Collect tens of thousands of events per second
McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.
Scalable log collection
Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.
Instant access to data
Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
System-wide threat detection
Correlate events collected by other distributed receivers to detect larger incidents.
Flexible deployment options
Make highly distributed deployment easier and more cost effective with virtual appliances.
Easy, highly
distributed event
collection
Protect all collected events
Collect tens of thousands of events per second with a single McAfee Event Receiver and cache all data locally to preserve it in the event of a network communication error or outage.
Leverage diverse collection methods
Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.
Ensure a flexible architecture
Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.
A Leader, 2018 Gartner Magic Quadrant for Security Information and Event Management
McAfee Connect
Maximize the value of your McAfee Enterprise Security Manager with pre-built content packs to streamline security monitoring, threat management, and incident response.
System requirements
McAfee Event Receiver (ERC) deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
| Cloud | ||||
|---|---|---|---|---|
| Model Number | Deployment | Local Storage1 | CPU Cores | System Requirements |
| ERC-VM | AWS, Azure, HyperV, ESX, KVM, XEN | Recommended 250 GB | 8 | 8 Processor Cores, 8 GB RAM |
| ERC-VM-4-CORE-ADDON | AWS, Azure, HyperV, ESX, KVM, XEN | See footnote 2 | See footnote 3 | Per 4 Core Add-on, 16 GB RAM |
| Appliances | ||||
|---|---|---|---|---|
| Model Number | Appliance Size | Local Storage1 | CPU Cores | System Requirements |
| ERC-1270 | 1U | 4 TB | 4 | Requires ESM |
| ERC-2650 | 2U | 12 TB | 18 | Requires ESM |
| ERC-3500 | 2U | 12 TB + 400 GB SSD | 22 | Requires ESM |
| ERC-4700 | 2U | 5.6 TB SSD | 28 | Requires ESM |
1Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
2ERC, ACE, and ADM do not support upgrades to the original storage allocation, so it is recommended that 1 TB of storage be allocated for the base VM and 1 TB for each 4-CORE-ADDON. It is recommended that VMs have dedicated SSD storage to reach higher ingestion and query performance.
3Option to expand ERC-VM in 4-core increments up to 32-core maximum.
Need additional technical resources? Visit the McAfee Expert Center >
Learn more about McAfee Event Receiver
Gartner Magic Quadrant for Security Information and Event Management
Gartner names McAfee as a Magic Quadrant Leader for SIEM. The Gartner Magic Quadrant for SIEM is a research tool for enterprise security buyers to review and assess which vendors best meet their needs.
SIEM Solutions from McAfee
SIEM solutions from McAfee help you continuously monitor, identify, investigate, and resolve threats.
Sustainable Security Operations
Discover how to successfully adopt sustainable security operations with optimized processes and tools to compress decision-making and quickly detect, contain, and remediate attacks.
McAfee Event Receiver related products
McAfee Advanced Correlation Engine supplements McAfee Enterprise Security Manager (SIEM) event correlation with two dedicated correlation engines: A risk detection engine that generates a risk score and a threat detection engine.
Learn More >McAfee Application Data Monitor decodes an entire application session to Layer 7 to detect fraud, data loss, and hidden threats, and create an audit trail for application compliance.
Learn More >McAfee Enterprise Log Manager automates log management and analysis for all log types, including Windows event logs, database logs, application logs, and syslogs, and integrates with McAfee SIEM for analysis and incident management.
Learn More >McAfee Enterprise Security Manager delivers intelligent, fast, and accurate SIEM and log management.
Learn More >Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent SIEM.
Learn More >McAfee Enterprise Log Search delivers ultra-fast search of raw events by storing and querying uncompressed data.
Have Additional Questions?
We’re here to help. Contact us to learn about implementation, pricing, technical specifications, and more
Register for a Free Trial
Get started now. Test drive McAfee Event Receiver in your environment.
