Enterprise Security Manager (ESM)

Upgrade

Refer to our guided upgrade webpage. This page contains detailed steps that will ensure your upgrade is successful.

• Upgrade SIEM to Version 11.4.x Guide

Setup & Configuration

For a complete list of setup and configuration related content, visit the McAfee Support Community.

Refer to the relevant product guide for instructions on how to set up and configure your devices:

• McAfee Enterprise Security Manager 11.4.x Product Guide
• McAfee Enterprise Security Manager 11.4.x Installation Guide
• McAfee Enterprise Security Manager 11.4.x Hardware Guide
• All of the above documents are also available at docs.mcafee.com

Additional resources:

• Refer to the Data Source Configuration Guide to learn how to set up supported data sources.
• If your McAfee Enterprise Security Manager is in a dark environment, review the manual rules update instructions.
• Refer to Working with Alarms for instructions on how to set up alarms.
• After the SIEM is up and running, it’s important to filter out low-volume events so you may receive optimal performance. Refer to this guide for more information.
• If you need to add a data source feed that McAfee does not support, please log a product enhancement request as per KB60021 or write your own customer rules to process the new data sources. See Writing Custom Parsing Rules for more details.

Troubleshooting & Help

Refer to the following articles for the latest information about known issues:

• McAfee Enterprise Security Manager 11.x Known Issues

Below are frequently used troubleshooting articles:

• Troubleshooting data sources not producing events
  • Data Source Configuration Guide
  • No events from data source
• Performance issues
  • Improving parsing performance
• Reports not working
  • Configured reports not running correctly
• Upgrades failing
• Unable to log in
  • REGISTERED — Database rebuild error (preventing login)
  • Reset NGCP password

Tools & Best Practices

Below is a list of useful tools and best practices:

• SIEM Foundations
• SIEM Expert Center
• Disaster Recovery
• Configuring Backups

The following resources are available to help customers:

• Knowledge Base — Find documents in the Knowledge Center about installation, migration, upgrades, backup, restore, best practices, configuration, reporting, troubleshooting, known issues, threat prevention and removal, vulnerability responses, and End-of-Life notices.
• Support Notification Service (SNS) — Subscribe to the SNS to receive vital communications on topics, including product releases, content updates, critical incidents, security bulletins, pro tips, and End-of-Life dates.
• Community — Collaborate with other customers and McAfee employees in the SIEM Community.

Root Certificate Expiration

The McAfee product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution McAfee is informing customers of this impending event.

Generally, certificates are auto-updated through operation systems and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and install the primary certificate.

Failure to have a valid certificate will cause product issues including reduced detection efficacy.

The primary certificate that needs to be validated is in a customer's environment as below:

Subject : CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Thumbprint : 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Expiration : 2038-01-18

Subscribe to KB92937 to receive updates.