cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

how event logs compiled?

Jump to solution

Hello All,

how event logs are compiled in McAfee SIEM ? what are the output formats would be ??

Thanks in advance

Anas.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: how event logs compiled?

Jump to solution

Okay,

It will be a long discussion but let's start with some high level explanations for receiver and ELM.

ESM is a long story so it will be better if you have more specific questions.

First reading the following document is a must:

Let's start from the receiver functions:

1. Central point for data acquisition using different methods.

2. Parsing and Normalization of raw logs.

3.Aggregation(grouping the logs based on group of fields or customizable)

4.Correlation of event data(no flows, risk based and deviations).

5.Submits event data to ESM for analysis.

6.Keeps copy of the Raw logs so they can be stored on the ELM.

ELM:

1.Storage Manager(creates connections to your storage devices).

2.Raw Log storage.

3.Insures the Integrity of the raw log data and guaranties tha it wasn't modified.

4.Manages retention policies for raw log data.

5. Enhanced ELM Search.

During the different phases the data is stored in different databases or flat files.

For example on the ELM all raw logs are stored in flat files, where on the ESM they are stored in Database.

Let me know if you have more specific questions related to some of the functionalities

View solution in original post

6 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: how event logs compiled?

Jump to solution

What do you mean by compiled in the SIEM?

Do you mean Stored or Aggregated?

Highlighted

Re: how event logs compiled?

Jump to solution

Alexander.

What I meant  of compiled was: how does the event log store, aggregate, etc. the whole process, and what would the output format be?!!

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: how event logs compiled?

Jump to solution

Okay,

It will be a long discussion but let's start with some high level explanations for receiver and ELM.

ESM is a long story so it will be better if you have more specific questions.

First reading the following document is a must:

Let's start from the receiver functions:

1. Central point for data acquisition using different methods.

2. Parsing and Normalization of raw logs.

3.Aggregation(grouping the logs based on group of fields or customizable)

4.Correlation of event data(no flows, risk based and deviations).

5.Submits event data to ESM for analysis.

6.Keeps copy of the Raw logs so they can be stored on the ELM.

ELM:

1.Storage Manager(creates connections to your storage devices).

2.Raw Log storage.

3.Insures the Integrity of the raw log data and guaranties tha it wasn't modified.

4.Manages retention policies for raw log data.

5. Enhanced ELM Search.

During the different phases the data is stored in different databases or flat files.

For example on the ELM all raw logs are stored in flat files, where on the ESM they are stored in Database.

Let me know if you have more specific questions related to some of the functionalities

View solution in original post

Highlighted

Re: how event logs compiled?

Jump to solution

Many thanks Alexander for your prompt answer. and for the great articles.

I have another question about the needed  protocols and ports  to be granted for the SIEM solution, please.

I have not found any answer in the installation and basic configuration article.

Regards.

Anas

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: how event logs compiled?

Jump to solution

Hi,

Here you are.

Still some ports might not be mentioned:

Highlighted

Re: how event logs compiled?

Jump to solution

Many Thanks Alexander. appreciated

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community