McAfee Endpoint Security 10.1 via ePO DB smartconnector support?
Just a quick query, are there any plans for a MES 10.1 to be supported via the McAfee ePolicy Orchestrator DB smartconnector?
We've been running this with Virusscan Enterprise 8.8 quite happily, but a new service has come on board running MES 10.1
None of this MES traffic is being picked up by the SmartConnector, only other components of the ePO database.
I've upgraded the SmartConnector (to 18.104.22.16889.0) just in case this has been sorted in a later version, but to no avail.
Judging by the lack of mention in SmartConnector supported documents, I assume this functionality isn't currently available?
With the ePO connector, even after the upgrade and the on boarding of MES into ePO, are you using the same query string to pull logs into the connector? I don't have my doc's with me, but if I recall the default query string isn't going to pull a number of extra sources that you can tie into ePO and the MES event tables are one of them.
I would suggest look at your ePO db and the query string, then include the extra MES tables to be pulled into ArcSight.
Thanks for your reply. Happy to check that, do you have any idea or documentation on where the default SQL queries are held on the ePO database connector so these can be assessed and if required amended? I've not tweaked them to this level before, only specified the components to lookup when configuring in ./runsetupagent.
I assume you've still had no luck?
Have you looked at the eventtypelist on the ArcSight agent properties file?
There may be a new eventtype in the ePO DB which hopefully is still readable by the connector.
Add something like the following if the identifier in the DB is es10:
Well, just been advised through another thread.....
SmartConnector version 7.6 has been released.
It contains a new device: McAfee Endpoint Security (ENS) 10.5 with ePO 5.3