McAfee Enterprise Security Manager can collect flow information from hundreds of third-party devices, including firewalls, intrusion prevention system (IPS) devices, unified threat management (UTM) solutions, switches, routers, applications, servers and workstations, identity and authentication systems, vulnerability assessment scanners, and more. Use this content pack to quickly set up summary and customized views to monitor network flows for identifying patterns indicative of potential threats.
Content Pack Components
Views
- Flow - ADM Application Protocol Summary
- Flow - Bytes by Destination & Source
- Flow - Bytes by Source & Destination
- Flow - Destination IP Summary
- Flow - Destination MAC Summary
- Flow - Destination Port Summary
- Flow - Duration by Destination & Source
- Flow - Duration by Source & Destination
- Flow - Flow Count by Device
- Flow - Flow Distribution
- Flow - Hostscan
- Flow - Packets by Destination & Source
- Flow - Packets by Source & Destination
- Flow - Portscan
- Flow - Protocol Summary
- Flow - Source IP Summary
- Flow - Source MAC Summary
- Flow - Source Port Summary
- Flow Source IPs to Event Summary
- Network Destination Flow Summary
- Network Source Flow Summary
Required Products
- McAfee Enterprise Security Manager (ESM) 11.x, 10.x
- McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
- Some rules require McAfee Application Data Monitor (ADM) to function properly
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.
Read Article