Intel Security


McAfee is a leader in the Gartner Magic Quadrant for SIEM

Read Report

Sophisticated, dedicated threat detection based on risk and real-time data

Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time, using both rule- and risk-based logic.

  • Customize McAfee Advanced Correlation Engine to receive notifications if specific users, groups, applications, servers, or subnets are threatened.
  • Get alerts if threats target your priority users, assets, applications, and activities.
  • Simplify event correlation and startup. No rule updates or signature tuning required.
  • Use audit trails and historical replays to support forensics, compliance, and rule tuning.
Download Data Sheet Free Trial

Find threats that defy rules-based detection

Real-time and historical threat detection

Get zero-day threat detection. Analyze events for immediate threat and risk detection to determine if your organization was exposed to a specific attack in the past.

Dedicate performance where it is needed

McAfee Advanced Correlation Engine has the processing power required to support rich event correlation across your entire enterprise. Its data engine scales to accommodate even the largest networks.

Rule-based event correlation

Correlate all logs, events, and network flows together—along with contextual information such as identity, roles, vulnerabilities, and more—to detect patterns indicative of a larger threat.

Risk score correlation without rules

In rule-less correlation systems, detection signatures are replaced with a simple, one-time configuration, providing real-time threat detection.

Real-time tracking and alerting

Keep a complete audit trail of risk scores to allow full analysis and investigation of threat conditions over time.

McAfee rated in Gartner Critical Capabilities for SIEM

Read Report
ESG SC Magazine Gartner

Product Reviews

Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.

Understanding Cyberthreat Motivations to Improve Defense

Understanding Cyberthreat Motivations to Improve Defense

Learn the different motivations of an attacker so you can successfully defend from threats and implement controls tailored to each type of attack for greatest efficiency.

Download Infographic Read White Paper


System Requirements

McAfee Advanced Correlation Engine can be deployed as a physical or virtual appliance. Specific McAfee Advanced Correlation Engine models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed, or implied.

Model Numbers Maximum EPS1 Appliance Size Local Storage2 Network Interfaces (10/100/1000) System Requirements
ACE-VM-12 30,000 VM Recommended 250GB+480GB SSD3 VM (AWS, ESX, KVM) 12 processor cores, 4GB of memory
ACE-VM-32 80,000 VM Recommended 500GB+480GB SSD3 VM (AWS, ESX, KVM) 32 processor cores, 64GB of memory
ACE-2600 50,000 2U 1.8TB 24 Requires ESM
ACE-3450 100,000 2U 1.8TB+480GB SSD 24 Requires ESM

1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.

Need additional technical resources? Visit the McAfee Expert Center

McAfee SIEM-Integrated Partners

Many organizations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it increases risk. Evolving security challenges require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. Below is a selection of Security Innovation Alliance partners with McAfee SIEM integrated solutions that allow you to resolve more threats faster with fewer resources.

Automation & Orchestration

User & Entity Behavior Analytics

Authentication & Encryption

Application & Database Security

Incident Response & Forensics

See All SIEM-Integrated Partners