cancel
Showing results for 
Search instead for 
Did you mean: 

Alarms or events for deleted data sources

Jump to solution

Hi All,

I've been looking for a possibility to alert specific people when a data source is deleted in ESM. However, up to now I've found no way to monitor these actions. The local ESM events only mention deletion of devices as an event. This however does not alert on data sources being deleted. Has anybody ever struggled with this and found a solution or do I feel a PER coming up?

1 Solution

Accepted Solutions
Highlighted

Re: Alarms or events for deleted data sources

Jump to solution

Hi Robert,

You are right there is no way to create Alarms as there are no Events generated at all for removed datasources. It's funny because the system is meant to collect logs but not all of its own logs.

Maybe the best thing will be to create PER request:

McAfee KnowledgeBase - How to submit a Product Enhancement Request (PER)

6 Replies
Highlighted

Re: Alarms or events for deleted data sources

Jump to solution

Hi Robert,

You are right there is no way to create Alarms as there are no Events generated at all for removed datasources. It's funny because the system is meant to collect logs but not all of its own logs.

Maybe the best thing will be to create PER request:

McAfee KnowledgeBase - How to submit a Product Enhancement Request (PER)

Re: Alarms or events for deleted data sources

Jump to solution

Thanks Alexander for the quick reply. It's funny in a sad kinda way . My experience with submitting PERs over the last couple of years has not been very positive but maybe I can pull some strings at McAfee for this one.

Re: Alarms or events for deleted data sources

Jump to solution

And the PER site is broken... I can only select DLP as product.  sigh...

Re: Alarms or events for deleted data sources

Jump to solution

Robert, I haven't had the best of luck in the past submitting PER's either. I just submitted one yesterday for almost this same issue. We've discovered that you can delete logs from the SIEM on the back end as "root" and nothing gets logged for this action. I have a meeting with our SAM tomorrow, and will bring this PER to his attention. I'll keep you guys posted.

Re: Alarms or events for deleted data sources

Jump to solution

I'll create a PER too - kinda humerous when the Event Manager doesn't manage it's own events!

Mark

yd9038
Level 9
Report Inappropriate Content
Message 7 of 7

Re: Alarms or events for deleted data sources

Jump to solution

There isn't any events generated for added or deleted datasources as far as I know, but these Sig IDs below are logged each time a device (Receiver, ACE, ELM, ADM, DBM) added or deleted:

306-18Device Add
306-19Device Delete
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community