During implementation McAfee SIEM for one of our customers , penetration tests were executed (10.4.0 patch 9) that pointed out that for McAfee SIEM devices :
ESM, ELM, ERC and ACE there is outdated ssh software version applied.
for 10.4 it is SSH_FIPS-7.8p1, OpenSSL 1.0.2p-fips 14 Aug 2018
for 11.3 it is also SSH_FIPS-7.8p1, OpenSSL 1.0.2p-fips 14 Aug 2018
Could you please provide information whether the newer version of SSH implementation ( and if possible which version ) is planned to be included in McAfee releases and when this could be expected?
Another finding was that on ERCs (checked on 10.4.0_GA_patch_9) there are outdated protocols and ciphers enabled in Syslog over TLS port(s) configuration.
Some deprecated protocols (SSLv3, TLSv1, TLSv1.1) and cipher suites (based on RC4, 3DES) are allowed for negotiation with clients.
Could you please provide explanation whether these issues can be remediated by SIEM engineers or will this be planned/mitigated in new software versions?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.