cancel
Showing results for 
Search instead for 
Did you mean: 
clhall
Level 7
Report Inappropriate Content
Message 1 of 4

Correlation rules list

Jump to solution

Anyone know of a way to export a list of the correlated rules in my ESM?  Or even find a list online somewhere?  I'm working with multiple ESMs across different networks, and my hope is to find a way to compare the rule sets across them all to figure out the difference between them as far as what's turned on vs off.

1 Solution

Accepted Solutions
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Correlation rules list

Jump to solution
3 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Correlation rules list

Jump to solution
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Correlation rules list

Jump to solution

Hi,

The only option of expert is to XML format 😒

if you want theres' a script in Github that is exporting a list of the correlation rules to a nice and clear topology. (made by - Michael Clemens exitnode )

Check the Next link:  https://github.com/exitnode/esm2markdown

 

In the meantime just letting you know that you are not the only one that needs this 

I'm Waiting also that McAfee will Release a Solution for that.

Best Regards 👍👍👍

David.

clhall
Level 7
Report Inappropriate Content
Message 4 of 4

Re: Correlation rules list

Jump to solution

Great info and gives me a good place to start.  Thanks!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator