cancel
Showing results for 
Search instead for 
Did you mean: 

how event logs compiled?

Jump to solution

Hello All,

how event logs are compiled in McAfee SIEM ? what are the output formats would be ??

Thanks in advance

Anas.

1 Solution

Accepted Solutions
Highlighted

Re: how event logs compiled?

Jump to solution

Okay,

It will be a long discussion but let's start with some high level explanations for receiver and ELM.

ESM is a long story so it will be better if you have more specific questions.

First reading the following document is a must:

Let's start from the receiver functions:

1. Central point for data acquisition using different methods.

2. Parsing and Normalization of raw logs.

3.Aggregation(grouping the logs based on group of fields or customizable)

4.Correlation of event data(no flows, risk based and deviations).

5.Submits event data to ESM for analysis.

6.Keeps copy of the Raw logs so they can be stored on the ELM.

ELM:

1.Storage Manager(creates connections to your storage devices).

2.Raw Log storage.

3.Insures the Integrity of the raw log data and guaranties tha it wasn't modified.

4.Manages retention policies for raw log data.

5. Enhanced ELM Search.

During the different phases the data is stored in different databases or flat files.

For example on the ELM all raw logs are stored in flat files, where on the ESM they are stored in Database.

Let me know if you have more specific questions related to some of the functionalities

6 Replies

Re: how event logs compiled?

Jump to solution

What do you mean by compiled in the SIEM?

Do you mean Stored or Aggregated?

Re: how event logs compiled?

Jump to solution

Alexander.

What I meant  of compiled was: how does the event log store, aggregate, etc. the whole process, and what would the output format be?!!

Highlighted

Re: how event logs compiled?

Jump to solution

Okay,

It will be a long discussion but let's start with some high level explanations for receiver and ELM.

ESM is a long story so it will be better if you have more specific questions.

First reading the following document is a must:

Let's start from the receiver functions:

1. Central point for data acquisition using different methods.

2. Parsing and Normalization of raw logs.

3.Aggregation(grouping the logs based on group of fields or customizable)

4.Correlation of event data(no flows, risk based and deviations).

5.Submits event data to ESM for analysis.

6.Keeps copy of the Raw logs so they can be stored on the ELM.

ELM:

1.Storage Manager(creates connections to your storage devices).

2.Raw Log storage.

3.Insures the Integrity of the raw log data and guaranties tha it wasn't modified.

4.Manages retention policies for raw log data.

5. Enhanced ELM Search.

During the different phases the data is stored in different databases or flat files.

For example on the ELM all raw logs are stored in flat files, where on the ESM they are stored in Database.

Let me know if you have more specific questions related to some of the functionalities

Re: how event logs compiled?

Jump to solution

Many thanks Alexander for your prompt answer. and for the great articles.

I have another question about the needed  protocols and ports  to be granted for the SIEM solution, please.

I have not found any answer in the installation and basic configuration article.

Regards.

Anas

Re: how event logs compiled?

Jump to solution

Hi,

Here you are.

Still some ports might not be mentioned:

Re: how event logs compiled?

Jump to solution

Many Thanks Alexander. appreciated

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community