5 Replies Latest reply on Mar 21, 2013 5:30 PM by artek

    Fetching data from epo

    georgec

      hello,

       

      I've installed the all-in-one ESM, receiver, logger virtual appliance and now I'm playing around with it. I've tried adding epo as a source of events, but it just shows up as inactive. I can tell you that I have plenty of threat, audit, client and server events.

       

      inactive.JPG

      This is how it's configured:

      2.png

       

      Testing the connection to the data source shows up as successful. Also, for the Microsoft Event log I can schedule a pull internval (default 10 minutes), but here I don't have that option.

       

      Any help is greatly appreciated!

        • 1. Re: Fetching data from epo
          Chris Boldiston

          Hi georgec

           

           

          That configuration looks good and it looks like the client data sources have been created too so there is a conection to the epo DB. You did not mention the version of ESM that you are running and if its a version prior to 9.1.3 you may have found a bug which is fixed in 9.1.3. Also, if you look at the Status of the device from ESM > Properties is there an error for epo not running?

           

          My recommendation is to log this problem as a support ticket and we can work with you to address this problem and get it resolved ASAP.

           

           

          Thanks

           


          Chris

          1 of 1 people found this helpful
          • 2. Re: Fetching data from epo

            Hi all,

            bumping this old thread beacause I'm experiencing a similar problem. I successfully added ePo source to McAfee ESM (virtual aplliance v9.1.3) somewhat two weeks ago. The client data sources have been created but the ESM is retrieving an unsatisfying number of events from ePo. For instance I'm not getting any events from McAfee DLP. I'm interested in general what I can get out of ePo but I'm especially focused on DLP.

            1. Which events are supposed to be retrieved by the ESM? I have lots of events showing up in various ePo views - should all of them be retrieved by ESM?

            2. Should I configure something in ePo? (Right now I simply added the ePo source in ESM, tested the connection and retrieved client data sources).

            For the moment I received two types of events from McAfee VirusScan source: 'Update successful' and 'Deployment failed'. ESM also discovered these client sources, for which I've also received nothing:

            ePo Orchestrator Agent

            McAfee Host Data Loss Prevention

            McAfee Host Intrusion Prevention

            McAfee Site Advisor

             

            Regards,

            John

            • 3. Re: Fetching data from epo
              abukhari

              you have to update to the latest hotfix GA 11 on 9.1.3, It should fix the problem your having.

              • 4. Re: Fetching data from epo
                georgec

                Is this done from the GUI? I have a reseller grant number and I can only the the VM options for download. I don't have any updates for download, only the 9.1.3. vm build images.

                 

                Found an update button, but it says I need to upload the files from my machine...

                • 5. Re: Fetching data from epo
                  artek

                  Georgec - if you need a hotfix for the ESM devices, you have to ask the McAfee Support about them. There is no way to download it from the Download Products portal.

                   

                  Regards,

                  Artur Sadownik