I trying to figure out if McAfee ePO can log HIPs (IPS and Firewall) events to Syslog Server.
I have configured the HIPs Policy in Log only” mode (event is logged but the operation is not prevented).
I can see events in ePO console, but couldn't figure out how to forward to our Syslog Server.
It’s the similar capability that is available in Solidcore product (Change Control, Integrity Control Application Control) that supports server registration for forwarding Solidecore security events to Syslog Server.
I did some research using McAfee’s “Host Intrusion Prevention Product Guide for ePO” and “McAfee Host Intrusion Prevention Installation Guide” but was unable to find any details for HIPs events logging to Syslog server.
Can someone point me to reference documentation.
Moved from Community Help to Business > ePO for better support.