SOCFortress Integrations — McAfee EndPoint Protection

2 min readJul 28, 2023

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of McAfee security events using a single pane of glass.

About McAfee

McAfee provides a wide range of security solutions for . The company has a long history in the cybersecurity industry and has become one of the most recognized names in the field.

Key features:

Endpoint Security: Desktops, laptops, servers, and mobile devices. Includes: antivirus, anti-malware, firewall, intrusion prevention, and encryption capabilities.
Cloud Security: McAfee provides cloud security solutions to secure cloud environments and workloads.
Network Security: Firewalls, intrusion prevention systems (IPS), and advanced threat detection technologies to safeguard networks from cyber threats.
Data Protection and Encryption: Data loss prevention (DLP) tools to help organizations secure sensitive data and prevent data breaches.

Ingesting McAfee Security Events

Event forwarding allows you to send events from McAfee ESM to another device or facility via Syslog

Configuration steps:

From the McAfee ESM dashboard, click and select Configuration.
On the system navigation tree, select McAfee ESM, then click the Properties icon and Event Forwarding
Choose TCP transport protocols.
Select TLS in the Mode field.
Select the time format for the header of syslog event forwarding.
Select the security mode for the message (TLS).

Visualizations and Events Details

Security Events:

Threats Detected:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/