1 Reply Latest reply on Jan 25, 2016 2:37 AM by xded

    Intresting Correlation Rule to be created

    nalluri4

      Hello Experts,

       

      We have feeded McAfee ePO logs, AD logs and Check Point Firewall logs to McAfee ESM.

       

      Now I would like to create a rule which will trigger when below points are satisfied within 15mins time frame.

       

      1) suspicious outbound/inbound connections happened ( Firewall Logs )

      2) Virus got dropped to a machine ( ePO Logs )

      3) Abnormal logs fro AD  ( If any )

       

       

      Can anybody help me with this to create a rule for above ? Let me know if any other details are required. Thanks in advance.