compliance regulations is available under the following URL:

Compliance regulations available in McAfee ESM 10.x

They can be accessed from the field called "Compliance ID" of the ESM and applied to any view.  Additionally, they can be accessed  using the available search toolbar (no need to create a filter set if that is not desired), or from the query wizard for a view component or a report component, so that view or report will only include events that meet the compliance regulation.

Here is an example on how to apply a Compliance filter to the Normalized Dashboard.

Open the filter sets drop-down menu and select “Manage Filter Sets”. That action will launch the Configuration tab.

Under the Configuration tab, click on  “Add Filter Set”

Type in “Compliance ID” and select the suggested field as indicated below:

Click on the Funnel icon and browse the compliance tree until you find PCI DSS 2.0. Expand this option and select 10.2.2 entry which looks for "All actions taken by any individual with root or administrative privileges" based on the regulatory standard.

Click OK and save the filter as “Compliance PCI DSS2-10_2_2”.

Back to the Normalized Dashboard, select your new filter “Compliance PCI DSS2-10_2_2”

Apply your new filter to the current dashboard with the magnifier glass icon as indicated below:

Once the compliance regulation is selected, this action will update the view to include only the events that were initiated by administrators for the time period specified for the view.  The results for this example are below:

The advantage of using the compliance filters is that they can be used against any default views or custom views.  Above is the default Event Summary view that has the same PCI DSS 2.0 10.2.2 filter applied to it.


The ability to pull this compliance filter across into reporting - so you could use it to generate a daily/weekly/monthly report - would be very handy. Can it be done?


Version history
Revision #:
1 of 1
Last update:
‎04-25-2017 05:06 PM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community