cancel
Showing results for 
Search instead for 
Did you mean: 
japie
Level 9
Report Inappropriate Content
Message 1 of 3

Mcafee NDLP - As a datasource in McAfee SIEM

Jump to solution

Hi Folks

Has anybody integrated  McAfee NDLP with McAfee SIEM?

In the documentation this looks like  straight forward syslog that needs to be configured to send the data to the SIEM receiver.

We have configured exactly that way, confirmed no firewalls blocking anything but still not receiving any data.

We have added the following appliances:

NDLP Monitors

NDLP Manager

NDLP Discovery

We are not receiving any data

When I run a tcpdump on the receiver not receiving any syslog data from any of those devices.

Both technologies on the latest version.

Any idea what  we could be missing?

Thanks,

Japie

1 Solution

Accepted Solutions

Re: Mcafee NDLP - As a datasource in McAfee SIEM

Jump to solution

As I recall, with NDLP there are a couple of different places you need to enable syslog.  There is a system-wide setting (which it sounds like you've done).  There is also a setting that you can turn on for each individual rule in your policy.  I suspect you haven't enabled syslog on any of your DLP rules.

Scott

2 Replies

Re: Mcafee NDLP - As a datasource in McAfee SIEM

Jump to solution

As I recall, with NDLP there are a couple of different places you need to enable syslog.  There is a system-wide setting (which it sounds like you've done).  There is also a setting that you can turn on for each individual rule in your policy.  I suspect you haven't enabled syslog on any of your DLP rules.

Scott

japie
Level 9
Report Inappropriate Content
Message 3 of 3

Re: Mcafee NDLP - As a datasource in McAfee SIEM

Jump to solution

Thanks Scott, found it!