How it works

The diagram below shows the McAfee ESM workflow.

  1. Threat enters your organization.
  2. The McAfee Event Receiver collects data and events from security devices, databases, networks, systems, and applications.
  3. The McAfee Event Receiver collects raw data.
  4. The McAfee Event Receiver parses (or extracts) data into parts and relationships based on your specific syntax rules.
  5. The McAfee Event Receiver normalizes (or aligns) collected values to one common scale and uses to identify known threats.
  6. The McAfee Advanced Correlation Engine (McAfee ACE) correlates (or identifies) patterns in the information to identify potential security threats.
  7. You, the analyst, can use the McAfee ESM dashboard, alarms, watch lists, cases, and reports to monitor and identify threats.
  8. Use the Data Exchange Layer (DXL), McAfee Advanced Threat Defense (ATD), and McAfee® Threat Intelligence Exchange (TIE) to identify threat.
  9. Use McAfee ePolicy Orchestrator to respond to threat immediately and automatically.



The following diagram shows how McAfee ESM devices work with each other.