cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ADM - Application Data Monitor ?

What is Application Data Monitor ?

How it works ?

How the communication happen in between from ADM to other device in ESM ?

How logs are forwarded to ADM ?

6 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ADM - Application Data Monitor ?

The ADM is a packet sniffing sensor with layer-7 awareness for a large number of protocols. The ADM is added to an ESM the same way that a Receiver is added so an encrypted channel is established when the ADM keyed on installation. Then it will be polled for events at the same interval that Receivers are polled.

The ADM has 4-ports that can be connected to network taps or mirror ports. The ADM default policy and rules can be viewed in the Policy Editor to give you an idea of the what they cover. New rules are easy to add with the graphical drag and drop editor. The ADM allows the SIEM operator to have direct access to the wire to search and monitor data relevant to myriad different use cases but especially those focused on data exfiltration, bot C&C activity, lateral movement and acceptable use.

Logs are still forwarded to Receivers. All of the events and flow data generated by the ADM are based on the packets that it sees on the wire. The ADM data is then correlated with log data collected by the Receivers.


Though it's a completely different engine and implementation, I think it's similar to what BRO provides in functionality with differences being the integration with the ESM, graphical editor, centralized management, out-of-the-box rules, commercial support and it's available as a McAfee hardware appliance as well as a VM.

Highlighted

Re: ADM - Application Data Monitor ?

Hi Andy,

Thanks for your Explanation.

Got clear understanding on ADM

Highlighted

Re: ADM - Application Data Monitor ?

Hi Andy,

Need another clarification.

whether logs collected forwarded to ADM are again forwarded to receiver and then to ESM ?

Thanks in Advance !!!

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: ADM - Application Data Monitor ?

The ESM polls/pulls data directly from the ADM database just as it does the Receiver. A Receiver does is not used in the process, This is true for the DBM/DEM also.

Highlighted

Re: ADM - Application Data Monitor ?

Hi Andy,

Thanks for your clarification.

Highlighted

Re: ADM - Application Data Monitor ?

Hi,

How ADM decodes encrypted Layer 7 traffic. 

for example most of the Web server application traffic will encrypted and how it will be decoded by ADM. 

How it will collect the logs? Will it use any sensor or agent to collect logs. Please explain.

Thanks in advance.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community