Overview

The McAfee Security Information Event Management (SIEM) solution provides real-time visibility to all activity on your systems, networks, database, and applications.

The solution is composed of the following components:

• McAfee® Enterprise Security Manager (McAfee ESM) - serves as the foundation of McAfee's SIEM solution and provides:

  • Analyst-centric dashboards, reports, views, rules, and alerts
  • Prepackaged configurations (called content packs) for common security use cases (such as alarms, views, reports, variables, and watch lists)
  • Predefined dashboards, audit trails, and reports for global regulations and control frameworks
  • Customizable compliance reports, rules, and dashboards

• McAfee® Event Receiver - collects, parses, and normalizes large amounts of raw security data
• McAfee® Enterprise Log Manager (ELM) - provides long-term storage of raw logs for compliance purposes
• McAfee Enterprise Log Search (ELS) - provides quick access to raw logs for forensic purposes
• McAfee® Advanced Correlation Engine (McAfee® ACE) - correlates parsed data to identify trends and suspicious activity
• McAfee® Application Data Monitor (ADM)- monitors unencrypted layer seven session data to identify suspicious activity at the application and protocol level
• McAfee® Database Event Monitor - monitors and tracks database transactions to identify suspicious activity happening in the database communication on the network