McAfee® ePO™ Logs
Configure the McAfee® ePO™ platform to send logs to Arctic Wolf Direct link to this section
Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.
You can configure the McAfee® ePolicy Orchestrator® (McAfee® ePO™) platform to send the necessary logs to Arctic Wolf for monitoring security information.
-
Log into the McAfee® ePO™ platform as an administrator.
-
Click Menu, and then select Configuration > Registered Servers.
-
Click New Server.
-
On the Registered Servers page, do the following:
- Server type — Select Syslog Server from the list.
- Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
-
Click Next.
-
On the next Registered Servers page, do the following:
- Server name — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- TCP port number — Enter 514.
- Enable event forwarding — Select the checkbox.
-
Click Test connection.
-
Click Save.
-
Click Menu, and then select Policy > Server Settings.
-
In the Setting Categories list, click Event Filtering.
-
Click Edit.
-
On the Server Settings screen, do the following:
- The agent forwards — Select the Only selected events to the server option, and then select the Threat Detected event. (Optional) Select any additional events you want to send.
- Where to store events — Select the Store selected in both option.
- Event source — Select the Events from any source option.
-
Click Save.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.