I want to monitor a windows network file share(CIFS) with the McAfee SIEM- I've activated all necesary audit settings, and the events are logged in Windows.
To get events in SIEM I've tried the classical way with the WMI collector; the problem is that the WMI rules are not parsing all fileds that I need from the events(for example Object accessed, Access requested etc. ). I've see that WMI rules can't be edited or added so I'm thinking to use another method: get event logs via McAfee SIEM Collector and then parse the content with ASP.
The problem is that McAfee SIEM Collector send events via MEF so the question is: how can I manually create parsing rules for content comming from the collector?