McAfee Enterprise Security Manager components

McAfee ESM and its components are installed on your network and configured to identify vulnerabilities and threats.

If a threat occurs, the ESM can:

  • Notify you through the user interface, email, SNMP, or text message.
  • Save the history of the threat for analysis.
  • Automatically act on the threat based on configured policy.

McAfee ESM components include:

  • McAfee® Enterprise Security Manager (McAfee ESM) — Available as a hardware component or virtual machine (VM) software installation, the McAfee ESM displays threat data, reputation feeds, and vulnerability status. It also shows a view of the systems, data, risks, and activities inside your enterprise.
  • McAfee Event Receiver (ERC) — Available as a hardware component or VM software installation, it collects up to tens of thousands of events per second, parses that data, and sends it to the ESM device(s).
  • McAfee® Enterprise Log ManagerMcAfee Enterprise Log Manager (ELM) —Available as a hardware component or VM software installation, it collects, compresses, signs, and stores events to provide a proven audit trail of activity.
  • McAfee Enterprise Log Search (ELS) — A hardware component that collects, indexes, and stores all events to provide a proven audit trail of activity. The ELS searches events faster than the ELM because it uses indexes.
  • McAfee Receiver/ELM (ELMERC) — Available as a hardware component or VM software installation that includes both ELM and ERC.
  • McAfee® Advanced Correlation Engine (McAfee® ACE) — Available as a hardware component or VM software installation that simplifies event correlation and startup to identify and score threat events in historical or real time, using both rule- and risk-based .
  • McAfee Application Data Monitor — A hardware component that monitors more than 500 known applications through the entire layer stack and captures full session detail of all violations.
  • McAfee Database Event Monitor () — A hardware component that automates the collection, management, analysis, visualization, and reporting of database access for most database platforms.
  • McAfee Direct Attached Storage (DAS) — A hardware component connected to the ESM, ELM, or ELS to expand storage space.
    Note: In redundant solutions, one DAS device is required in each system. For example, two redundant ELMs require two DAS devices.
  • ESM Console — A computer with a browser used by security administrators to configure and manage the ESM.

You might use just one combination ESM, or many of these components, depending on your environment.

For detailed configuration information, see the McAfee Enterprise Security Manager Product Guide.