I am using Mcafee ESM 9.6. I am trying to figure out a way to check if any of my local IPs did any large file uploads.
Is there a way to produce a list upload sizes ( A table of Date | Source IP | Destination IP | Upload Size )
if this information Source IP, Destination IP and Upload Size given in the log than you can display it. There is a Dashboard "Normalized Dashboard" if you configure this dashboard you can change the table in the event section.
yes it does but they are not automatically accumulated to be of use in reporting.
You'd need to map them to proper interesting fields that would make sense in your case.
You can Also write an correlation rule that will do something similar, but it's not a reportable like give utilization by IP, it's more along the lines of deviation from a value type of rule.
I hope this helps
Ping me if you need more help.