cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12
Report Inappropriate Content
Message 11 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

As a MWG customer who's just implemented Nitro --     one customization that I find enormously useful in our access.log files that the defaults miss out on are the inclusion of   remote server IP address and http referrer.  

I'm curious how the MWG and Nitro team interacts and where to most effectively suggest the PER that the  log grokking migrate in a direction that these get included by default. 

When you're chasing down network forensics to see how a host stumbled onto some nastiness,  in the days of fast flux dns and botnets using large numbers of fast flux domains,  if you're logging what the IP resolved to at the moment the request was made, you're missing stuff.  🙂

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 12 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

The latest and greatest version of the McAfee SIEM/Nitro logging ruleset is available in the Content Security portal:

https://contentsecurity.mcafee.com/ruleset_library?q=siem

It was last updated April 4 2014. This thread is very old...

For a full best practice see the link below (but besure to use the ruleset from the online ruleset library):

https://community.mcafee.com/docs/DOC-5206

Best,

Jon

Message was edited by: jscholte on 6/17/14 10:32:08 AM CDT
danhnt
Level 7
Report Inappropriate Content
Message 13 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Hi All,

I have an issue. I would like to setup MWG to send syslog with only level 3 (Alert) compliant for PCI-DSS. I have just configured as screenshot below but it still receiving many others log info. Anyone have idea for this. Many thanks for your comment.

ImageCapture_0193.png

ImageCapture_0192.png

smalldog
Level 12
Report Inappropriate Content
Message 14 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Dear all,

i have the same problems. Do you have any ideas for this? So i can config just some logs that compliance with pci dss.

Thanks,

Smalldog

Highlighted

Re: Web Gateway and Nitro SIEM

Jump to solution

Its a long shot but hoping someone could help!

I've configured as per the above to log from the MWG to the McAfee SIEM.

Working pretty good except for the fact that the "BytesFromClient" and "BytesTo Client" both record as "0" for all entries.

Anyone came across this before?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community