Data exfiltration and insider threats are major concerns in the threat landscape. Vormetric integrates with McAfee Enterprise Security Manager to provide granular audit logs on file-level access of sensitive data. This contextual information is used by McAfee Enterprise Security Manager to generate reports and alerts on suspicious and unusual behavior at the file level. The Vormetric Content Pack contains correlation rules, views, alarms, and reports to show you which users are being impersonated, what sensitive data is being accessed, and what operations are being performed on the data.

Content Pack Components


  • Vormetric – Event Dashboard
  • Vormetric – Denied Impersonated Users
  • Vormetric – Impersonated User Actions
  • Vormetric – Correlated Events


  • Vormetric – Denied Impersonated User

Correlation Rules

  • Vormetric – Impersonated User Audit Access
  • Vormetric – Impersonated User Events from Increased Number of Source Users
  • Vormetric – Increased Number of Impersonated Users from a Source User


  • Vormetric – Denied Impersonated Users Report
  • Vormetric – Impersonated Users Report

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
  • Vormetric Security Intelligence

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article


Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?