Who Me Too'd this topic

cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

ESM Data Enrichment - E-mail Recipient (Internal)

    I'm trying to setup data enrichment so that I can better correlate e-mail events (based on the 'To' address from our McAfee E-mail Gateway Logs) to potentially suspicious or malicious proxy traffic.

EXAMPLE: An e-mail sent to <employee.name@ourcompany.com> gets an e-mail. (let's say I'm already correlating potentially suspicious elements within the e-mail so I know that the email has a suspicious element (say word document with a macro).

15 minutes later I detect that user (not their email address but their user ID) connecting to a malware site as categorized by our web proxy.

The issue that I have currently is that I cannot associate the employee's e-mail activity with their host event activity (A/V Detection, Proxy alert for suspicious/malicious connection).

When I try to setup Data Enrichment for this i'm not able to use the 'To' field from the Mcafee Email Gateway to do the enrichment (that field doesn't show up in the enrich source and destination field options).

Who Me Too'd this topic

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community