Click here to expand

    Configuring McAfee Solutions

    EventLog Analyzer collects log data from McAfee solution and presents it in the form of graphical reports. For the solution to start collecting this log data, it has to be added as a threat source.

    To configure McAfee in EventLog Analyzer, please follow the steps below.

    1. Configure HTTPS in EventLog Analyzer.
    2. Enable the required TLS port. Settings > System Settings > Listener ports
    3. Configuring McAfee Solutions
    4. Configure your McAfee ePO server to use the newly created syslog server.
    5. Add a new registered server and select Syslog for the type of server.
    6. Enter the FQDN of the Syslog server.
    7. Enter 6514 for the port number. If the listener port number was changed in the TLS, enter that port number.
    8. Click on enable event forwarding.
    9. Click on test connection. A Syslog connection success message will be displayed.
    10. Click on save.
    Malwarebytes Reports

    Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.

    1. In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
    2. Click on Existing Host and select the device you had added from the list of existing devices.
    3. Select the Addon Type from the list.
    4. Click on Add.

    Available reports:

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link