Intel Security


McAfee is a leader in the Gartner Magic Quadrant for SIEM

Read Report

Collect up to tens of thousands of events per second

McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.

  • Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
  • Leverage flexible event collection deployment options. Make highly distributed deployment easier and more cost effective with virtual appliances.
  • Collect tens of thousands of events per second with a single McAfee Event Receiver. Every event receiver caches all collected data locally to preserve data in the event of a network communication error or outage.
Free Trial

Easy, highly distributed event collection

Correlation for incident management

Provide full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.

Scalable log collection

Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.

Diverse collection methods

Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.

Flexible architecture

Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.

Staying ahead of threats with SIEM intelligence

Watch Webcast
ESG SC Magazine Gartner

Product Reviews

Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.

Understanding Cyberthreat Motivations to Improve Defense

Understanding Cyberthreat Motivations to Improve Defense

Learn the different motivations of an attacker so you can successfully defend from threats and implement controls tailored to each type of attack for greatest efficiency.

Download Infographic Read White Paper


System Requirements

McAfee Event Receiver deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.

Model Number Maximum EPS1 Appliance Size Local Storage2 Network Interfaces (10/100/1000) System Requirements
ERC-VM-8 500 VM Recommended 250GB VM (AWS, ESX, KVM) 8 processor cores, 4GB of memory
ERC-VM-12 5,000 VM Recommended 500GB VM (AWS, ESX, KVM) 12 processor cores, 64GB of memory
ERC-VM-32 15,000 VM Recommended 2TB+480GB SSD3 VM (AWS, ESX, KVM) 32 processor cores, 96GB of memory
ERC-1260 6,000 1U 1TB 2 + HA ports4 Requires ESM
ERC-2600 12,000 2U 1.8TB 2 + HA ports4 Requires ESM
ERC-3450 18,000 2U 1.8TB+240GB SSD 2 + HA ports4 Requires ESM
ERC-4600 24,000 2U 3TB+480GB SSD 2 + HA ports4 Requires ESM

1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4These ports can be used for event and netflow monitoring or in the ERC HA configuration.

Need additional technical resources? Visit the McAfee Expert Center

McAfee SIEM-Integrated Partners

Many organizations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it increases risk. Evolving security challenges require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. Below is a selection of Security Innovation Alliance partners with McAfee SIEM integrated solutions that allow you to resolve more threats faster with fewer resources.

Automation & Orchestration

User & Entity Behavior Analytics

Authentication & Encryption

Application & Database Security

Incident Response & Forensics

See All SIEM-Integrated Partners