cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

I was wondering if events sent to the SIEM from a McAfee SIEM Collector are already parsed. I know in other SIEM environments the agent handles the parsing so the events are sent over already parsed. I can't find any work flow diagrams that include a McAfee SIEM Collector in the environment.

2 Solutions

Accepted Solutions
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

yep, that's how I understand it. Just like syslog format.

View solution in original post

McAfee Employee Eric_McAfeeSIEM
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

The information is sent over in MEF (McAfee Event Format). This is a format easily readable by the receiver which then processes the events against rules for the data source so they are then parsed to the proper event. The receiver still does the rule parsing. Does this answer your question?

 

Thank You

 

Eric

View solution in original post

4 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

I believe mapping fields is available in the SQL plugin, which you can map the fields on SIEM collector.

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

So in general, unless specifically configured, events are sent over in raw form and the receiver still handles parsing them, correct?

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

yep, that's how I understand it. Just like syslog format.

View solution in original post

McAfee Employee Eric_McAfeeSIEM
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Are logs sent from the McAfee Event Collector already parsed?

Jump to solution

The information is sent over in MEF (McAfee Event Format). This is a format easily readable by the receiver which then processes the events against rules for the data source so they are then parsed to the proper event. The receiver still does the rule parsing. Does this answer your question?

 

Thank You

 

Eric

View solution in original post

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community