cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee ESM Report Query


Is there any way to capture packet data also on ESM Report Query

For eg: I needs to generate report for firewall configuration changes which should contain the details of the change , which policy/object is modified and what is the change etc.

Thanks

Praveen

5 Replies
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: McAfee ESM Report Query

The ESM is designed to work with parsed structured data. You will want to make sure all key details are parsed into your event and then you can include it in reports.

Re: McAfee ESM Report Query

Yes I got it Thank you for the information, Currently I am trying to create few custom ASP rule to achieve the same

Highlighted

Re: McAfee ESM Report Query

Hi,

For Alarms this is possible not sure about Reporting.

That was discussed a while ago in the following thread:

You could possibly try and let us know.

Regards

Re: McAfee ESM Report Query

Hi Alexander,

Thanks for information

I believe for alarms this is possible by copy packet data option and for report we have to run a query to the fields available on ESM. Since the ESM have only the parsed data available we needs to do a custom parsing to add any more field from packet data

Thanks

Praveen

Re: McAfee ESM Report Query

Just double-checked and indeed no option for such parameters into the reports.

It will be good idea if you could raise a PER so they can implement such functionality.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator