McAfee ePolicy Orchestrator (ePO) connector for Microsoft Sentinel
The McAfee ePolicy Orchestrator data connector provides the capability to ingest McAfee ePO events into Microsoft Sentinel through the syslog.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Kusto function alias | McAfeeEPOEvent |
Kusto function url | https://aka.ms/sentinel-McAfeeePO-parser |
Log Analytics table(s) | Syslog(McAfeeePO) |
Data collection rules support | Workspace transform DCR |
Supported by | Microsoft Corporation |
Query samples
Top 10 Sources
McAfeeEPOEvent
| summarize count() by DvcHostname
| top 10 by count_
Vendor installation instructions
This data connector depends on a parser based on a Kusto Function to work as expected McAfeeEPOEvent which is deployed with the Microsoft Sentinel Solution.
- Install and onboard the agent for Linux
Typically, you should install the agent on a different computer from the one on which the logs are generated.
Syslog logs are collected only from Linux agents.
- Configure the logs to be collected
Configure the facilities you want to collect and their severities.
Under workspace advanced settings Configuration, select Data and then Syslog.
Select Apply below configuration to my machines and select the facilities and severities.
Click Save.
Configure McAfee ePolicy Orchestrator event forwarding to Syslog server
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for