McAfee Database Activity Monitoring 5.0.0

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "McAfee Database Activity Monitoring 5.0.0"

Transcription

1 Product Guide McAfee Database Activity Monitoring For use with epolicy Orchestrator Software

2 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Database Activity Monitoring Product Guide

3 Contents 1 Introduction 5 Key features How McAfee DAM works Policy configuration Application Mapping Deployment Supported databases Installation 9 Deployment Implementation workflow Install the extension Deploy the sensor Deploy the sensor from McAfee epo Deploy the sensor from McAfee epo Default sensor install paths Operating system dependencies Confirm sensor deployment Features added to McAfee epo Uninstall the extension Policy configuration 17 Policy categories Assign a policy DAM Sensor Configuration policy Configure DAM Sensor Configuration policy DBMS Monitoring Configuration policy Configure DBMS Monitoring Configuration policy vpatch policy Configure vpatch policy Update the vpatch policy Custom Rules policy Configure Custom Rules policy vpatch rules Edit vpatch rule properties Add vpatch rule actions Enable or disable vpatch rules Create an exception to a vpatch rule Set the security level for a vpatch policy Remove vpatch rule actions Create an allow rule Remove allow rule Custom rules Create a custom rule Remove a custom rule McAfee Database Activity Monitoring Product Guide 3

4 Contents Change rule order Copy a custom rule to another policy Rule objects Define rule objects Edit rule object properties Remove rule objects Configure dynamic DVM objects Rule syntax Identifiers Operators Rule examples DAM server configuration Edit DAM server settings DAM server settings Database monitoring configuration 37 Database monitoring View DBMS details View DBMSs attached to sensor Manage DBMS clusters Cluster DBMSs Change DBMS cluster type Break DBMS cluster Disable monitoring Edit alternative connection Merge DBMSs Recalculate DBMS policies Reset application mapping Clone DBMS Add a DBMS Events, reporting, and troubleshooting 43 View the DAM events list View Application Mapping events Create an allow rule based on Application Mapping View event details Load archived events View quarantine events list Remove a database user from quarantine Queries and reports Custom queries and reports Download the Sensor Analytic package Index 47 4 McAfee Database Activity Monitoring Product Guide

5 1 1 Introduction McAfee Database Activity Monitoring (McAfee DAM) provides monitoring and management of database activity for multiple databases and vpatch service (optional). It also includes prevention, database cluster support, third-party integration, and advanced reporting functionality. Contents Key features How McAfee DAM works Deployment Supported databases Key features McAfee DAM provides full visibility into database user activity and can issue alerts or stop suspicious activities based on predefined vpatch rules and custom rules. It also includes prevention, cluster support, third-party integration, and advanced reporting functionality. Database protection Prevention of intrusion, data theft, and other attacks on your databases. McAfee DAM uses memory-based sensors to detect threats with a single, nonintrusive solution. Threat identification and intervention High-risk violations can be configured to automatically close suspicious sessions and quarantine malicious users, allowing time for the security team to investigate the intrusion Custom security policies McAfee DAM enables you to create custom rule-based policies for users/ queries and database objects. vpatch updates Virtual patching updates are provided regularly for newly discovered vulnerabilities, protecting sensitive data until a patch is released by the database vendor and can be applied. The updates can be implemented without database downtime. Audit log Access to sensitive data, including complete transaction details, can be logged for audit purposes. McAfee Database Activity Monitoring Product Guide 5

