cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM- Active Response

Hi everyone,

As you know , McAfee ESM 9.5.2 was announced. With this version includes active response module.

Does anyone has a change to use active response module on ESM?

If does, I'll be glad to hear integration experiences  and during the integration problems.

Thanks,

Best Regards,

Cagatay Kacar

7 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 8

Re: SIEM- Active Response

Re: SIEM- Active Response

Thank you xded for your reply.

But I m getting that kinda error on ESM console.

On ePO side there are many collectors. But I can not see on ESM console.

There is nothing between ePO and ESM.

what am I supposed to do?

AR_collector_error.png

xded
Level 12
Report Inappropriate Content
Message 4 of 8

Re: SIEM- Active Response

Do you have the Modul in the ePo? Do you have the Active Response Collector installed?

Re: SIEM- Active Response

Yes, they already installed.

xded
Level 12
Report Inappropriate Content
Message 6 of 8

Re: SIEM- Active Response

Did you a refresh on the ePO Datasource if you installed a module in the ePo you need to refresh the Datasource.

Click on the ePO in SIEM --> Properties --> Device Management --> Refresh

Over this level i cant help you sorry. 

Re: SIEM- Active Response

check this doc:

proxima
Level 10
Report Inappropriate Content
Message 8 of 8

Re: SIEM- Active Response

Hi,

You should try 9.6 version (it is available now)

In my test lab everything works as it should:

Collectors.PNG

In 9.5.2 I had the same error as you.

Regards

M