Highlighted
Trusted Contributor.
Trusted Contributor.
214 views

McAfee epo error

hi,

after integrating mcafee epo with arcsigt i observed the below error. seems like parsing error. same attacker and target ip. please help to resolve.

PFA error snapshot.

thanks

jayant

Labels (3)
0 Likes
Reply
3 Replies
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: McAfee epo error

The screenshot that you have shared doesn't talk much.

As a first step.

Try enabling the raw events on the connector level:

     #Double click on EPO connector--> Default tab--> Processing--> Preserve Raw Event--> Change it to Yes.

Then create a channel with filter active channel and extarct the raw events. Then verify the events and the field mapping.

Once you extract the raw events, revert back the configuration of Preserve Raw Event to NO.

Regards,

Anirudh

0 Likes
Reply
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: McAfee epo error

hi,

Tried the same, similar error was observed in raw events as well.

Thanks

Jayant

0 Likes
Reply
Contributor.
Contributor.

Re: McAfee epo error

The "error" in the snapshot is because of other letters, which can't be shown like chinese letters or russian letters (hope you know what I mean). Looks like you have several ePO clients on Windows Hosts with different languages.

And that Attacker and target IP are same is not an error, there is no difference between attacker and target, because the ePO events are just the message of the client, and not a communication which are reported by ePO

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.