Collect up to tens of thousands of events per second
McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.
Scalable log collection
Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.
Instant access to data
Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
System-wide threat detection
Correlate events collected by other distributed receivers to detect larger incidents.
Flexible deployment options
Make highly distributed deployment easier and more cost effective with virtual appliances.
Easy, highly
distributed event
collection
Protect all collected events
Collect tens of thousands of events per second with a single McAfee Event Receiver and cache all data locally to preserve it in the event of a network communication error or outage.
Leverage diverse collection methods
Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.
Ensure a flexible architecture
Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.
A Gartner Magic Quadrant Leader
McAfee is a leader in the Gartner Magic Quadrant for SIEM for the seventh year in a row.
McAfee Connect
Maximize the value of your McAfee Enterprise Security Manager with pre-built content packs to streamline security monitoring, threat management, and incident response.
System requirements
McAfee Event Receiver (ERC) deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
| Model Number | Appliance Size | Local Storage1 | CPU Cores | System Requirements |
|---|---|---|---|---|
| ERC-VM-8 | VM | Recommended 250GB | 8 | VM (AWS, ESX, KVM), 4GB of memory |
| ERC-VM-12 | VM | Recommended 500GB | 12 | VM (AWS, ESX, KVM), 64GB of memory |
| ERC-VM-32 | VM | Recommended 2TB+480GB SSD2 | 32 | VM (AWS, ESX, KVM), 96GB of memory |
| ERC-1270 | 1U | 4 TB | 4 | Requires ESM or ETM |
| ERC-2650 | 2U | 12 TB | 18 | Requires ESM or ETM |
| ERC-3500 | 2U | 12 TB + 400 GB SSD | 22 | Requires ESM or ETM |
| ERC-4700 | 2U | 5.6 TB SSD | 28 | Requires ESM or ETM |
1Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
2Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
Need additional technical resources? Visit the McAfee Expert Center >
Learn more about McAfee Event Receiver
Gartner: Critical Capabilities for Security Information and Event Management
As a companion to the Gartner Magic Quadrant for SIEM, the Gartner Critical Capabilities report for SIEM helps IT security organizations compare their requirements with the most common SIEM use cases. Discover in-depth how Gartner rates McAfee SIEM by critical capabilities.
SIEM Solutions from McAfee
SIEM solutions from McAfee help you continuously monitor, identify, investigate, and resolve threats.
Sustainable Security Operations
Discover how to successfully adopt sustainable security operations with optimized processes and tools to compress decision-making and quickly detect, contain, and remediate attacks.
McAfee Event Receiver related products
McAfee Advanced Correlation Engine supplements McAfee Enterprise Security Manager (SIEM) event correlation with two dedicated correlation engines: A risk detection engine that generates a risk score and a threat detection engine.
Learn More >McAfee Application Data Monitor decodes an entire application session to Layer 7 to detect fraud, data loss, and hidden threats, and create an audit trail for application compliance.
Learn More >McAfee Database Event Monitor for SIEM provides non-intrusive, detailed discovery, logging, and correlation of database transactions, including access to regulated data.
Learn More >McAfee Enterprise Log Manager automates log management and analysis for all log types, including Windows event logs, database logs, application logs, and syslogs, and integrates with McAfee SIEM for analysis and incident management.
Learn More >McAfee Enterprise Security Manager delivers intelligent, fast, and accurate SIEM and log management.
Learn More >Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent SIEM.
Learn More >Have Additional Questions?
We’re here to help. Contact us to learn about implementation, pricing, technical specifications, and more
Register for a Free Trial
Get started now. Test drive McAfee Event Receiver in your environment.
