Showing results for 
Search instead for 
Did you mean: 

Antivirus Rule

Hi Team

We are evaluating the product.IF some on ehas the Antivirus Rule set which is realted to symantec and Macafee EPO then Pelase let us know.

Thanks and Regards


1 Reply

Re: Antivirus Rule

Hello Ganesh,

It might be helpful if you could expand a bit on what you're trying to accomplish with an antivirus rule. 

Assuming you're looking for correlation rules, know that it's pretty rare in McAfee ESM to build rules that are tied directly to specific vendors.  Our SIEM provides a feature called Normalization, which allows you to easily build powerful rules that are generic in nature.

All events are normalized by McAfee ESM into a fixed set of categories.  For example, any events related to viruses, trojans, etc. would be normalized as "malware", regardless of which vendor they came from.  Normalization is very useful in building alarms, reports, filters, etc.  It allows you to design these types of content with a simple filter, rather than requiring a separate rule to bring events from different vendors together.