Working with events ESM enables you to identify, collect, process, correlate, and store billions of events and flows, keeping all information available for queries, forensics, rules validation, and compliance. Working with eventsThe ESM enables you to identify, collect, process, correlate, and store billions of events and flows, keeping all information available for queries, forensics, rules validation, and compliance. Description of contains and regex filters The contains and regex filters provide you with wildcard capabilities on both index string data and non-indexed string data. These filters have syntax requirements. Working with ESM views The ESM retrieves information about events, flows, assets, and vulnerabilities logged by a device. The information is correlated and inserted into the McAfee Security Event Aggregation and Correlation (MSEAC) engine. Add a custom view Custom views include components that allow you to display the information you want to see. View components Create custom views to display event, flow, asset, and vulnerabilities data in a way that is most useful to you. Working with the Query Wizard Each report or view on the ESM gathers data based on the query settings for each component. Custom type filters Custom type fields can be used as filters for views and reports and to create custom rules, to define and then access data that is most relevant to you. McAfee Active Response searches McAfee Active Response offers continuous visibility and insights into your endpoints, so you can identify breaches as they happen. It helps security practitioners query the current security posture, improve threat detection, and perform detailed analysis and forensic investigations View event timeView the exact time that an event was inserted into the Receiver's database.