We have two McAfee Combination boxes that we purchased a couple of years ago. My predecessor purchased two thinking he would be able to use them in a redundant fashion (have logs/events replicated between them) and the vendor who sold them to us said they could be used in this manner as well. When it came around to installation time though they said we would have to gather logs from each device independently. We decided to just use one of them and the other is pretty much just collecting dust.
Fast forward a couple of years, i upgraded to 9.5 a couple of nights ago and i looked at some of the documentation online and there are references to "redundant SIEM", it looks like it is only for the ELM though, correct? Is there a scenario in which i could utilize the second combination box, have all of my logs, etc replicated to it so in the instance we have a disaster all i have to do is connect to a different hostname and view the ESM on the secondary unit?
I really hate having this other appliance just sitting there taking up space and would like to utilize it somehow.
Because they are "combo" boxes you can only set up the ELM components as a combo. You can however set them up as a DESM(Distributed ESM). This way you can utilize all the components on both.