McAfee Enterprise Security Manager

Upgrade

Refer to the relevant installation guide for instructions to upgrade McAfee Enterprise Security Manager:

• McAfee Enterprise Security Manager 11.1.x Installation Guide
• McAfee Enterprise Security Manager 10.3.x Installation Guide

For information about the new version, including special upgrade steps and what version you need to be on to upgrade to the recent update, please refer to these release notes:

• McAfee Enterprise Security Manager 11.1.x Release Notes
• McAfee Enterprise Security Manager 10.3.x Release Notes

Additional resources:

• McAfee Enterprise Security Manager upgrade YouTube video
• Files that should be used to upgrade each SIEM device
• Recommended order to upgrade SIEM devices
• If you encounter issues with the upgrade, see upgrade issues
• If your SIEM is in a dark environment, review manual rules update instructions

Setup & Configuration

For a complete list of setup and configuration related content, visit the McAfee Support Community.

Refer to the relevant product guide for instructions on how to set up and configure your devices:

• McAfee Enterprise Security Manager 11.1.x Product Guide
• McAfee Enterprise Security Manager 11.1.x Installation Guide
• McAfee Enterprise Security Manager 11.1.x Hardware Guide
• McAfee Enterprise Security Manager 10.3.x Product Guide
• McAfee Enterprise Security Manager 10.3.x Installation Guide
• McAfee Enterprise Security Manager 10.3.x Hardware Guide
• All of the above documents are also available at docs.mcafee.com

Additional resources:

• Refer to the Data Source Configuration Guide to learn how to set up supported data sources.
• If your McAfee Enterprise Security Manager is in a dark environment, review the manual rules update instructions.
• Refer to Working with Alarms for instructions on how to set up alarms.
• After the SIEM is up and running, it’s important to filter out low-volume events so you may receive optimal performance. Refer to this guide for more information.
• If you need to add a data source feed that McAfee does not support, you can contact your sales team about having it supported or write your own customer rules to process the new data sources. See Writing Custom Parsing Rules for more details.

Troubleshooting & Help

Refer to the following articles for the latest information about known issues:

• McAfee Enterprise Security Manager 11.x Known Issues
• McAfee Enterprise Security Manager 10.x Known Issues

Below are frequently used troubleshooting articles:

• Troubleshooting data sources not producing events
  • Data Source Configuration Guide
  • No events from data source
• Performance issues
  • Improving parsing performance
• Reports not working
  • Configured reports not running correctly
• Upgrades failing
  • Troubleshoot SIEM upgrade failures
  • SIEM upgrade fails
• Unable to log in
  • REGISTERED — Database rebuild error (preventing login)
  • Reset NGCP password

Tools & Best Practices

Below is a list of useful tools and best practices:

• SIEM Foundations
• SIEM Expert Center
• Disaster Recovery
• Configuring Backups

The following resources are available to help customers:

• Knowledge Base — Find documents in the Knowledge Center about installation, migration, upgrades, backup, restore, best practices, configuration, reporting, troubleshooting, known issues, threat prevention and removal, vulnerability responses, and End-of-Life notices.
• Support Notification Service (SNS) — Subscribe to the SNS to receive vital communications on topics, including product releases, content updates, critical incidents, security bulletins, pro tips, and End-of-Life dates.
• Community — Collaborate with other customers and McAfee employees in the SIEM Community.