5 Replies Latest reply on Nov 14, 2014 2:32 AM by zlob

    FW Enterprise Reporting



      ePO 5.1

      ext for FW Ent.

      Appliance FW11xx 8.3 release software



      CSR, Central Console...



      Need create report per users and visited web resources. Any IDEA? FW Reporter EOL, no integration, etc.

        • 1. Re: FW Enterprise Reporting

          There are some reports under the 'cf usage' command:

          $> cf usage h


          cf usage show [type=<usage_type>] [<days|hours>=<period>]


          usage_types : traffic_by_network-applications | host-application-reputation | malicious-host-application-reputation | executable | malicious-executable | traffic_by_host-applications | traffic_by_network-application-categories | traffic_by_access-control-rules | traffic_by_users | traffic_by_ips-events |

          traffic_by_virus-events | traffic_by_protocol-violations | traffic_by_source-ips | traffic_by_destination-ips | traffic_by_source-countries |

          traffic_by_destination-countries | gti_by_network-applications | gti_by_users | gti_by_source-ips | gti_by_destination-ips  |

          gti_by_source-countries | gti_by_destination-countries

          • 2. Re: FW Enterprise Reporting

            The McAfee Firewall Reporter is End of life.

            Pls suggest me the best tool to reporting for McAfee Firewall.

            I attempt use ePO, but the information report is very litte.

            • 3. Re: FW Enterprise Reporting

              Firewall Reporter integrated into SIEM.

              BUT, by default don't work.

              You need some manipulation to use FW Reporting.

              Supprot don't support ))

              • 4. Re: FW Enterprise Reporting

                From reading the McAfee SIEM (Nitro) documentation and talking to the SIEM support staff it looks like all you need to do is add the firewall as a log source in SIEM and then set up the firewall to send syslog to the SIEM server and it will display the logs just fine.  McAfee Firewall Enterprise is specifically listed as a Supported Data Source in the SIEM product guide.

                • 5. Re: FW Enterprise Reporting

                  Yes - supported, but NO, not working from setup.


                  After we add source and look to Default Summary look like GOOD. But:


                  Try OPEN MFE Reporting.Firewall TOP URL Users


                  UPSssssss  Firewall TOP URL Users NEW - I am add source like MFE Firewall. Some information in Dashboard added - OK!!!

                  But not PROFIT.

                  After You need take some changes in Reporting, configuration, Dashboards. Or you can try modify Device CLASS...


                  In manual only top of the iceberg ))