cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Zones and sub-zones, crosscutting data

Chaps, chapesses,

I get the basic principle of zones: the idea seems to be that you create zones at the top level from specific devices, and then you add a (broadly) location based sub-zone with IP ranges.

Unfortunately, this is not quite what I want to do. I want to be able to create

  1. A set of zones by device type - eg all domain controllers in one zone (so I can have dashboards for a class of user that show DC traffic and nothing else).
  2. Zones for different operational units of the business - division A, B, C. This is needed so I can break reporting down by business division.

These will cross-cut - every division will have its own domain controllers, file servers, PCs, etc. How would you suggest I go about this?

Many thanks

James

Labels (1)
3 Replies
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Zones and sub-zones, crosscutting data

I would do this using the standard device tree layout, using children and such. Zones are typically used for separating data from a permissions level.

Brent

Re: Zones and sub-zones, crosscutting data

Hi Brent,

It's precisely because I do want to do permission based separation that I'm using zones for the device types.

The way that the data sources have been defined means I cannot easily adopt the approach for business divisions that you suggest, mainly because a huge number of them are already collected as clients of two large Windows forwarding servers.

James

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Zones and sub-zones, crosscutting data

So, it's always hard to envision how someone has configured their devices and whatnot with just a few sentences.

But the key factors are;

  1. Is this strictly for reporting, or do you want to use zones for permissions associated with user logins?
  2. From your 2 large windows devices, how would you currently differentiate them? (hostname?, etc...)
  3. Are these forwarded via syslog or something similar such that the parser is modifiable? (not collected via MEF or WMI)
Brent
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community