UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Captain
Captain
1275 views

McAfee EPO integration with Arcsight - Benefits?

Jump to solution

Hi...what would be the benefits that an organization should look upon by integrating McAfee EPO with Arcsight ESM...From my discussions with McAfee team (at my organization) I understand creating co-relation rule would be one valuable benefit as a result of integration...other than this I was not able to figure out the benefits....can someone help me on this....Thanks in advance....

Labels (2)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Absent Member.
Absent Member.

Hello,

I think that it depends if you have RiskAdvisor (or you plan to have RA). Also it depends if your organisation has some network related security layer. I mean if any system - ESM or some kind of IDS has details about internal network communication which can help to detect compromised system (PC, server etc.) without McAfee agent (or system with corrupted McAfee agent). How about visitors? Are visitors able to plug-in their laptop into your internal network?

I suppose that your organization monitores internet communication but also I suppose that your organization has more locations and mobile devices are used (for example laptops) and USB devices are enabled in some cases (external USB harddrives, flashdisks and so on).

Another interesting area might be a patching system - do you use ePO for checking installed patches?

Another interesting area might be a vulnerability system - do you use FoundStone for vulnerability scans and/or discovery scans focused on devices on LAN? Are results sent to ePO/RA and/or to ESM?

And the last area is a ticketing system - if you use ESM for cases and/if you have some separated ticketing system.

Regards

Pavel

View solution in original post

0 Likes
2 Replies
Absent Member.
Absent Member.

Hi,

You can catch the culprit systems real time in the organization if any Virus/Malware is not deleted or quarantined. Just go through the Device Action field in ArcSight since you do not want to unnecessarily create rules for the Files that have already been deleted by EPO. Hope this helps.

Regards,

Jitendra

0 Likes
Absent Member.
Absent Member.

Hello,

I think that it depends if you have RiskAdvisor (or you plan to have RA). Also it depends if your organisation has some network related security layer. I mean if any system - ESM or some kind of IDS has details about internal network communication which can help to detect compromised system (PC, server etc.) without McAfee agent (or system with corrupted McAfee agent). How about visitors? Are visitors able to plug-in their laptop into your internal network?

I suppose that your organization monitores internet communication but also I suppose that your organization has more locations and mobile devices are used (for example laptops) and USB devices are enabled in some cases (external USB harddrives, flashdisks and so on).

Another interesting area might be a patching system - do you use ePO for checking installed patches?

Another interesting area might be a vulnerability system - do you use FoundStone for vulnerability scans and/or discovery scans focused on devices on LAN? Are results sent to ePO/RA and/or to ESM?

And the last area is a ticketing system - if you use ESM for cases and/if you have some separated ticketing system.

Regards

Pavel

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.