cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

symantec brightmail data source

Hi,

I have looked at http://www.mcafee.com/sg/resources/data-sheets/ds-siem-device-support-matrix.pdf and also have searched Help guide but I haven't seen this Data Source supported. It may be under another name so can someone enligthen me about it if this data source supported ( have parser rules written) if so how can i add it?

Regards.

2 Replies
artek
Level 11
Report Inappropriate Content
Message 2 of 3

Re: symantec brightmail data source

Hi Omerfsen,

at first - you can configure your Brighmail to use syslog server: http://www.symantec.com/business/support/index?page=content&id=TECH93637

Then you can try to use Auto learn mode to find, if the ESM can recognize the brightmail's logs - I guess that events can be recognized as something like Unix\Linux.

And next - if the results won't be satisfied, you can wrote own parser rules in the policy editor.

You can also create a new PER on the following webpage: https://mcafee.acceptondemand.com - remenber about the log examples, that should be attached to the PER.

Regards,

Artur Sadownik

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 3

Re: symantec brightmail data source

ACtually I am a bit suprised to see that Mcafee SIEM doesn't have  a normalization rules written for it since this product is around for a long term. I wonder if there is a specific reason for that. BTW at http://www.symantec.com/business/support/index?page=content&id=DOC5740&key=53991&actp=LIST there is a pdf that contains all definitons for brightmail syslog. But of course we need a PER for that

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community