Solved: Need a Splunk App for McAfee that uses Splunk Add-...

ggb667 · ‎01-21-2020

Hello. I plan on installing the Splunk Add-on for McAfee and i need to monitor:

McAfee Endpoint Security for Linux Firewall 10.6.6 105
McAfee Endpoint Security for Linux Threat Protection 10.6.6 107
McAfee Agent for Linux 5.6.2
McAfee Policy Auditor Agent for Linux 6.4.3
Asset Configuration Compliance Module - LNX 3.2.4

I was hoping for a "Splunk McAfee App" that would go hand in hand with the "Add-On" for visualizations, but all I'm finding are bits and pieces here and there. Is there an app for this, or am I going to have to build this myself and rely on my own Splunk Deployment Monitor derived components for monitoring McAfee components?

I'm new to apps and add-on components for Splunk.

Thanks

PavelP · ‎01-21-2020

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

View solution in original post

PavelP · ‎01-21-2020

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

Need a Splunk App for McAfee that uses Splunk Add-on for McAfee

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!