cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Possibility to query SIEM Collector versions of endpoints through ePO?

Hello, is it possible to query the product version of the SIEM-Collectors? I cannot find the option in the ePolicy Orchestrator. My idea is to create a query to look for installed SIEM collectors that are below a certain version so that we can identify and update them. We do something similar with versions of other managed products like Agent or ENS. So far I can only do querys for the following -"Installed products" does contain "SIEM" I would like to create a query for - "Product Version (SIEM Collector)" less than "11.1.9952.62126 " Is there such an option? Am I missing an ePO extension or something? Help would be appreciated. Kind regards, Florian
7 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

Do you have siem collector extension checked in?  You might want to ask siem team.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

I am pretty sure I checked in an extension but that was from an older version of SIEM. The newer version did not come with a new Extension. 

Maybe there was a newer Extension that I missed, i will check again (can only do so next week unfortunately).

It would be nice to know though if the properties can be used in general though.

I don't know if the issue would be resolved faster through the SIEM team. It would be nice to have a support engineer that knows both SIEM and ePO for this case.

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

I have the extension checked in for SIEM Collector with the version 11.00.4271.1625.

I cannot see the properties for any SIEM related data to use in filters or queries.

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

lets move this to the SIEM group, they will know if the collector uploads this property to the ePO server

pbpillai
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

You can create a filter that says "Installed Products" Contain 'SIEM Collector' & then get a list of all SIEM Collector versions installed on all of the endpoints.

We may also need to check whether we can add a filter that filters the version of the SIEM Collector.

Regards,

Prashanth B Pillai

McAfee Technical Support

Customer Success Group

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

I have such a filter in place already to check which system have SIEM collector installed but the problem lies in updating the SIEM collector. With hundreds of systems using the SIEM collector it is considerable effort to go through each one and check the version on the system page for each.

It is not possible for me to see the installed SIEM collector version at a glance from the table view in the query.

A filter to check the versions would be nice.

 

pbpillai
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Possibility to query SIEM Collector versions of endpoints through ePO?

You may need to create a Tag or a group for endpoints with SC versions les than a particulaar version.

Then you can do a mass upgrade.

Please check the below URL:

https://docs.mcafee.com/bundle/siem-collector-11.1.0-install-guide/page/GUID-3583311E-48ED-418C-9527...

Also, this can be possible via scripts. You may need to contact the McAfee Professional Services team.

 

Regards,

Prashanth B Pillai

McAfee Technical Support

Customer Success Group

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community