1 Reply Latest reply on Aug 20, 2013 8:37 AM by Scott Taschler

    Antivirus Rule

      Hi Team

       

      We are evaluating the product.IF some on ehas the Antivirus Rule set which is realted to symantec and Macafee EPO then Pelase let us know.

       

      Thanks and Regards

      Ganesh.

        • 1. Re: Antivirus Rule
          Scott Taschler

          Hello Ganesh,

           

          It might be helpful if you could expand a bit on what you're trying to accomplish with an antivirus rule. 

           

          Assuming you're looking for correlation rules, know that it's pretty rare in McAfee ESM to build rules that are tied directly to specific vendors.  Our SIEM provides a feature called Normalization, which allows you to easily build powerful rules that are generic in nature.

           

          All events are normalized by McAfee ESM into a fixed set of categories.  For example, any events related to viruses, trojans, etc. would be normalized as "malware", regardless of which vendor they came from.  Normalization is very useful in building alarms, reports, filters, etc.  It allows you to design these types of content with a simple filter, rather than requiring a separate rule to bring events from different vendors together.

           

          Scott