Overview

The McAfee Security Information Event Management (SIEM) solution provides real-time visibility to all activity on your systems, networks, database, and applications.

The solution is composed of the following components:

  • McAfee® Enterprise Security Manager (McAfee ESM) - serves as the foundation of McAfee's SIEM solution and provides:

    • Analyst-centric dashboards, reports, views, rules, and alerts
    • Prepackaged configurations (called content packs) for common security use cases (such as alarms, views, reports, variables, and watch lists)
    • Predefined dashboards, audit trails, and reports for global regulations and control frameworks
    • Customizable compliance reports, rules, and dashboards

  • McAfee® Event Receiver - collects, parses, and normalizes large amounts of raw security data
  • McAfee® Enterprise Log Manager (ELM) - provides long-term storage of raw logs for compliance purposes
  • McAfee Enterprise Log Search (ELS) - provides quick access to raw logs for forensic purposes
  • McAfee® Advanced Correlation Engine (McAfee® ACE) - correlates parsed data to identify trends and suspicious activity
  • McAfee® Application Data Monitor (ADM)- monitors unencrypted layer seven session data to identify suspicious activity at the application and protocol level
  • McAfee® Database Event Monitor - monitors and tracks database transactions to identify suspicious activity happening in the database communication on the network