cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee SIEM

Good morning all

I have spent a considerable amount of time trawling through the internet to see whether there is a document which 'maps' WMI events to McAfee SIEM signature id's or the likes of? If anyone has or knows whether something like this is available it would be hugely appreciated if they could let me know where it resides or how to obtain it/them?

Many thanks!!!

0 Kudos
1 Reply
acommons
Level 10

Re: McAfee SIEM

This may help.

In the Filters pane on the right select Signature ID and then click the Filter List (funnel) icon. In the dialogue that appears select the Windows Tab. Enter the Windows event ID in the (not obvious) text box at the top of the list that is displayed. Select the event type you want from the filtered list.

This will give you the Signature ID for the event in the filter list.

0 Kudos