cancel
Showing results for 
Search instead for 
Did you mean: 

ADM - Application Data Monitor ?

What is Application Data Monitor ?

How it works ?

How the communication happen in between from ADM to other device in ESM ?

How logs are forwarded to ADM ?

6 Replies
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ADM - Application Data Monitor ?

The ADM is a packet sniffing sensor with layer-7 awareness for a large number of protocols. The ADM is added to an ESM the same way that a Receiver is added so an encrypted channel is established when the ADM keyed on installation. Then it will be polled for events at the same interval that Receivers are polled.

The ADM has 4-ports that can be connected to network taps or mirror ports. The ADM default policy and rules can be viewed in the Policy Editor to give you an idea of the what they cover. New rules are easy to add with the graphical drag and drop editor. The ADM allows the SIEM operator to have direct access to the wire to search and monitor data relevant to myriad different use cases but especially those focused on data exfiltration, bot C&C activity, lateral movement and acceptable use.

Logs are still forwarded to Receivers. All of the events and flow data generated by the ADM are based on the packets that it sees on the wire. The ADM data is then correlated with log data collected by the Receivers.


Though it's a completely different engine and implementation, I think it's similar to what BRO provides in functionality with differences being the integration with the ESM, graphical editor, centralized management, out-of-the-box rules, commercial support and it's available as a McAfee hardware appliance as well as a VM.

Re: ADM - Application Data Monitor ?

Hi Andy,

Thanks for your Explanation.

Got clear understanding on ADM

Re: ADM - Application Data Monitor ?

Hi Andy,

Need another clarification.

whether logs collected forwarded to ADM are again forwarded to receiver and then to ESM ?

Thanks in Advance !!!

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: ADM - Application Data Monitor ?

The ESM polls/pulls data directly from the ADM database just as it does the Receiver. A Receiver does is not used in the process, This is true for the DBM/DEM also.

Re: ADM - Application Data Monitor ?

Hi Andy,

Thanks for your clarification.

Re: ADM - Application Data Monitor ?

Hi,

How ADM decodes encrypted Layer 7 traffic. 

for example most of the Web server application traffic will encrypted and how it will be decoded by ADM. 

How it will collect the logs? Will it use any sensor or agent to collect logs. Please explain.

Thanks in advance.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community