Document toolboxDocument toolbox

Setting up McAfee ESM

Owned by Shirly Tsang
Last updated: Mar 27, 2024 by Alex Mandel
1 min read

To set up a McAfee ESM destination to receive data from a Data Connector device, do the following:

1. Log in to the McAfee ESM console.

The screenshot shows the McAfee ESM console. In the Device Type Display pane (on the left), NIOS_Test_System is shown under McAfee Event Receiver. The right pane contains the Receiver Properties window, which shows the properties of the receiver.
Image: The McAfee ESM network security management interface, showing the configuration panel for a "Device Type Display".

2. Select Configuration from the top-left menu, and click McAfee Event Receiver > Selected Event Receiver.

3. Click the Add Data Source icon, .

The screenshot shows the Add Data Source dialog box, which contains Use System Properties, listed in the next step.
Image: The McAfee ESM network security management interface, depicting how to add a data source.

4. Do the following on the Add Data Source screen:

  • Data Source Vendor: Select Infoblox.
  • Data Source Model: Verify that this field is set to NIOS, which is the value populated by default when you select Infoblox as the data source vendor.
  • Data Format: Select CEF. For McAfee ESM, Infoblox supports the CEF log format.
  • Data Retrieval: Select SYSLOG (Default).
  • Name: Enter a name for the data source.
  • IP Address: Enter the same IP address as the one you specified while configuring the destination in the Data Connector.
  • Require Syslog TLS: Select the checkbox to use the TLS encryption protocol for Syslog.
  • Port: Choose the same port number as the one you specified while configuring the destination in Data Connector.

5. Click OK.

Perform a real-time check of whether the data transferred from Data Connector has reached the McAfee ESM destination:

1. Ensure that you allow Flash Player on your browser to open the configuration page in the McAfee ESM menu.

2. Log in to the McAfee ESM console.

3. In the Actions toolbar, click the View Streaming Events icon, .

4. Click Start to begin streaming.

The events transferred through Data Connector are displayed as they reach the McAfee ESM destination:

The Configuration tab of the report page shows the list of events and their properties. Each event is described with Last Time, Source IP, Destination IP, Event Count, Rules Message, and Packet.
Image: The McAfee ESM network security management interface allows users to monitor live data as it is being processed by the system.

For more information, refer to the McAfee ESM documentation.