5 Replies Latest reply on Nov 14, 2014 2:32 AM by zlob

    FW Enterprise Reporting

    zlob

      Have:

      ePO 5.1

      ext for FW Ent.

      Appliance FW11xx 8.3 release software

       

       

      CSR, Central Console...

       

       

      Need create report per users and visited web resources. Any IDEA? FW Reporter EOL, no integration, etc.

        • 1. Re: FW Enterprise Reporting
          sliedl

          There are some reports under the 'cf usage' command:

          $> cf usage h

          Usage:

          cf usage show [type=<usage_type>] [<days|hours>=<period>]

           

          usage_types : traffic_by_network-applications | host-application-reputation | malicious-host-application-reputation | executable | malicious-executable | traffic_by_host-applications | traffic_by_network-application-categories | traffic_by_access-control-rules | traffic_by_users | traffic_by_ips-events |

          traffic_by_virus-events | traffic_by_protocol-violations | traffic_by_source-ips | traffic_by_destination-ips | traffic_by_source-countries |

          traffic_by_destination-countries | gti_by_network-applications | gti_by_users | gti_by_source-ips | gti_by_destination-ips  |

          gti_by_source-countries | gti_by_destination-countries

          • 2. Re: FW Enterprise Reporting
            stonewall

            The McAfee Firewall Reporter is End of life.

            Pls suggest me the best tool to reporting for McAfee Firewall.

            I attempt use ePO, but the information report is very litte.

            • 3. Re: FW Enterprise Reporting
              zlob

              Firewall Reporter integrated into SIEM.

              BUT, by default don't work.

              You need some manipulation to use FW Reporting.

              Supprot don't support ))

              • 4. Re: FW Enterprise Reporting
                sliedl

                From reading the McAfee SIEM (Nitro) documentation and talking to the SIEM support staff it looks like all you need to do is add the firewall as a log source in SIEM and then set up the firewall to send syslog to the SIEM server and it will display the logs just fine.  McAfee Firewall Enterprise is specifically listed as a Supported Data Source in the SIEM product guide.

                • 5. Re: FW Enterprise Reporting
                  zlob

                  Yes - supported, but NO, not working from setup.

                  REPORTING.JPG

                  After we add source and look to Default Summary look like GOOD. But:

                  REPORTING-1.JPG

                  Try OPEN MFE Reporting.Firewall TOP URL Users

                  REPORTING-2.JPG

                  UPSssssss  Firewall TOP URL Users NEW - I am add source like MFE Firewall. Some information in Dashboard added - OK!!!

                  But not PROFIT.

                  After You need take some changes in Reporting, configuration, Dashboards. Or you can try modify Device CLASS...

                   

                  In manual only top of the iceberg ))