6 1 Introduction How McAfee DAM works How McAfee DAM works When the extension for McAfee DAM and the sensor is deployed on a database server with McAfee Agent, it begins the process of discovering and monitoring your databases. By default, the databases that McAfee DAM discovers are placed in the Lost & Found group in the System Tree. You can configure the rule settings in McAfee epo to place the databases in a different location. Use of the terms DBMS (database management system) and database vary according to platform vendor. In general, DBMS refers to the overall database system, including the data and the infrastructure around it, but database can refer to the data tables. In this document, the terms are used interchangeably. Policy configuration The monitoring policy for a DBMS is made up of the various rules that are enabled and applied on that DBMS. McAfee DAM provides enhanced DBMS security based on predefined vpatch rules and custom rules. vpatch rules are included in the product installation and help prevent attacks against known vulnerabilities. In addition, you can define custom rules to define the level of monitoring and alerts, and further protect your DBMSs against potential threats. Incoming statements are compared to the rules and policies enabled for the DBMS. Action is taken based on the first rule that is matched. If a statement does not match any of the existing rules, the statement is allowed. Application Mapping When the McAfee DAM sensor is deployed, it begins to collect sample information about access to the DBMS. Application Mapping provides baseline information about the activities that take place on the DBMSs during the sampling period, including which applications are run on the DBMS and which users are running them. The Application Mapping Events page also includes a count for each cluster of applications, users, IP addresses, and each DBMS. This information can be used to create exceptions or allow rules (for example, if a certain combination of IP address, application and user are audited elsewhere or are of no security/audit interest). In addition, the information can be used to create monitoring rules. Deployment Before the software can monitor and manage database activity, you must install the product extension on the McAfee epo server and deploy the sensors to a database server where McAfee Agent is installed. Required components McAfee epolicy Orchestrator or later with these extensions installed: McAfee Database Activity Monitoring extension McAfee Vulnerability Manager for Databases extension McAfee Rogue Database Detection extension 4.7 or later McAfee Advanced Management Core extension McAfee Agent or later 6 McAfee Database Activity Monitoring Product Guide

7 Introduction Supported databases 1 Supported databases McAfee DAM can be used to monitor and manage activity on several different types of databases. The supported databases include: IBM DB2 LUW 9.5 or later IBM DB2 for Z/OS IBM DB2 iseries (AS/400) Microsoft SQL Server 2000 or later on any supported Windows platform MySQL 5.1 or later on Linux Oracle or later on Sun Solaris, IBM AIX, Linux, HP-UX, or Microsoft Windows Sybase ASE 12.5 or later on all supported platforms Teradata 12, 13, 13.10, or 14 on Linux vpatch supports: IBM DB2 LUW 9.5 or later Microsoft SQL Server 2000 or later on any supported Windows platform MySQL 5.1 or later on Linux Oracle or later on Sun Solaris, IBM AIX, Linux, HP-UX, or Microsoft Windows Sybase ASE 12.5 or later on all supported platforms The lists of supported databases are updated regularly. To view the current lists, see: McAfee DAM supported databases vpatch supported databases McAfee Database Activity Monitoring Product Guide 7

8 1 Introduction Supported databases 8 McAfee Database Activity Monitoring Product Guide

9 2 Installation 2 For McAfee DAM to be used with McAfee epo software, you must first download and install the product extension and deploy the sensor to McAfee Agent. Contents Deployment Implementation workflow Install the extension Deploy the sensor Confirm sensor deployment Features added to McAfee epo Uninstall the extension Deployment Before the software can monitor and manage database activity, you must install the product extension on the McAfee epo server and deploy the sensors to a database server where McAfee Agent is installed. Required components McAfee epolicy Orchestrator or later with these extensions installed: McAfee Database Activity Monitoring extension McAfee Vulnerability Manager for Databases extension McAfee Rogue Database Detection extension 4.7 or later McAfee Advanced Management Core extension McAfee Agent or later Implementation workflow These tasks must be performed to enable McAfee DAM to monitor and manage database activity. 1 Verify that the extensions for McAfee Vulnerability Manager for Databases, McAfee Rogue Database Detection, and McAfee Advanced Management Core are installed in the McAfee epo console. 2 Install the McAfee DAM extension using the McAfee epo console. McAfee Database Activity Monitoring Product Guide 9

10 2 Installation Install the extension 3 Deploy the sensor on DBMSs using a product deployment task (in McAfee epo 5.0.0) or a client task (McAfee epo 4.6.3). 4 Confirm the success of the sensor deployment in the Products tab of the respective system information pages. See also Install the extension on page 10 Deploy the sensor from McAfee epo 4.6 on page 11 Deploy the sensor from McAfee epo 5.0 on page 11 Confirm sensor deployment on page 13 Install the extension The McAfee Database Activity Monitoring extension is installed using the epolicy Orchestrator console. Before you begin Back up the McAfee epo back-end database. Verify that the extensions for McAfee Vulnerability Manager for Databases, McAfee Rogue Database Detection, and McAfee Advanced Management Core are installed. If the epolicy Orchestrator console is not connected to the Internet, you need to download the product extensions from the McAfee download site, then install them from the epolicy Orchestrator Extensions page. If you previously installed and uninstalled the product extension, you need to remove some tables manually. Contact McAfee technical support for details. 1 From the McAfee epo console, click Menu Software Manager. 2 In the Product Categories pane, select Software Database Activity Monitoring. All related components are listed, including the product extensions. 3 Select DBSecDAMPolicy extension, then click Download or Check In. 4 When prompted, select ZIP as the package type. 5 Repeat for the Database Activity Monitoring extension anddatabase Activity Monitoring help extension. 6 In the Software Manager, check in the McAfee DAM sensor managed product for the relevant operating systems. When the installation is complete, Database Activity Monitoring and Help Content appear in the Components list. By default, the extension is installed using a 30-day evaluation license, and EVAL appears on the shortcut icons and at the top of the vpatch Rules and DAM Server Settings pages. The evaluation version has several limitations. For example, it does not include vpatch security updates. If you already have a license, we recommend that you install it now. 10 McAfee Database Activity Monitoring Product Guide

