cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SIEM Foundations: Updating McAfee ESM 10x Software

No ratings

Overview

This article will guide you through the installation of the latest code for your McAfee SIEM.

Preparing for a SIEM Software Update

Once all subordinate SIEM devices have been keyed to the ESM, consider the requirement to perform any updates to the platform codebase.  Refer to the Product Download pages on the McAfee website to determine the latest code version available for all the SIEM components.

NOTE: Important information relating to the SIEM update process can always be found in the accompanying release notes.  Read carefully the published documentation prior to initiating the update process.

Code updates are made available as a single compressed TAR file (.tgz, sometimes called a tarball), along with a corresponding hash file that can be used to confirm the validity and consistency of the file downloaded and each discreet platform in the McAfee SIEM suite has a unique code update path.  Since ALL appliances connecting to the SIEM solution must be running the same version of the code, it is important to obtain any/all .tgz files necessary to perform an update to each of the appliances used in your environment.

NOTE: Update files MUST have a .tgz extension to install properly.  Some browsers may try to save the .tgz file as .gz.  If this happens, simply rename the file to have a .tgz extension before uploading the file to your ESM.

The following table describes the SIEM appliance and corresponding upgrade file requirements:

McAfee ESM maintains a file repository into which all code update .tgz files can be uploaded.  Once uploaded, each .tgz update can be applied to the appropriate device from within the SIEM user interface either individually or, in the case of multiple devices of the same type, en masse. The order in which SIEM appliances must be updated is determined by reviewing the release notes published with each update.  In most circumstances, when multiple appliances in a SIEM hierarchy are to be updated, it will be necessary to start with the ESM (or ESM/REC/ELM).  Once complete, any Event Receiver appliances should be updated to the new version including any ELM or ACE appliances since they share the same Receiver codebase. Lastly, any additional subordinate appliances such as ADM or DEM should be updated.

Checking in Update Files

The following steps must be completed to make the new versions available in the ESM console.

  1. From the Pancake menu, select System Properties
  2. Select File Maintenance
  3. From Select File Type drop-down list, select Software Update Files
  4. Click on Upload to make the new version files available. A progress window will open.
  5. Repeat Step 4 for all the files required.

Updating McAfee ESM

NOTE: During most major (and some minor) updates, it will be necessary for the master ESM database to be rebuilt as part of the automated code update process. Depending upon the amount of data residing in the ESM database, this process can take anywhere from 30 minutes to several hours. In POC environments where the event volume will likely be minimal, the database rebuild process should complete in under an hour.  During the process, you will not be able to log in.

  1. From System Properties, select ESM Management and then Maintenance tab.
  2. Select Update ESM to open the window below:
  3. Click OK to start the update. You will be issued with the following warning:
  4. Click Yes to continue. A dialog box will open indicating that the update process has been initiated and instructing you to close the browser window. The ESM will reboot multiple times to perform the update process. Once the update is complete, you will be able to log in again

Performing a SIEM Software Update – REC, ELM, ACE, ADM, DEM

Once the ESM update has finished, follow these steps to update any subordinate SIEM appliances.

  1. From the Pancake menu, select Configuration
  2. From the Physical Display view, select any of the appliances that require the update (e.g. ACE) and select the Cog icon to display the Proprieties window for that appliance
  3. Select <name of device> Management (e.g. ACE Management) and click on Update Device
  4. Select the correct package and confirm with OK
  5. Confirm the Warning box to continue
  6. Repeat this process for any other appliance.

NOTE:  If the device has not completely updated after 3 minutes, the counter will restart.  You must wait until the device has fully updated and communication has been restored to continue.

« previousoutline »

Comments

Cool ! thank u

Find McAfee ESM documentation on the McAfee documentation portal.

Version history
Revision #:
1 of 1
Last update:
‎12-07-2017 03:01 PM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community