Vormetric Content Pack

Overview

Data exfiltration and insider threats are major concerns in the threat landscape. Vormetric integrates with McAfee Enterprise Security Manager to provide granular audit logs on file-level access of sensitive data. This contextual information is used by McAfee Enterprise Security Manager to generate reports and alerts on suspicious and unusual behavior at the file level. The Vormetric Content Pack contains correlation rules, views, alarms, and reports to show you which users are being impersonated, what sensitive data is being accessed, and what operations are being performed on the data.

Content Pack Components

Vormetric is also a McAfee Security Innovation Alliance partner.
Learn more >

Views
  • Vormetric – Event Dashboard
  • Vormetric – Denied Impersonated Users
  • Vormetric – Impersonated User Actions
  • Vormetric – Correlated Events
Alarms
  • Vormetric – Denied Impersonated User
Correlation Rules
  • Vormetric – Impersonated User Audit Access
  • Vormetric – Impersonated User Events from Increased Number of Source Users
  • Vormetric – Increased Number of Impersonated Users from a Source User
Reports
  • Vormetric – Denied Impersonated Users Report
  • Vormetric – Impersonated Users Report

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x
  • Vormetric Security Intelligence

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial