2 Replies Latest reply on Jun 22, 2017 4:45 AM by bytecod3r

    How to superpower ESM?

    bytecod3r

      Hi all,

       

      Doe anyone knows how we can enhance/superpower ESM? E.g, like integration with 3rd parties like threatconnect or any other enhancement.

      I appreciate any reply.

       

      Regards,

      -Saeid

        • 1. Re: How to superpower ESM?
          infoseced

          You'll have to use the "Cyber Threat Feeds" in the ESM config.  It will accept TAXii feeds, if that is not supported by the threat intelligence provider you can use dynamic watch lists (You will have to map the data you are getting to an ESM defined data entity) and retrieve the info via multiple methods.  IF you have IOC's in XML you can manually import them as well.

           

          Go into ESM configuration, look on the left hand side of the configuration interface and left click "Cyber Threat Feeds"....

          • 2. Re: How to superpower ESM?
            bytecod3r

            Thanks infoseced,

            I already know how to integrate, I am looking for 3rd party solutions which can be integrated with McAfee SIEM and give some additional benefits, Example ThreatConnect+SIEM which gives some additional visibility. My question was What are the other solution except ThreatConnect that if we integrate it with SIEM, it will enhance SIEM capabilities.?