I'm new to the SIEM world, and have been thrown in, with no direct experience. One way to learn is to document, so I need to document the environment to include:
The physical devices, and configurations
Who talks to who
How thay talk and why
Any automated processes
Disaster recovery procedures.
I have been looking all over for Visio templates that include the updated McAfee Devices. The IPSguys site does have any.
I have ePO, ESMs, ELM, ACE, DAS(50 & 25), IPS's and MVM. Any help would be GREATLY appreciated. For the most part, I've scoured and other than reading the actual product guides, user guides and best practices, there don't seem to be any practical documents or manuals around which is somewhat disconcerning. This kind of documentation would raise the value of the various mcafee appliances and solutions.