Firewall Content Pack

Overview

Malicious activity can be hiding in the traffic travelling through your firewalls and lack of visibility into such activity leaves your network vulnerable. Leverage the data coming from your firewall devices for deep analysis by McAfee Enterprise Security Manager. It can reveal abnormal or out-of-place traffic and offer you the insights needed to effectively stop these potential threats.

Content Pack Components

Alarms
  • Firewall - Firewall Policy Change
Views
  • Firewall View
  • Firewall View – Allowed Traffic
  • Firewall View – Blocked Traffic
  • Firewall Normalization View
  • Firewall Vendor Views

    • Check Point Firewall View
    • Cisco Firewall View
    • Cyberoam Firewall View
    • Dlink Firewall View
    • Fortinet Firewall View
    • Global Technical Association Firewall View
    • Juniper Firewall View
    • Kerio Firewall View
    • McAfee Firewall View
    • Microsoft Firewall View
    • Palo Alto Firewall View
    • Dell Firewall View
    • Tofino Firewall View
    • Secure Crossing Firewall View
Reports

Provides a summary of daily traffic. Also listed are the different charts shown in the report layout filtered by device type ID for the firewall class.

  • Daily firewall Activity Report

    • Top Source IPs – Allowed
    • Top Source IPs – Blocked
    • Top Destination IPs – Allowed
    • Top Destination IPs – Blocked
    • Top Destination Ports – Allowed
    • Top Destination Ports – Blocked
    • Protocols
    • Event Subtype
Correlation Rules
  • Firewall - Excessive Firewall/ACL Connections Accepted from Single Host
  • Firewall - Excessive Firewall/ACL connections Denied from Single Host
  • Firewall - Firewall Accept after Recon Event on a Local Host
  • Firewall - Multiple Firewall or ACL Events to Multiple Hosts that Are Blocked
  • Firewall - Excessive Firewall and ACL Acceptance from Single Host
  • Firewall - Firewall Policy Change

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial