cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 9

SIEM enhancement requests

Jump to solution

Anybody has more luck with Product Enhancement Requests for McAfee SIEM?

It seems their website for PER Accept Requirements Home is more like a blackhole...

No visibility to progress for submitted PERs, no way to see PERs from others, no scoring.

Please share your experiences/thoughts.

1 Solution

Accepted Solutions
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 9

Re: SIEM enhancement requests

Jump to solution

Yes.... black hole describes the experience pretty well. You'll have to try and irritate your sales folk and product managers regularly.   Although, my most recent PER submission was denied almost immediately but at least that was obvious. 

View solution in original post

8 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 9

Re: SIEM enhancement requests

Jump to solution

Yes.... black hole describes the experience pretty well. You'll have to try and irritate your sales folk and product managers regularly.   Although, my most recent PER submission was denied almost immediately but at least that was obvious. 

View solution in original post

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 9

Re: SIEM enhancement requests

Jump to solution

yes, I do keep reminding about PERs to our Account Director and Support Account Manager. It helps very little since we paid for the whole platform/service...

Anyway, perhaps we should start sharing our PERs here and get more leverage on the ones that are important to majority?

Our pending PERs (excluding custom parsers) below:

- Allow to log user alias in case's views/edits (our AD logins are mostly digits)

- Select All events (double-click selects events only from current page)

- watchlist changes - to be logged

Highlighted

Re: SIEM enhancement requests

Jump to solution

I submitted about 20 back in November. Late December and beginning of January I received:

------------------------------------------------------------------

A status change has been made to the following Product Enhancement Request for which you are a stakeholder.
Status Change Notification: Product Enhancement Request status updated from Not Yet Reviewed to Under Review

This request has been received by McAfee and is under consideration for inclusion in a future release.

----------------------------------------------------------------    

I also created view in the ESM using Note Areas, so when I'm in the middle of something I can just write down what I want quick:

Would be really awesome if they would let you submit a PER from the tool itself!!! Think of that magic!

Highlighted
Level 12
Report Inappropriate Content
Message 5 of 9

Re: SIEM enhancement requests

Jump to solution

The Support tolds me that the next update has the function to set a PER

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 9

Re: SIEM enhancement requests

Jump to solution

I never seem to get any response to any PER I submit. One sat in there for a year. They never get looked at or reviewed so I have stopped submitting them. Is there a secret the other posters used that they might share? Did they use the same PER request site that is posted? Not trying to be snarky, here, I just would really like to know. I asked support once and they said that the PER site was the only way to submit them.

Highlighted
Level 10
Report Inappropriate Content
Message 7 of 9

Re: SIEM enhancement requests

Jump to solution

the only way to get the attention to youe PERs is to tell everyone you know about it.

do you want to share with us what's on your list?

I'm currently preparing another one(s) around permissions/access affecting various areas (e.g. watchlists, events).

Highlighted
Level 7
Report Inappropriate Content
Message 8 of 9

Re: SIEM enhancement requests

Jump to solution

I had to log in to the site to see what we had submitted, it's been a while since I've bothered. The ones we have left in there are for F5 log parsing. One issue was that our ASM logs weren't being parsed correctly. If it had the term "request blocked", those entries weren't parsed. If the term "request violations" was in the entry, then it was parsed. This was from September of 2014, it was never looked at. Honestly, I think we found another way to get the data we needed.

The other item was that our audit logs (system logs from the devices themselves) from the F5 devices aren't being parsed correctly. To my knowledge, this is still an issue. We verified the logs were hitting the siem via tcpdump but they didn't get parsed. that was in November of 2014. We supplied log samples for each and still haven't heard anything back. That one also has not been looked at.

I have one from February 2014 that I tried to close but apparently we can't close our requests? So I just left it, the issue has gone away.

Highlighted

Re: SIEM enhancement requests

Jump to solution

No special tricks, my guess is they probably get a lot of duplicates. I also know they are in the middle of a UI re-write with HTML5. Maybe even get some right click functionality .  These may contribute to the slowness of PER responses. I know it seems like a black hole at times but better to throw them over the fence. Some day you might see something in an upgrade and get really excited.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community