cancel
Showing results for 
Search instead for 
Did you mean: 
janukahw
Level 7

Check for Large file uploads

Hey Guys,

I am using Mcafee ESM 9.6. I am trying to figure out a  way to check if any of my local IPs did any large file uploads.

Is there a way to produce a list upload sizes ( A table of Date | Source IP | Destination IP |  Upload Size )

0 Kudos
5 Replies
xded
Level 12

Re: Check for Large file uploads

Hi Janukahw,

if this information Source IP, Destination IP and Upload Size given in the log than you can display it. There is a Dashboard "Normalized Dashboard" if you configure this dashboard you can change the table in the event section.

0 Kudos
McAfee Employee

Re: Check for Large file uploads

Do you have any data source reporting bytes transferred? FW, proxy, netflows, etc?    

0 Kudos
janukahw
Level 7

Re: Check for Large file uploads

Hi Andy,

I have integrated this with Fortigate Firewall for Syslog data only (no netflow). Do bytes transferred get logged in syslog ?

0 Kudos
McAfee Employee

Re: Check for Large file uploads

I'm not sure. Do you have a sample? Byte counts would probably be included in a "flow teardown" type message.

0 Kudos
paul.k
Level 10

Re: Check for Large file uploads

yes it does but they are not automatically accumulated to be of use in reporting.

You'd need to map them to proper interesting fields that would make sense in your case.

You can Also write an correlation rule that will do something similar, but it's not a reportable like give utilization by IP, it's more along the lines of deviation from a value type of rule.

I hope this helps

Ping me if you need more help.

0 Kudos