11 Installation Deploy the sensor 2 Deploy the sensor You can create a client task to deploy the sensor to a DBMS that has McAfee Agent installed. Once the sensor is deployed, it starts automatically and appears in the System Tree. s Deploy the sensor from McAfee epo 4.6 on page 11 You can create a client task to deploy the sensor from the McAfee epo 4.6 console. Deploy the sensor from McAfee epo 5.0 on page 11 You can deploy the sensor to DBMSs from the Product Deployment page of the McAfee epo 5.0 console. Deploy the sensor from McAfee epo 4.6 You can create a client task to deploy the sensor from the McAfee epo 4.6 console. Before you begin Verify that the Database Activity Monitoring package appears in the McAfee epo Master Repository. 1 Click Menu Policy Client Catalog Client Types McAfee Agent Product Deployment. 2 Click Actions New. 3 In the Name field, enter the name of the new task. 4 From the Target Platforms drop down list, select a platform. 5 From the Products and components drop down list, select DBMS McAfee Sensor for Windows. 6 From the Action drop-down list, select Install. 7 Schedule the task deployment and configure more options as needed for any McAfee epo client task. For more information, see the epolicy Orchestrator documentation. 8 Click Save. The deployment task is created and the sensor is deployed according to the task configuration. The task is run as scheduled in the task properties. You can also manually deploy the task from the Systems Tree. Select Actions Agent Run Client Now, then select the task to run. The Run Client Now option is supported for Windows systems only. Do not use this option for scheduling deployments on UNIX or Linux systems. For more information on running client tasks, see the epolicy Orchestrator documentation. See also Default sensor install paths on page 12 Operating system dependencies on page 13 Deploy the sensor from McAfee epo 5.0 You can deploy the sensor to DBMSs from the Product Deployment page of the McAfee epo 5.0 console. Before you begin Verify that the Database Activity Monitoring package appears in the McAfee epo Master Repository. McAfee Database Activity Monitoring Product Guide 11

12 2 Installation Deploy the sensor 1 Click Menu Software Product Deployment. 2 Click New Deployment. 3 Enter a task name and description, then define the type (Fixed or Continuous). 4 From the Products and components drop down list, select DBMS McAfee Sensor for Windows. 5 Schedule the task deployment and configure more options as needed for any McAfee epo client task. For more information, see the epolicy Orchestrator documentation. 6 Click Save. The deployment task is created and the sensor is deployed according to the task configuration. The task is run as scheduled in the task properties. You can also manually deploy the task from the Systems Tree. Select Actions Agent Run Client Now, then select the task to run. The Run Client Now option is supported for Windows systems only. Do not use this option for scheduling deployments on UNIX or Linux systems.for more information on running client tasks, see the epolicy Orchestrator documentation. See also Default sensor install paths on page 12 Operating system dependencies on page 13 Default sensor install paths The default sensor install paths and file names vary according to platform type. Table 2-1 Default directories Platform Installation directory Logs directory AIX /opt/mfeagdbs.sensor /var/adm/mfe-agent-dbs-sensor HPUX /opt/mfeagdbs.sensor /var/adm/mfe-agent-dbs-sensor Linux /usr/local/mfe-agent-dbs.sensor /var/log/mfe-agent-dbs-sensor Solaris /opt/mfeagentdbssensor /var/adm/mfe-agent-dbs-sensor Windows C:\Program Files\McAfee\Database Security Sensor Table 2-2 File names C:\Program Files\McAfee\Database Security Sensor\logs Platform Configuration file Binary name Startup script name AIX /etc/mfe-agent-dbs-sensor mfeagtdbsensor /etc/rc.d/init.d/ mfe-agent-dbs-sensor HPUX Linux Solaris Windows /etc/rc.config.d/ mfe-agent-dbs-sensor /etc/sysconfig/ mfe-agent-dbs-sensor /etc/default/ mfe-agent-dbs-sensor C:\Program Files\McAfee \Database Security Sensor\ McAfeeAgentDBSConfig.exe mfeagtdbsensor mfeagtdbsensor mfeagtdbsensor /sbin/init.d/ mfe-agent-dbs-sensor /sbin/init.d/ mfe-agent-dbs-sensor /sbin/init.d/ mfe-agent-dbs-sensor McAfee-Agent-DBS-Sensor.exe Service name - "McAfee Database Security Sensor" 12 McAfee Database Activity Monitoring Product Guide

