cancel
Showing results for 
Search instead for 
Did you mean: 

Re: SIEM implementation book

Hi scott,

Thanks for reply.

I was tried to deploy McAfee ESM AS per given System requirement but getting ERROR.

that is "Could not format /dev/sda1/ ext3."

Please check the image.

thanks,Error.png

Re: SIEM implementation book

This is a difficult problem to troubleshoot in a forum like this.  Please reach out to McAfee Support for assistance.

Scott

Re: SIEM implementation book

actually I am getting VM from McAfee that contain .iso file which i was tried to deploy on Esxi vm.

okay i will try to resolve the issue.

If you get something related to this please revert me.

Thanks,

Dharmaraj.

artek
Level 11
Report Inappropriate Content
Message 14 of 22

Re: SIEM implementation book

Hi Dharmaraj,

when you want to deploy SIEM in the virtual environment, you should rather use the OVF template from McAfee Download Portal. ISO is prepared for appliance versions, so you can have a trouble with using it on virtual machine.

Regards,

Artur Sadownik

Re: SIEM implementation book

Thanks you for your support.

Highlighted

Re: SIEM implementation book

It's not possible to use the McAfee SIEM ISOs to image 3rd party hardware.  They are intended only for certified SIEM appliances from McAfee

protah
Level 7
Report Inappropriate Content
Message 17 of 22

Re: SIEM implementation book

The Installation Guide Document (Available for download to McAfee customers) is your Primary tool to making an engagement as efficient and simple as possible; the “esm_940_ig_0-00_en-us” document. You’ll want to highlight the sections so you can have them on hand for the physical device configuration steps.

Start with Page 11 "Connect and start the devices"

Then on Page 19 "Configure the network interface" , configure your primary SIEM devices.

This should complete your physical setup and initial device terminal configurations.

Some Notes:

  • IPs need to be allotted within the same subnet; and ensure to allocate 1 extra IP *per HA ERC Pair.
  • Do NOT enable FIPS mode for any reason whatsoever (This is the first setup wizard function upon login to the ESM’s UI)
  • Devices IPs, DNS(s), Names should be well documented, we will be using this document.

This is a literal step by step guide for physical setup to device configuration settings.. If you have any questions please feel free to message me and I'll help if possible; I've done countless installs, configurations, and development for numerous environments.

R/

Jacob

Re: SIEM implementation book

thanks all for information ... basically some one told this book

Security Information and Event Management (SIEM) Implementation

by     David R. Miller     (Author),         Shon Harris     (Author),         Allen Harper   (Author),         Stephen VanDyke   (Author),         Chris Blask   (Author)


is best to start with SIEM, so looking forward to this .. some PDF or link to download. 

Re: SIEM implementation book

I’ve been following this community for a bit but I have never been active. I saw this thread and felt compelled to reply.

Unfortunately, there is only one book on SIEM and it was already mentioned. This book is "Security Information and Event Management (SIEM) Implementation." In my opinion, the book is horrible and my recommendation would be to skip it to save yourself the money and time. The book doesn’t even touch on SIEM management or use cases in detail. Outside of the previous suggestions related to McAfee SIEM, the link below outlines the best material I have found concerning SIEM implementation and management.


Linkz for SIEM http://journeyintoir.blogspot.com/2014/07/linkz-for-siem.html

The Securosis series provides a nice overview, Anton Chuvakin (a Gartner analyst) articles address planning projects and managing SIEM, and the SANs presentation slide deck is really good about building a SOC.

Re: SIEM implementation book

Hey scott,

Can you please go through the link there is installation guide for McAfee siem in which check the page number 10.

has description of minimum hardware and software requirement.

please check and revert why the difference between two different environment.

Thanks,

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community