cancel
Showing results for 
Search instead for 
Did you mean: 

Mcafee SIEM

Jump to solution

Dear,

I have a queries regarding mcafee SIEM 

 

1. If we need to setup a virtual machine with 32 cores, Do we need to buy 4 x 8 cores licence to make that machine functional ?

 

2. What is the relationship for Cores VS EPS ? How many cores will be supporting how many EPS in this new model ?

 

3. What about that licencing model now ? We have licencing model based on EPS, for upto 5000 EPS.Is it completely changing with this EOL or will be working parallel to this new core based licensing model ?

 

Basically need to understand this change completely.

 

 

2 Solutions

Accepted Solutions
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Mcafee SIEM

Jump to solution

Hi, great Questions

1 big answer.

 

McAfee1.PNG

McAfee2.PNG

Best regards 👍👍👍

David.

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Mcafee SIEM

Jump to solution

The EPS counts are only estimations. It is licensed by device, not by ESP like QRadar or Splunk with it's data index amount. You are free to use the hardware as efficiently or as inefficiently as you wish.

Depending on the types of events, you can greatly exceed the 5000 estimation or fall far short. It really depends how efficent you make everything operate.

Brent
5 Replies
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Mcafee SIEM

Jump to solution

Hi, great Questions

1 big answer.

 

McAfee1.PNG

McAfee2.PNG

Best regards 👍👍👍

David.

Highlighted

Re: Mcafee SIEM

Jump to solution
Thanks David for you answer. Can please clear me more about the licensing of 5000 EPS on VM??
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Mcafee SIEM

Jump to solution

The EPS counts are only estimations. It is licensed by device, not by ESP like QRadar or Splunk with it's data index amount. You are free to use the hardware as efficiently or as inefficiently as you wish.

Depending on the types of events, you can greatly exceed the 5000 estimation or fall far short. It really depends how efficent you make everything operate.

Brent

Re: Mcafee SIEM

Jump to solution
Thanks a lot Brent.
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: Mcafee SIEM

Jump to solution

If you are looking for a suggestion on what to get to get started with. I am going to guess you have at least a medium size enterprise considering you are looking at running it yourself and not at a MSP.

I would suggest a getting the following:

  • 8-core ESM VM
  • 8-core Event Receiver VM
  • 8-core ACE VM
  • 8-core ELM VM

It is basically everything you need to get started. 8-cores goes quite far if you do things like disabling hyper-threading and such. To get the most out of the cores, get CPUs with large L2 caches.

I don't recall the VMs limiting memory, so even though the licensing document says 16GB I believe you can assign it whatever you want, and it will just use it. In reality memory is never the limiting factor it always ends up being disk I/O on the ESM. Having a nice mix of disk types would be important, some fast stuff for the ESM and some slower disks for the ELM stroage. The ACE and Event Receiver and not that disk hungry.

Brent
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community