cancel
Showing results for 
Search instead for 
Did you mean: 
hughesr9
Level 7

Can I deploy remote ERC's which has no connection to an ESM?

I have remote sites with no connectivity back to my master site. I wish to deploy an ERC into these sites run it for a while 2-3 weeks then bring it back to my min site to investigate the logs. I read that every McAfee SIEM deployment has to have at least one ESM, does that mean I must deploy an ESM in each of the remote sites or can I just deploy an ERC and bring this back and connect it to an ESM at my main site?

0 Kudos
1 Reply
abanaru
Level 11

Re: Can I deploy remote ERC's which has no connection to an ESM?

In theory you can do that. Add the ERCs into ESM, apply the data source configuration to the ERCs and then physically move them but still keep them into ESM.

Depending on your ERCs you have different values for internal storage (McAfee Event Receiver – Event Collection | Intel Security Products ) which you should take into account.

It's gonna be interesting when you connect them after a while and the ESM starts pulling data :-D

Let us know how it goes.

Regards,

Andrei

0 Kudos