8 Replies Latest reply on Feb 7, 2017 8:43 AM by deileadoir

    McAfee EPO EEPC Splunk Integration

    qnology

      Hello,

       

      I'm working on integrating McAfee ePO and Splunk. I already have the Splunk Add-on for McAfee working using DBConnect.

       

      Now I would like to get McAfee EEPC events into Splunk. Specifically these events:

       

      • 2411 Deployment Successful
      • 30001 Password Changed Event
      • 30005 Remote Recovery Event
      • 30006 Self Recovery Event
      • 30008 Crypt Start Event
      • 30010 Crypt Complete Event
      • 30015 Activation Start Event
      • 30016 Activation Complete Event

       

      And login events.

       

      Does anyone know what table or view these events are stored in or have the SQL handy? Thank you

       

      Q