Showing results for 
Show  only  | Search instead for 
Did you mean: 

SIEM Foundations - Index

No ratings

Introducing McAfee SIEM Foundations

In the course of ever new SIEM deployment, there comes a time when the team responsible for the new tool takes a step back and says "now what?"  This comes after the appliances are racked, networked and configured, and initial logs are flowing serenely into the SIEM.  Dashboards begin to populate with logs, canned correlation rules begin to fire, and the administrator sitting at the console becomes immediately overwhelmed by the magnitude of the problem they have tackled.  With millions, or billions, of individual events flowing into the SIEM every day, it's a daunting task deciding what's urgent today, what trends are important to watch over time, and what can be safely ignored.

The McAfee SIEM Foundations program is designed as a roadmap to help users of McAfee SIEM build out their SIEM in a way that delivers value early, and is easy to expand over time in a predictable fashion.  McAfee SIEM Foundations is based on a series of deployment stages that build directly on each other.  The basic concepts and tactics outlined in McAfee SIEM Foundations may be applied to any SIEM deployment, however the bulk of this guide will focus on the details of implementing this program with McAfee Enterprise Security Manager (ESM).

1 Introduction to McAfee SIEM

    1.1 Architecture Primer

    1.2 Hardware Review

2 Installation and Configuration

    2.1 VM Installation and Configuration

    2.2 Basic Install and Config

    2.3 Adding (Keying) Additional SIEM Appliances

    2.4 Performing a Manual Rules Updated (optional)

    2.5 Define ELM Storage Pools

    2.6 Other Configuration Steps

    2.7 Enable Correlation

3 Connect Your SIEM to Your Enterprise

    3.1 Customize Logo on Login Page

    3.2 Customize Logo in the UI

    3.3 Connect to AD for Login Authentication

    3.4 Connecting the SIEM to a Windows Domain Controller for Asset Import

    3.5 Configure User-specific ESM Settings

    3.6 Define Zones

    3.7 Configure Local Networks

    3.8 Configure Variables

    3.9 Implement Enrichment to Pull in Full Source and Dest User Name From AD

    3.10 Basic Correlation Rule Tuning

4 Configure Data Sources

    4.1 Configuring a SYSLOG Data Source

    4.2 Configuring a Windows Data Source

    4.3 Creating a McAfee ePolicy Orchestrator Data Source

5 Connect Your SIEM to the World

    5.1 Implement URL Actions

    5.2 Threat Feeds

    5.3 Install Content Packs

    5.4 The Cyber Threat Manager in the McAfee ESM

6 Get Familiar With Your SIEM

    6.1 Verify That All Data Sources Are Logging as Expected

    6.2 Learn Basic Navigation

7 Operating and Tuning Your SIEM

    7.1 Working With Alarms

    7.2 Create and Manage Cases

    7.3 Tune Correlation Rules

    7.4 Filter Out Low-Value Events

    7.5 Ramp Up With Additional Data Sources as Needed

8 SIEM Maintenance

    8.1 Configuring ESM Backup Settings

    8.2 Updating SIEM Software

Moving Beyond Foundations

This framework is a simple starting point to help as you begin your SIEM deployment.  As you mature your SIEM deployment, you will discover your own tricks, techniques, and optimizations.  This forum is an excellent place to share ideas with your fellow users.  Please leverage the comment sections throughout to voice your thoughts, share your successes, and ask for help.  Enjoy the journey.


Great set of articles and documents!

Exceptional documents.


You have launch me into McAfee SIEM,  excellent foundation course and it's FREE 

Thanks for this info's a great start to learn

Version history
Revision #:
1 of 1
Last update:
‎08-15-2014 09:11 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community