I have set up our Mcafee SIEM and now we are trying to integrate McAfee GTI with ESM. However, I am not able to find any documents or reference links that could tell me how to integrate Mcafee GTI with ESM. All I get on forums or documents is to integrate 3rd party feeds or TAXII format free feeds or just importing the reputation feeds from a file. Can someone refer any document that can tell how to integrate GTI with the ESM and how to view them in ESM?.
Solved! Go to Solution.
There are 2 core uses:
1. You will have access to the GTI watchlists - as documented in the product guide here: https://docs.mcafee.com/bundle/enterprise-security-manager-11.4.x-product-guide/page/GUID-409B42D3-F... - these can be used in alarms, correlation rules, dashboards, reports as needed - anywhere you can use a custom watchlist, you can also use the GTI watchlists.
2. You can access the Threat Details for any IP address to get a rating from GTI regarding it as documented in the product guide here: https://docs.mcafee.com/bundle/enterprise-security-manager-11.4.x-product-guide/page/GUID-DF6785E1-E...