cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee ePO integration with AWS Security HUB to send log

Hi, I have a requirement to send event logs and any attack detected by McAfee to send same logs to AWS security HUB. Can we integrate McAfee ePO server to send logs to AWS security HUB.? Please provide your suggestion or any referral document will be helpful.
4 Replies
vivs
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: McAfee ePO integration with AWS Security HUB to send log

Hello @User17662387 

Thanks for your post.

ePO can forward received threat events directly to a syslog server, which is defined in ePO as a Registered Server.

https://kc.mcafee.com/corporate/index?page=content&id=KB87927

https://kc.mcafee.com/corporate/index?page=content&id=KB91194

Also this can be achieved with ePO Cloud 

https://www.mcafee.com/enterprise/en-us/about/newsroom/press-releases/press-release.html?news_id=0f9...

I hope the above will help you.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: McAfee ePO integration with AWS Security HUB to send log

Hi Thanks for your response.

But above two KB are for syslog integration and below one is for MVISION.It is CASB solution. These all are not applicable in my environment.

We have ePO deployed on AWS cloud and requirement is to send logs from ePO to  AWS Security HUB direct or indirect way.

Thanks for your understanding.

vivs
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: McAfee ePO integration with AWS Security HUB to send log

Hello @User17662387 

Thanks for your response.

Afaik This can not be achieved but i will check with @cdinet 

I believe she can guide us in right direction and will also able to tell whether this can be done or not.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: McAfee ePO integration with AWS Security HUB to send log

Is epo on prem, mvision or cloud?  With on prem, only options are syslog registered server or connect to db as siem.  I don't know anything about aws security hub to answer, to be honest.  If you are using mvision or cloud, there are api's that can pull events.  Check here for any info on that.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community