All Apps and Add-ons

Need a Splunk App for McAfee that uses Splunk Add-on for McAfee

ggb667
New Member

Hello. I plan on installing the Splunk Add-on for McAfee and i need to monitor:

McAfee Endpoint Security for Linux Firewall 10.6.6 105
McAfee Endpoint Security for Linux Threat Protection 10.6.6 107
McAfee Agent for Linux 5.6.2
McAfee Policy Auditor Agent for Linux 6.4.3
Asset Configuration Compliance Module - LNX 3.2.4

I was hoping for a "Splunk McAfee App" that would go hand in hand with the "Add-On" for visualizations, but all I'm finding are bits and pieces here and there. Is there an app for this, or am I going to have to build this myself and rely on my own Splunk Deployment Monitor derived components for monitoring McAfee components?

I'm new to apps and add-on components for Splunk.

Thanks

0 Karma
1 Solution

PavelP
Motivator

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

View solution in original post

0 Karma

PavelP
Motivator

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

View solution in original post

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!