Installation information

Upgrading to this release requires preparation and an understanding of how the upgrade process works.

Before beginning the upgrade:

  • Review the upgrade information in the McAfee Enterprise Security Manager 11.3.x Installation Guide.
  • Make sure that your current McAfee ESM version is 10.2.0 (or later).
  • If you are upgrading from version 10.x, make sure all needed ports are open on your network (see the ESM Installation Guide for a list of needed ports).
  • Get the current hotfix file from the download site.

After upgrading the software

Before logging on for the first time, clear your browser cache. Not doing so might cause issues when you log on.

After the upgrade, you might see numerous messages in the messages log related to snowflex and snowman processes. These messages do not indicate a problem and do not impact system operation. Once the related background processes have completed, the messages stop.

Install the latest hotfix.

AWS CloudTrail data sources

The AWS CloudTrail data source is now part of the Amazon SQS Collector data source. SQS also includes CloudWatch and GuardDuty. If you are upgrading from ESM 11.2.1 or earlier and have AWS CloudTrail data sources, those data sources are renamed "Amazon SQS". Some implications to consider:

  • The data sources will continue to send data after the upgrade, but if you need to modify their configuration, you must enter the IP address and Hostname.
  • Perform a rule update immediately after the ESM upgrade.
  • Data sources configured before a version upgrade have only the CloudTrail rules enabled by default. If you want to use the same SQS for CloudWatch and GuardDuty, enable those rules before streaming data to the SQS. Remember to roll out the changes to the Receiver.
  • New data sources have CloudTrail, CloudWatch, and GuardDuty rules enabled by default.