I just added some VMWare ESX 6.5 data sources on my ESM 10.3.2. But as far as I see there are some issues with logs parsing. Most of events are "unknown event".
What can I do ?
Thanks for your help !
Check that VMWare isn't in debug mode for logging. We've had several instances where for some reason it was in debug mode and sending a huge number of logs that aren't relevant from a security context.
Several ESX nodes were in debug/verbose mode, thanks for that. But I still get a huge amount of logs that are not parsed.
I though McAfee would have a default VMWare ESX 6.5 parser so I don't have to write it.
Some SIEM have a full integration of VMWare products with dedicated dashboards and so on...