13 Installation Confirm sensor deployment 2 Operating system dependencies Successful installation of the sensor requires that specific packages be installed on the target operating system. Platform AIX Dependencies IBM XL C/C++ Enterprise Edition for AIX, V9.0 Runtime Environment and Utilities: xlc.aix50 xlc.msg.ja_jp xlc.msg.en_us xlc.msg.ja_jp xlc.rte xlsmp.aix52.rte xlsmp.msg.en_us.rte xlsmp.msg.ja_jp.rte xlsmp.msg.ja_jp.rte xlsmp.msg.zh_cn.rte xlsmp.msg.zh_cn.rte xlsmp.msg.en_us.rte xlsmp.msg.ja_jp.rte xlsmp.msg.zh_cn.rte xlsmp.rte For details, see the IBM website) HPUX pa risc or later HPUX ia or later Linux Solaris Windows NFS.NFS-64SLIB OS-Core.CORE-64SLIB OS-Core.CORE-SHLIBS Streams.STREAMS-64SLIB NFS.NFS-64SLIB OS-Core.CORE2-64SLIB OS-Core.CORE2-SHLIBS Streams.STREAMS-64SLIB libstdc++33 (this library is almost always pre-installed) N/A N/A Confirm sensor deployment You can confirm the sensor deployment in the Products tab of the system details page. Before you begin Create and deploy the product deployment task. 1 Click Menu Systems System Tree, then select the Systems tab. 2 Click the system where the sensor is deployed. 3 In the system details page, select the Products tab. McAfee Database Activity Monitoring Product Guide 13

14 2 Installation Features added to McAfee epo The sensor deployment is indicated under Product. Features added to McAfee epo The extension adds or uses these features in the McAfee epo environment. Feature System Tree Policy submenu Configuration submenu Reporting submenu Permission sets Details Adds the Database Monitoring submenu to the Actions menu in the Systems tab. Adds two options to the Policy submenu: vpatch Rules View, add, and edit vpatch rules. Rule Objects View, add, and edit rule objects. Adds two predefined client task types to the Client Catalog: DAM Sensor Analytic Package Extracts diagnostic information for troubleshooting purposes. DAM Sensor Restart Restarts the monitoring sensor (according to instructions from the support team). Adds one new option to the Configuration Server Settings submenu: DAM Server Settings Manage the McAfee DAM server archive, log, and general settings. Adds three new options to the Reporting submenu: DAM Events view View the list of McAfee DAM events, and event properties. Application Mapping View information about activities taking place on a DBMS, including applications and their users. Dashboards Database Activity Monitoring View charts and graphs related to McAfee DAM events. Adds the Database Activity Monitoring group of result types in Query Builder. Adds two predefined user roles: Database Monitoring Manager By default, the Database Monitoring Manager can create, edit, or delete Scheduler tasks and queries, and can view and edit all McAfee DAM policies, global vpatch rules and rule objects, events, and permissions sets. Database Monitoring Reviewer By default, the Database Monitoring Reviewer can view the System Tree, Database Activity Monitoring settings, and DAM Events view. Uninstall the extension You can uninstall the McAfee Database Activity Monitoring extension using the McAfee epo console. Uninstalling an extension permanently deletes its data. 14 McAfee Database Activity Monitoring Product Guide

