cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM implementation book

Dear All,

I am looking for SIEM implementation book

21 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 22

Re: SIEM implementation book

Moved to SIEM for faster support.

----

Peter

Moderator

staschler
Level 13
Report Inappropriate Content
Message 3 of 22

Re: SIEM implementation book

Try this:

Also this:

Scott

Re: SIEM implementation book

thanks Scott.. for the links..

I am totally new to SIEM and my current scenario is ... vendor has implemented the SIEM and i am floaded wth the logs .. now i am confused .. what to do with those log... what type of report should i creat for management and how to find the suspicious activities...

i hope you got my condition .... please guide..

Thanks

Girish

ksudki
Level 10
Report Inappropriate Content
Message 5 of 22

Re: SIEM implementation book

Hi,

I strongly suggest you take a look at this one (you have to fill your name to download it)

http://www.accelops.com/learn/learn-detail/?detail=2896-Top_10_SIEM_Implementer_Checklist.html

Regards

Re: SIEM implementation book

Hey Scott,

I am not getting the difference between McAfee ESM and McAfee SIEM. either this two are different or same?

and one more thing i was found some different (High) prerequisite for McAfee SIEM for VMWARE ESXI environment as compare to PHYSICAL ENVIRONMENT .  why?

Thanks,

staschler
Level 13
Report Inappropriate Content
Message 7 of 22

Re: SIEM implementation book

Yes, we sometimes are sloppy in our terminology.  We often use "ESM" and "SIEM" interchangeably.  "ESM" refers to our entire SIEM solution, and is also the name of the central component of the SIEM architecture. 

As for your other question, on virtual hardware requirements, I'm not clear on what you're asking.  Can you elaborate?

Scott

Re: SIEM implementation book

Hi Scott,

May I know the actual software and hardware requirement of McAfee ESM ?

I was checked it on google. I was found that for Vmware, Siem required 8-core processor,8 gb ram,250 hdd.

And somewhere for physical environment i was found the normal dual-core processor,1.5 gb ram,20 hdd.

So please let me know the exact prerequisite of McAfee SIEM at Vmware environment or Physical environment.

Thanks in advance please revert.

Thanks,

dharmaraj.

aszotek
Level 10
Report Inappropriate Content
Message 9 of 22

Re: SIEM implementation book

Please check installation guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25225/en_US/...

Dual core CPU and 1.5GB RAM + Windows OS are requirements for CLIENT, not for ESM.

McAfee will not let install SIEM on your hardware, they sell appliances.

Re: SIEM implementation book

Yes, I believe you are mixing up different sets of requirements. 

If you are deploying ESM with physical appliances, then there are no software requirements.  The entire solution is deployed on appliances you would procure through McAfee, which are pre-sized to meet specified performance specifications. 

If you are deploying ESM with virtual appliances, then you will need to ensure that your ESX server has sufficient dedicated virtual resources for your SIEM appliances to perform adequately.  The virtual appliance specifications are listed here.  http://www.mcafee.com/us/products/enterprise-security-manager.aspx#vt=vtab-SystemRequirements

Your comment about 1.5GB of RAM, and 20GB HD likely refers to the SIEM Collector Agent.  This is an optional piece of software that you may choose to deploy on your Windows or Linux endpoints to perform local log collection and forwarding to the Receiver.  You may choose to deploy the SIEM Collector regardless of your choice of ESM physical or virtual appliances, and the system requirements for the SIEM Collector are identical in either case.

Scott

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community