1 Reply Latest reply on Jan 25, 2016 2:37 AM by xded

    Intresting Correlation Rule to be created


      Hello Experts,


      We have feeded McAfee ePO logs, AD logs and Check Point Firewall logs to McAfee ESM.


      Now I would like to create a rule which will trigger when below points are satisfied within 15mins time frame.


      1) suspicious outbound/inbound connections happened ( Firewall Logs )

      2) Virus got dropped to a machine ( ePO Logs )

      3) Abnormal logs fro AD  ( If any )



      Can anybody help me with this to create a rule for above ? Let me know if any other details are required. Thanks in advance.