cancel
Showing results for 
Search instead for 
Did you mean: 
georgec
Level 13
Report Inappropriate Content
Message 1 of 6

Fetching data from epo

hello,

I've installed the all-in-one ESM, receiver, logger virtual appliance and now I'm playing around with it. I've tried adding epo as a source of events, but it just shows up as inactive. I can tell you that I have plenty of threat, audit, client and server events.

inactive.JPG

This is how it's configured:

2.png

Testing the connection to the data source shows up as successful. Also, for the Microsoft Event log I can schedule a pull internval (default 10 minutes), but here I don't have that option.

Any help is greatly appreciated!

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Fetching data from epo

Hi georgec

That configuration looks good and it looks like the client data sources have been created too so there is a conection to the epo DB. You did not mention the version of ESM that you are running and if its a version prior to 9.1.3 you may have found a bug which is fixed in 9.1.3. Also, if you look at the Status of the device from ESM > Properties is there an error for epo not running?

My recommendation is to log this problem as a support ticket and we can work with you to address this problem and get it resolved ASAP.

Thanks


Chris

Re: Fetching data from epo

Hi all,

bumping this old thread beacause I'm experiencing a similar problem. I successfully added ePo source to McAfee ESM (virtual aplliance v9.1.3) somewhat two weeks ago. The client data sources have been created but the ESM is retrieving an unsatisfying number of events from ePo. For instance I'm not getting any events from McAfee DLP. I'm interested in general what I can get out of ePo but I'm especially focused on DLP.

1. Which events are supposed to be retrieved by the ESM? I have lots of events showing up in various ePo views - should all of them be retrieved by ESM?

2. Should I configure something in ePo? (Right now I simply added the ePo source in ESM, tested the connection and retrieved client data sources).

For the moment I received two types of events from McAfee VirusScan source: 'Update successful' and 'Deployment failed'. ESM also discovered these client sources, for which I've also received nothing:

ePo Orchestrator Agent

McAfee Host Data Loss Prevention

McAfee Host Intrusion Prevention

McAfee Site Advisor

Regards,

John

Re: Fetching data from epo

you have to update to the latest hotfix GA 11 on 9.1.3, It should fix the problem your having.

georgec
Level 13
Report Inappropriate Content
Message 5 of 6

Re: Fetching data from epo

Is this done from the GUI? I have a reseller grant number and I can only the the VM options for download. I don't have any updates for download, only the 9.1.3. vm build images.

Found an update button, but it says I need to upload the files from my machine...

artek
Level 11
Report Inappropriate Content
Message 6 of 6

Re: Fetching data from epo

Georgec - if you need a hotfix for the ESM devices, you have to ask the McAfee Support about them. There is no way to download it from the Download Products portal.

Regards,

Artur Sadownik