I have integrated McAfee IPS (network security Manager )with my Mcafee ESM. But it not displaywith different category events. ESm display all the logs in one raw with onecategory name. Please let me is thereany integration problem with ESM? How can I integrate properly with ESM.
I really appreciate your support gentlemen’s.
There was an old version of the NSM parser that worked this way, but it should no longer be the case with the current parser. You should verify the following:
thank you for your reply.
I have updated rules and roll out for devices, but still i am receiving assame. i am getting only one category with i attached below screen shot. Also I haveattached IPS setting for your more information. Please let me know what I haveto do for parser McAfee IPS logs properly.
It's not entirely clear what the problem is here. The events you are seeing here do not look at all like events that would come from NSP. Since you have configured the NSP parser to receive via syslog, have you configured your NSM to send events to the ESM via syslog? You might have best results contacting McAfee Support for assistance.
I have integrated McAfee IPS with ESM with the help of McAfeeSIEM Technical support team. If anyone want to intergrade McAfee IPS , add thisas devices not as data source. You haveto follow below step to get the max.
For your reference, please findthe link to the same below.
4. Add McAfee NSM as device on ESM, test the SQL rootuser connectivity and NSM admin connectivity.
This will enable add automatically childe sensors whichare configured with NSM.
All the Best,
To configure the NSM in the SIEM you must prepare the MySql database to accept connections from the receiver ip address here's the commands:
Assuming that scenario:
SIEM Receiver IP: 192.168.100.1
NSM Manager IP:: 192.168.100.2
User to access the NSM database from SIEM: siem pass: siempass (you must change without special characters)
A)Access to the windows system in the NSM Manager and run the following commands:
B) Create a new device in NSM:
Now you are getting connected with NSM and SIEM