cancel
Showing results for 
Search instead for 
Did you mean: 
poezie
Level 9
Report Inappropriate Content
Message 1 of 5

Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Hi

Has anyone been able to figure out how to report or create a dashboard to view all parent or child data sources who no longer are communicating into the ESM ?

We have 1000's of MS Windows systems reporting into the ESM using the Windows event collection agent and at times even though the service continues to run the communication between the agent and the ERC fails.

I know that a yellow flag shows up on the data source but there are lots of false positives when using child data sources, also if you have 1000's of agents spread around in the ESM getting a consolidated view of these broken agents would be an asset in resolving the issues

Please help!

1 Solution

Accepted Solutions
poezie
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Your second option works with the reporting.

Thanks


Mike

4 Replies
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Hi Poezie!

There are a couple of builtin reports that might help here:

2015-05-11_165641.png

Otherwise, the device reports should help as well. It's not a dashboard or report but it should help you do what you need:

2015-05-15_082131.png

Hope this helps!

Best Regards,

Jon

poezie
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Hi


Thanks for your reply but the report unfortuantley doesn't wrk as it only reports on data sources that are collection logs, it doesn't show the data sources with a 0 EPS.

I will look at the other option and advise my findings

Thanks


Mike

poezie
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Your second option works with the reporting.

Thanks


Mike

Highlighted

Re: Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM

Jump to solution

Bumping this, because this isn't completely solved. There's still no facility described here for putting the data onto a dashboard, and in my case (working as an MSP) the device reporting isn't a suitable alternative.

Kind regards

 

James

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator