In this document, you will learn how to perform the initial setup of the McAfee Enterprise Security Manager product and components.
McAfee Enterprise Security Manager components
McAfee ESM and its components are installed in your network and configured to identify vulnerabilities, and threats.
If a threat occurs, the ESM can:
The McAfee ESM components include:
In redundant solutions, one DAS device is required in each system. For example, two redundant ESMs and two redundant ELMs require four DAS devices.
You might use just one combination ESM, or many of these components, depending on your environment.
The steps will be the same whether you are using the hardware or a virtual version of the appliance. We will assume that you have your appliance ready to be powered up and that a monitor and keyboard are connected to it if you are using a hardware appliance, so you can interact with the appliance. And, if you are using the virtual version, we assume that you are ready to power up your virtual machine. In all cases, you will need to have an IP Address available to assign to your ESM. And lastly, you should know the IP address of your gateway and subnet mask.
In our example, we are going to set up the ESM component, since it’s the first element you need to install. The steps are the same for all combo boxes or VMs that include the ESM component.
2. Press the ESC key to enter the menu at the top left corner of the screen, until the menu comes up. If you are using a VM, remember to click inside the console window first, then press ESC until the menu appears.
3. Use the arrow keys to navigate to ‘MGT IP Conf’ line and press Enter. Use the arrow keys again to move to the ‘Mgt1’ line and press Enter.
4. Enter the IP Address using the arrow keys. Make sure you are at the end of the line and press Enter when complete.
5. After setting the IP Address, do the same for the Netmask.
6. After the Netmask is finished, use the arrow keys to navigate to ‘Done’ and press Enter. This returns to the MGT IP Conf Menu. Select 'Gateway' and add the Gateway Address.
7. Optionally you can set the DNS servers, but this can also be accomplished through the UI. In our case, we’ll wait until we get to the UI part of the setup to enter the DNS information.
8. When finished, navigate to ‘Save Changes’ and press Enter. The device will then update its network settings and will now be accessible from the network.
Configuring the ERC, ELM, ELS, or ACE network interface
You need to perform the same steps for additional SIEM devices you are adding to the environment such as ERC, ELM, ELS, DEM, ADM or ACE component.
Completing the setup through the user interface
Default user name: NGCP
Default password: security.4u
When prompted, change your user name and password, then click OK.
Now that the appliance has an IP address assigned, you can complete the setup through the web user interface. The McAfee ESM is managed through a web HTML/Flash interface. Some features of the web console utilize pop-up windows, you should allow pop-ups for the IP address or host name for your SIEM.
For Rules Update Access, click OK and follow the instructions that appear to obtain your user name and password, which are needed for access to rule updates.
Perform initial ESM configuration:
Enter the server information for the ESM.
Add your network time protocol (NTP) servers to synchronize the ESM system time. Type these settings as needed:
To achieve best results in the ESM, it’s important to have a common time reference across the enterprise. As default, the ESM uses a set of Internet-based NTP servers. Enter your own enterprise NTP server, then click Next.
To automatically check the ESM server for rule updates:
The restart takes about 90 seconds to complete. Then you might be required to log back on to the ESM.
Confirm in ESM that all devices appear
In the ESM console, confirm that all various ESM devices appear before you begin detailed configuration of the devices.
For detailed information about performing these confirmation steps, see McAfee Corporate KB - Enterprise Security Manager 10.0.0 Product Guide PD26818 .
You are back into the console. If you need to make a change to your configuration, you can access the system configuration through System Properties under the Top-Left menu as indicated below:
You’ve seen how to perform the initial setup for McAfee ESM and components. Now your ESM is up and running. The suggested next steps would be to update your SIEM and add data sources.
For more information about McAfee ESM, visit:
McAfee Sales page http://www.mcafee.com/us/about/contact-us.aspx#ht=tab-sales