cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mc Afee ESM with Apex Central

Jump to solution

Hi,

I'll give you my problem with McAfee Esm.

We have integrated an Apex Central as a log source.

I noticed that McAfee supports Trend Micro as a vendor, but not Apex Central as a product. I have seen that there is Trend Micro Deep Security, Trend Micro Deep Discovery, Office Scan, but not Apex Central. We have configured the Apex Central console to forward the logs to the McAfee receiver, but some logs that arrive are not recognized, others are badly recognized. As a parser I then set ASP, created a parsing rule but it doesn't seem to work.

I have read the guide but I just can't figure out how to tell McAfee that the logs coming from that data source must be parsed following certain regexes.

Another thing I noticed: I created an ASP rule by renaming the events coming from Apex, calling them "Apex unmapped events", and within this rule I created a custom field "Action". But if I look for the events, no custom type appears, even if in the rule creation wizard it seems to work. I attach screenshots.

 

Last thing i noticed: i have created the ASP rule on the Apex Data Source, but i can't find it in the policy three. I can find it only if i select "Default Poliocy". I have made several roll out of the policy, but nothing change...

Thanks in advance to everyone 

1 Solution

Accepted Solutions

Re: Mc Afee ESM with Apex Central

Jump to solution

Hi,

 

i solved the problem. 

There was an autolearned rules in the data source which prevent the execution of custom parsing rules.

 

Bye

View solution in original post

3 Replies
Pravas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Mc Afee ESM with Apex Central

Jump to solution

Hi @AlessioDeMarc ,

Thank you for your post.

I would like to understand if you're trying to integrate Apex Central with McAfee ePO.

If so we would require to redirect your query to the ePO channel.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: Mc Afee ESM with Apex Central

Jump to solution

Hi, no. What i am trying to do is to configure APEX CENTRAL as data source in our McAfee ESM envornment

 

 

Re: Mc Afee ESM with Apex Central

Jump to solution

Hi,

 

i solved the problem. 

There was an autolearned rules in the data source which prevent the execution of custom parsing rules.

 

Bye

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community