thanks Scott.. for the links..
I am totally new to SIEM and my current scenario is ... vendor has implemented the SIEM and i am floaded wth the logs .. now i am confused .. what to do with those log... what type of report should i creat for management and how to find the suspicious activities...
i hope you got my condition .... please guide..
I strongly suggest you take a look at this one (you have to fill your name to download it)
I am not getting the difference between McAfee ESM and McAfee SIEM. either this two are different or same?
and one more thing i was found some different (High) prerequisite for McAfee SIEM for VMWARE ESXI environment as compare to PHYSICAL ENVIRONMENT . why?
Yes, we sometimes are sloppy in our terminology. We often use "ESM" and "SIEM" interchangeably. "ESM" refers to our entire SIEM solution, and is also the name of the central component of the SIEM architecture.
As for your other question, on virtual hardware requirements, I'm not clear on what you're asking. Can you elaborate?
May I know the actual software and hardware requirement of McAfee ESM ?
I was checked it on google. I was found that for Vmware, Siem required 8-core processor,8 gb ram,250 hdd.
And somewhere for physical environment i was found the normal dual-core processor,1.5 gb ram,20 hdd.
So please let me know the exact prerequisite of McAfee SIEM at Vmware environment or Physical environment.
Thanks in advance please revert.
Please check installation guide:
Dual core CPU and 1.5GB RAM + Windows OS are requirements for CLIENT, not for ESM.
McAfee will not let install SIEM on your hardware, they sell appliances.
Yes, I believe you are mixing up different sets of requirements.
If you are deploying ESM with physical appliances, then there are no software requirements. The entire solution is deployed on appliances you would procure through McAfee, which are pre-sized to meet specified performance specifications.
If you are deploying ESM with virtual appliances, then you will need to ensure that your ESX server has sufficient dedicated virtual resources for your SIEM appliances to perform adequately. The virtual appliance specifications are listed here. http://www.mcafee.com/us/products/enterprise-security-manager.aspx#vt=vtab-SystemRequirements
Your comment about 1.5GB of RAM, and 20GB HD likely refers to the SIEM Collector Agent. This is an optional piece of software that you may choose to deploy on your Windows or Linux endpoints to perform local log collection and forwarding to the Receiver. You may choose to deploy the SIEM Collector regardless of your choice of ESM physical or virtual appliances, and the system requirements for the SIEM Collector are identical in either case.