Moved to SIEM for faster support.
The Installation Guide Document (Available for download to McAfee customers) is your Primary tool to making an engagement as efficient and simple as possible; the “esm_940_ig_0-00_en-us” document. You’ll want to highlight the sections so you can have them on hand for the physical device configuration steps.
Start with Page 11 "Connect and start the devices"
Then on Page 19 "Configure the network interface" , configure your primary SIEM devices.
This should complete your physical setup and initial device terminal configurations.
- IPs need to be allotted within the same subnet; and ensure to allocate 1 extra IP *per HA ERC Pair.
- Do NOT enable FIPS mode for any reason whatsoever (This is the first setup wizard function upon login to the ESM’s UI)
- Devices IPs, DNS(s), Names should be well documented, we will be using this document.
This is a literal step by step guide for physical setup to device configuration settings.. If you have any questions please feel free to message me and I'll help if possible; I've done countless installs, configurations, and development for numerous environments.
thanks Scott.. for the links..
I am totally new to SIEM and my current scenario is ... vendor has implemented the SIEM and i am floaded wth the logs .. now i am confused .. what to do with those log... what type of report should i creat for management and how to find the suspicious activities...
i hope you got my condition .... please guide..
thanks all for information ... basically some one told this book
Security Information and Event Management (SIEM) Implementation
is best to start with SIEM, so looking forward to this .. some PDF or link to download.
I’ve been following this community for a bit but I have never been active. I saw this thread and felt compelled to reply.
Unfortunately, there is only one book on SIEM and it was already mentioned. This book is "Security Information and Event Management (SIEM) Implementation." In my opinion, the book is horrible and my recommendation would be to skip it to save yourself the money and time. The book doesn’t even touch on SIEM management or use cases in detail. Outside of the previous suggestions related to McAfee SIEM, the link below outlines the best material I have found concerning SIEM implementation and management.
The Securosis series provides a nice overview, Anton Chuvakin (a Gartner analyst) articles address planning projects and managing SIEM, and the SANs presentation slide deck is really good about building a SOC.
I am not getting the difference between McAfee ESM and McAfee SIEM. either this two are different or same?
and one more thing i was found some different (High) prerequisite for McAfee SIEM for VMWARE ESXI environment as compare to PHYSICAL ENVIRONMENT . why?
Yes, we sometimes are sloppy in our terminology. We often use "ESM" and "SIEM" interchangeably. "ESM" refers to our entire SIEM solution, and is also the name of the central component of the SIEM architecture.
As for your other question, on virtual hardware requirements, I'm not clear on what you're asking. Can you elaborate?