Configuring the ESM The ESM administers data, settings, updates, and configuration. It communicates with multiple devices simultaneously. When creating the ESM environment, carefully consider your organization's needs and compliance objectives to support your organization's security management life cycle. View device information View general information about a device. Open the device's Information page to see the system ID, serial number, model, version, build, and more. About device keys For ESM to communicate with a device, it must encrypt all communications using the communications key that is created when the device is keyed. Organizing your devices The system navigation tree lists the devices on the system. You can select the way you want them displayed using the display type feature. Manage multiple devicesThe Multi-Device Management option allows you to start, stop, and restart, or update the software on multiple devices at one time. Manage URL links for all devices You can set up a link for each device to view device information on a URL. View device summary reports The device summary reports show the types and number of devices on the ESM and the last time an event was received by each one. These reports can be exported in comma-separated value (CSV) format. View a system or device log System and device logs show events that have taken place on the devices. You can view the summary page, which shows the event count and the times of the first and last event on ESM or device or view a detailed list of events on the System Log or Device Log page. Delete a group or device When a device is no longer part of the system or you no longer use a group, delete it from the system navigation tree. Refresh the devices You can manually update the devices on the system so their information matches that on the ESM. Configuring devices Connect both physical and virtual devices to McAfee ESM to enable real-time forensics, application and database monitoring, advanced rule- and risk-based correlation, and compliance reporting. Configuring ancillary services Ancillary services include Remedy servers, Network Time Protocol (NTP) servers, and DNS servers. Configure these servers to communicate with ESM. Managing the database Manage the ESM database to provide information and settings as you set up features on your system. Working with users and groups Users and groups must be added to the system so that they have access to the ESM, its devices, its policies, and their associated privileges. Backing up and restoring system settings Save current system configuration settings automatically or manually so they can be restored in case of system failure or data loss. You can also set up and save current settings to a redundant ESM. Redundant ESM The redundant ESM feature allows you to save current ESM settings to redundant ESM that can be converted to the primary ESM in case of system failure or data loss. This feature is only available to users with system administrator privileges. Managing the ESM You can perform several operations to manage the software, logs, certificate, feature files, and communication keys for the ESM. Using a global blacklist A blacklist is a way to block traffic as it flows through a Nitro IPS or virtual device before it is analyzed by the deep packet inspection engine. Data enrichment You can enrich events sent by the upstream data source with context not in the original event, such as an email address, phone number, or host location information. This enriched data becomes part of the parsed event and is stored with the event just like the original fields.