McAfee Event Receiver
Robust collection. Powerful correlation.
McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.
Provide full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.
Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.
Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.
Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Event Receiver deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Number||Maximum EPS1||Appliance Size||Local Storage2||Network Interfaces (10/100/1000)||System Requirements|
|ERC-VM-8||500||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ERC-VM-12||5,000||VM||Recommended 500GB||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ERC-VM-32||15,000||VM||Recommended 2TB+480GB SSD3||VM (AWS, ESX, KVM)||32 processor cores, 96GB of memory|
|ERC-1260||6,000||1U||1TB||2 + HA ports4||Requires ESM|
|ERC-2600||12,000||2U||1.8TB||2 + HA ports4||Requires ESM|
|ERC-3450||18,000||2U||1.8TB+240GB SSD||2 + HA ports4||Requires ESM|
|ERC-4600||24,000||2U||3TB+480GB SSD||2 + HA ports4||Requires ESM|
1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4These ports can be used for event and netflow monitoring or in the ERC HA configuration.
Need additional technical resources? Visit the McAfee Expert Center
Many organizations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it increases risk. Evolving security challenges require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. Below is a selection of Security Innovation Alliance partners with McAfee SIEM integrated solutions that allow you to resolve more threats faster with fewer resources.See All SIEM-Integrated Partners