15 Installation Uninstall the extension 2 1 Click Menu Software Extensions. 2 From the Extensions list, select Database Activity Monitoring and the corresponding Help Content extension, then click Remove. 3 When prompted to confirm, click OK. Selecting Force removal is not recommended. This task does not uninstall the sensor. Remove the sensor using a standard client task. For details, see epolicy Orchestrator documentation. McAfee Database Activity Monitoring Product Guide 15

16 2 Installation Uninstall the extension 16 McAfee Database Activity Monitoring Product Guide

17 3 Policy 3 configuration McAfee DAM policy configuration enables you to implement the policy settings that are most appropriate for your organization. Contents Policy categories Assign a policy DAM Sensor Configuration policy DBMS Monitoring Configuration policy vpatch policy Custom Rules policy vpatch rules Custom rules Rule objects Rule syntax DAM server configuration Policy categories McAfee DAM policies are grouped into several categories, with a default policy for each category. Each default policy is read-only. However, we provide a policy template, My Default, that you can use to edit and implement the policy settings for your organization. DBMS Sensor Configuration This policy determines the log configuration settings for the DAM sensor, and enables the definition of advanced parameters. DBMS Monitoring Configuration This policy category contains two default policies related to the McAfee DAM monitor configuration: McAfee Default Monitor Configuration This policy is made up of the general monitoring settings, application mapping settings, and advanced logging parameters, as well as specific configuration settings according to database type. McAfee Disable Monitor Configuration This policy disables monitoring for a database. vpatch rules The default Virtual Patching for Database (vpatch) rule policy is made up of the full list of predefined vpatch rules in read-only format. The rules are applied in the order that they appear in the list. You can duplicate the default policy to create a custom rule set. Custom vpatch rule policies automatically inherit all of the rules contained in the default policy, however you can edit the rule properties in the customized policies. McAfee Database Activity Monitoring Product Guide 17

18 3 Policy configuration Assign a policy The default policy is updated regularly by McAfee DAM to include up-to-date monitoring and protection against known and zero-day vulnerabilities. Custom rules This policy is made up of the custom rules defined based on your organization's ongoing monitoring of potential risks and activities. You can create your own rules in the My Default custom rules policy, or duplicate the Empty Rules Template and create a custom rule policy. Rule objects This read-only policy is made up of the list of rule objects that can be used in dynamic rules. You can duplicate the default policy and create multiple rule object policies. You can add rule objects to the read-only policy. All rule objects are included in all rule object policies, however you can edit the rule object values in duplicated policies. Assign a policy You can assign a McAfee DAM policy to a managed system or DBMS. 1 Click Menu Systems System Tree Systems, then select the group under the System Tree. 2 Select the system, then click Actions Agent Modify Policies on a Single System to open the Policy Assignment page for that system. 3 From the Product drop-down list, select Database Activity Monitoring. The relevant policy categories are listed with the system s assigned policy. 4 Locate the required policy, then click Edit Assignments. 5 If the policy is inherited, select Break inheritance and assign the policy and settings below next to Inherit from. 6 From the Assigned policy drop-down list, select the policy. The available policies depend on your role and permissions. From this location, you can edit the selected policy or create a new policy. For more information, see the epolicy Orchestrator documentation. 7 Select whether to lock policy inheritance. Locking policy inheritance prevents any systems that inherit this policy from having another one assigned in its place. 8 Click Save. The policy is assigned to the selected managed system. 18 McAfee Database Activity Monitoring Product Guide

19 Policy configuration DAM Sensor Configuration policy 3 DAM Sensor Configuration policy The DAM Sensor Configuration policy determines the log configuration settings for the McAfee DAM sensor, and enables the definition of advanced parameters. The default policy is read only. A policy template, My Default, enables you to edit and implement the policy settings based on your organization's needs. Configure DAM Sensor Configuration policy Although a default DAM Sensor Configuration policy is provided, you can use the My Default policy template to implement different policy settings on specific systems. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select DAM Sensor Configuration. 2 Click My Default. 3 Edit the policy settings as needed, then click Save. DBMS Monitoring Configuration policy The DBMS Monitoring Configuration policy determines various monitoring options, including application mapping and failed logon monitoring. The default policy is read only. A policy template, My Default, enables you to edit and implement the policy settings based on your organization's needs. In addition, the read-only Disable Monitor Configuration policy is used to disable specific database instances from the System Tree. You cannot assign the Disable Monitor Configuration policy and a default policy to the same database instance at the same time. Configure DBMS Monitoring Configuration policy Although a default DBMS Monitoring Configuration policy is provided, you can use the My Default policy template to implement different policy settings on specific systems. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select DBMS Monitoring Configuration. 2 Click the My Default link. The default policy properties are organized into a general tab and one tab for each type of database platform. McAfee Database Activity Monitoring Product Guide 19

