Flow Views Content Pack

Overview

McAfee Enterprise Security Manager can collect flow information from hundreds of third-party devices, including firewalls, intrusion prevention system (IPS) devices, unified threat management (UTM) solutions, switches, routers, applications, servers and workstations, identity and authentication systems, vulnerability assessment scanners, and more. Use this content pack to quickly set up summary and customized views to monitor network flows for identifying patterns indicative of potential threats.

Content Pack Components

Views

Flow - ADM Application Protocol Summary
Flow - Bytes by Destination & Source
Flow - Bytes by Source & Destination
Flow - Destination IP Summary
Flow - Destination MAC Summary
Flow - Destination Port Summary
Flow - Duration by Destination & Source
Flow - Duration by Source & Destination
Flow - Flow Count by Device
Flow - Flow Distribution

Flow - Hostscan
Flow - Packets by Destination & Source
Flow - Packets by Source & Destination
Flow - Portscan
Flow - Protocol Summary
Flow - Source IP Summary
Flow - Source MAC Summary
Flow - Source Port Summary
Flow Source IPs to Event Summary
Network Destination Flow Summary
Network Source Flow Summary

Required Products

McAfee Enterprise Security Manager (ESM) 10.0.x
McAfee Advanced Correlation Engine (ACE) 10.0.x
Some rules require McAfee Application Data Monitor (ADM) in order to function properly.

Content Pack Demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access the content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?