Overview

As the foundation of the McAfee Security Information Event Management (SIEM) solution, McAfee® Enterprise Security Manager (McAfee ESM) gives you real-time visibility to all activity on your systems, networks, database, and applications.

Add McAfee devices to increase the power of McAfee ESM:

  • McAfee ESM — The core device of the McAfee SIEM solution and the primary device on which an analyst identifies vulnerabilities and hunts threats. It is also where administrators configure the system, including data sources, alarms, rules, and so on. The ESM holds events and flows collected by receivers (ERCs).
  • McAfee® Event Receiver — Collects, parses, and normalizes large amounts of raw security data (required).
  • McAfee Data Streaming Bus — Facilitates device interconnection and provides a streaming data platform for external integrations (required for distributed McAfee ESM and data sharing with 3rd-party applications).
  • McAfee® Enterprise Log Manager — Stores raw logs for compliance purposes (recommended).
  • McAfee Enterprise Log Search — Searches raw logs quickly for forensic purposes (optional).
  • McAfee® Advanced Correlation Engine (McAfee® ACE) — Correlates parsed data to identify trends and suspicious activity (recommended).
  • McAfee® Application Data Monitor — Monitors unencrypted Layer 7 session data to identify suspicious activity at the application and protocol level (optional).
  • McAfee® Database Event Monitor — Monitors and tracks database transactions to identify suspicious activity happening in the database communication on the network (optional).