20 3 Policy configuration vpatch policy 3 Edit the settings as needed, then click Save. The policy settings are applied only to database instances where the policy is assigned. vpatch policy The default vpatch policy comprises a predefined set of vpatch rules. The default policy is read only. You can duplicate the policy and edit the actions defined for specific rules. You can also duplicate the default vpatch policy and use it as the basis for creating a custom vpatch rule set. Custom vpatch rule policies automatically inherit all of the rules contained in the default policy, however you can edit the rule properties in the customized policies The global vpatch policy is updated by McAfee DAM regularly (every several weeks) to provide monitoring and protection from new vulnerabilities. Different vpatch policies can be assigned to different DBMSs in the system. You can disable a vpatch rule, but you can't remove a rule from the vpatch Rules list. Configure vpatch policy You can use a duplicate copy of the vpatch policy as the basis for creating a custom vpatch rule set. Although the conditions (rule syntax) of these predefined rules cannot be edited, you can edit the actions and tags defined for specific rules. You can also create exceptions within the rules. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click your duplicate copy of vpatch Rules to open its vpatch Rules page. 3 To view or edit the properties of an existing rule, click the rule name. Update the vpatch policy McAfee DAM sends out notifications whenever new vpatch rules are available. We recommend that you update the vpatch rule set to provide protection from new vulnerabilities. The currently installed version of the vpatch policy appears in the Note column on the vpatch Policy page. s Update the vpatch rule set on page 20 When connected to the Internet, McAfee DAM automatically downloads the vpatch package into the Master Repository. The package must then be applied to your McAfee epo installation. Download and check in the vpatch rule set on page 21 When McAfee epo is not connected to the Internet, you must manually download and check in the updated vpatch rules package. Update the vpatch rule set When connected to the Internet, McAfee DAM automatically downloads the vpatch package into the Master Repository. The package must then be applied to your McAfee epo installation. 20 McAfee Database Activity Monitoring Product Guide

21 Policy configuration Custom Rules policy 3 1 Click Menu Software Master Repository. 2 Click Pull Now, then click Next. 3 Select the DAM vpatch package, then click Next. 4 Click Start Pull to apply the package. The new vpatch rules are included in the default vpatch policy. Download and check in the vpatch rule set When McAfee epo is not connected to the Internet, you must manually download and check in the updated vpatch rules package. Before you begin You must have Internet access to download the package. 1 Click the link in the notification you received to download the updated vpatch rules package, then save the package. 2 Click Menu Software Master Repository, then click Check In Package. 3 Select the package type, specify the path to where you saved the vpatch rules package, then click Next. 4 Click Save to check in the package. The new vpatch rules are included in the default vpatch policy. Custom Rules policy You can create custom policies according to your audit and security needs. Different policies can be applied to different DBMSs in your organization. DAM custom rule policies support multi-slot functionality so that more than one policy can be assigned to a system. You can enforce different policies for different purposes on the same system. For example, different policies might be configured for auditing, database security, and monitoring purposes. In a multi-slot scenario, an allow rule affects only the policy where it is created. Rule order The order of the rules in the Custom Rules list is important. The first rule that is matched is the rule that is applied to the statement. If a statement does not match any of the existing rules, the statement is allowed. There are two approaches to defining policy: McAfee Database Activity Monitoring Product Guide 21

