ESM And McAfee Web Gateway

Hi all, has anyone had any luck with creating alerts regarding bandwidth usage via the built-in Web Gateway view?

Specifically, what I'm looking for is a view of how much Bandwidth is flowing from the Gateway and to be able to alert on this when usage reach certain levels.

The panel which comes closest is "Bytes Sent by Category" - but I cannot edit the query for this, I get the following error:


Also, is there a way to change the unit of measurement, from Bytes to mega or gigabytes - making it much easier to read?

Any help appreciated, thank you!

Re: ESM And McAfee Web Gateway

The view you're looking at is a built-in, read-only view. However it should not give you that error message (I'm getting the same error message, by the way).

The error is basically saying that "Bytes_Sent" is a non-indexed Custom Type field. Bytes_Sent is read-only, you can't enable indexing, unless you crate your own custom types field with indexing enabled. You will then need to update your parser to change bytes sent field to the newly created custom field.

I'd open a ticket with McAfee Support in this case because you should at least be able to view the configuration of the view w/o the error.

For the second part of your question, the unit measurement is set in both McAfee Web Gateway and SIEM in bytes, I can't tell you now w/o testing if that settings can be changed to anything other than bytes.

