McAfee® ePO™ Logs

Configuration Guide

Updated Jan 27, 2023

McAfee® ePO™ Logs

Configure the McAfee® ePO™ platform to send logs to Arctic Wolf Direct link to this section

Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.

You can configure the McAfee® ePolicy Orchestrator® (McAfee® ePO™) platform to send the necessary logs to Arctic Wolf for monitoring security information.

  1. Log into the McAfee® ePO™ platform as an administrator.

  2. Click Menu, and then select Configuration > Registered Servers.

  3. Click New Server.

  4. On the Registered Servers page, do the following:

    • Server type — Select Syslog Server from the list.
    • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
  5. Click Next.

  6. On the next Registered Servers page, do the following:

    • Server name — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • TCP port number — Enter 514.
    • Enable event forwarding — Select the checkbox.
  7. Click Test connection.

  8. Click Save.

  9. Click Menu, and then select Policy > Server Settings.

  10. In the Setting Categories list, click Event Filtering.

  11. Click Edit.

  12. On the Server Settings screen, do the following:

    • The agent forwards — Select the Only selected events to the server option, and then select the Threat Detected event. (Optional) Select any additional events you want to send.
    • Where to store events — Select the Store selected in both option.
    • Event source — Select the Events from any source option.
  13. Click Save.

  14. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

See also Direct link to this section