There are some reports under the 'cf usage' command:
$> cf usage h
cf usage show [type=<usage_type>] [<days|hours>=<period>]
usage_types : traffic_by_network-applications | host-application-reputation | malicious-host-application-reputation | executable | malicious-executable | traffic_by_host-applications | traffic_by_network-application-categories | traffic_by_access-control-rules | traffic_by_users | traffic_by_ips-events |
traffic_by_virus-events | traffic_by_protocol-violations | traffic_by_source-ips | traffic_by_destination-ips | traffic_by_source-countries |
traffic_by_destination-countries | gti_by_network-applications | gti_by_users | gti_by_source-ips | gti_by_destination-ips |
gti_by_source-countries | gti_by_destination-countries
The McAfee Firewall Reporter is End of life.
Pls suggest me the best tool to reporting for McAfee Firewall.
I attempt use ePO, but the information report is very litte.
Firewall Reporter integrated into SIEM.
BUT, by default don't work.
You need some manipulation to use FW Reporting.
Supprot don't support ))
From reading the McAfee SIEM (Nitro) documentation and talking to the SIEM support staff it looks like all you need to do is add the firewall as a log source in SIEM and then set up the firewall to send syslog to the SIEM server and it will display the logs just fine. McAfee Firewall Enterprise is specifically listed as a Supported Data Source in the SIEM product guide.
Yes - supported, but NO, not working from setup.
After we add source and look to Default Summary look like GOOD. But:
Try OPEN MFE Reporting.Firewall TOP URL Users
UPSssssss Firewall TOP URL Users NEW - I am add source like MFE Firewall. Some information in Dashboard added - OK!!!
But not PROFIT.
After You need take some changes in Reporting, configuration, Dashboards. Or you can try modify Device CLASS...
In manual only top of the iceberg ))