I'll give you my problem with McAfee Esm.
We have integrated an Apex Central as a log source.
I noticed that McAfee supports Trend Micro as a vendor, but not Apex Central as a product. I have seen that there is Trend Micro Deep Security, Trend Micro Deep Discovery, Office Scan, but not Apex Central. We have configured the Apex Central console to forward the logs to the McAfee receiver, but some logs that arrive are not recognized, others are badly recognized. As a parser I then set ASP, created a parsing rule but it doesn't seem to work.
I have read the guide but I just can't figure out how to tell McAfee that the logs coming from that data source must be parsed following certain regexes.
Another thing I noticed: I created an ASP rule by renaming the events coming from Apex, calling them "Apex unmapped events", and within this rule I created a custom field "Action". But if I look for the events, no custom type appears, even if in the rule creation wizard it seems to work. I attach screenshots.
Last thing i noticed: i have created the ASP rule on the Apex Data Source, but i can't find it in the policy three. I can find it only if i select "Default Poliocy". I have made several roll out of the policy, but nothing change...
Thanks in advance to everyone
Solved! Go to Solution.
Hi @AlessioDeMarc ,
Thank you for your post.
I would like to understand if you're trying to integrate Apex Central with McAfee ePO.
If so we would require to redirect your query to the ePO channel.