Configure a connection between a McAfee Event Receiver and SIEM Collector

Set up a receiver to communicate with SIEM Collector.

Before you begin

Enabling encryption with SSL between the SIEM Collector and the ESM requires both devices to have it enabled. In order to use encryption with host IDs, it must be set up with one 'bridging' client that uses an IP address. This opens the firewall for the connection and allows the receiver to connect with an encrypted connection.

Task

  1. Open the SIEM Collector configuration utility.
  2. Select the receiver and verify the McAfee Event Receiver IP address and chosen MEF port.
  3. If you need to change the default settings, change them in ESM.
    1. From the dashboard, select the receiver in the navigation tree.
    2. Click the Properties icon.
    3. In Receiver Properties, select Receiver Configuration.
    4. Select Interface.
    5. Set the MEF port (Receiver ConfigurationInterfaceCommunication). This value must be the same port configured on the receiver. The default is 8082.
    6. (Optional) Set the network adapter (Receiver ConfigurationInterfaceNetworkInterfaces).
    7. If you enable SSL (encrypted), make sure each data source is configured to Use encryption.