22 3 Policy configuration vpatch rules Whitelist approach, which resembles the approach of firewalls, where you determine all the allowed actions first and then alert on all other actions (assuming that all other actions are suspect). Blacklist approach, which resembles the approach of IDS/IPS systems, where everything is allowed except actions that are considered suspect. McAfee DAM users typically create a policy that integrates elements of both approaches, for example, using a Blacklist approach for all known attacks, while using a Whitelist approach for the use of development SQL tools. Incoming statements are checked against the vpatch Rules list before they are checked against the Custom Rules list. Rule templates Custom rule policies use these templates: My Default This template is empty when the product is first installed. You can create your own rules in this policy. Empty Rules Template Duplicate this template and use it to create a custom rules policy. Integrity Monitoring This template is made up of the rules that capture changes to the database, including the addition and removal of tables, and changes in table structure and data. Rule Examples This template is made up of examples of custom rules that can be used as is or as models for creating new rules. Configure Custom Rules policy You can view and edit the rules that make up the Custom Rules policy. By default, the Custom Rules policy does not contain any rules. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select Custom Rules. By default, the custom rules policy does not contain any predefined rules. 2 Select the policy that you want to edit. 3 (Optional) Click Create New Rule to define a rule and add it to the Custom Rules policy. 4 To view or edit the properties of an existing custom rule, click the rule name. vpatch rules vpatch rules help prevent attacks against known vulnerabilities and database misconfigurations. A set of predefined vpatch rules is included as part of the McAfee DAM installation. McAfee DAM updates this set of rules regularly to provide monitoring and protection from new vulnerabilities. vpatch rules are applied in the order they appear in on the vpatch rules page. 22 McAfee Database Activity Monitoring Product Guide

23 Policy configuration vpatch rules 3 Edit vpatch rule properties You can edit the properties of a vpatch rule including its actions, tags, and description. Changes to the properties in the default vpatch policy are applied to all vpatch policies unless Override global policy settings is configured in the rule in the duplicate policy. Changes to the rule properties in a duplicate policy apply only to that policy. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click the vpatch rule policy to display the list of vpatch rules. 3 Select the rule that you want to edit, then click Actions Edit Properties. 4 Edit the rule properties as needed. 5 Click OK. Add vpatch rule actions You can configure additional actions to be applied when vpatch rules are matched as part of the monitoring process. Duplicate vpatch policies automatically inherit the rules and rule actions contained in the default vpatch policy. Changes to the rule actions in the default vpatch policy are applied to all vpatch policies unless Override global policy settings is configured in the rule in the duplicate policy. Changes to the rule actions in a duplicate policy apply only to that policy. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click the default vpatch rule policy or a duplicate policy to display the list of vpatch rules. 3 Select each of the rules where you want to add an action, then click Actions Apply Actions. 4 If you are editing a copy policy of the default policy, select the Override global policy settings checkbox. 5 Select the actions that you want to apply to the selected rules: Log Level Sets the level of criticality of the event. Threat event log Sends an event to the threat event log if the rule is matched. If you select Terminate, the Quarantine option is displayed. To quarantine a user, select Quarantine and enter the number of minutes during which the user is prevented from reconnecting. You can't send events to both the threat event log and the archive. To archive Sends an alert only to the archive if the rule is matched. McAfee Database Activity Monitoring Product Guide 23

24 3 Policy configuration vpatch rules Syslog Sends an alert to the syslog if the rule is matched. Windows event log Sends an alert to the Windows event log if the rule is matched. Log file Sends an alert to a log file if the rule is matched. Mask sensitive data with the following regular expression Prevents the display of sensitive data in alerts. If selected, enter a regular expression in the Regular Expressions text box using standard regular expression syntax. You can also configure an notification for the rule using McAfee epo by selecting Menu Automation Automatic Responses. Select epo Notification Events, with Threats as the event type. In the filter settings for the Threat Name, define the comparison criteria as Contains with RULE NAME as the value. For more information, see the epolicy Orchestrator documentation. 6 Click OK. Enable or disable vpatch rules You can enable or disable selected vpatch rules as needed. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click the vpatch rule policy to display the list of vpatch rules. 3 Select the rules that you want to enable or disable, then click Actions Enable/Disable Rules. 4 In the Enable/Disable rules dialog box, select Enable or Disable as required, then click OK. Create an exception to a vpatch rule You can define an exception to a vpatch rule to allow specific conditions. Exceptions are defined in response to false positive results to prevent vpatch rule from identifying a specific behavior as an attack. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Select the policy where you want to add the exception. 3 Select the rule where you want to add an exception, then click Actions Edit Properties. 4 In the rule properties page, underexceptions, click Add Exception. 5 In the text box that appears, enter the comparator statements that define the exception. 6 Click OK. 24 McAfee Database Activity Monitoring Product Guide

25 Policy configuration vpatch rules 3 See also Rule syntax on page 31 Rule examples on page 33 Set the security level for a vpatch policy You can set the security level for the vpatch policy that is applied to your databases based on a predefined security level or by setting a customized set of parameters. This feature enables you to control the tradeoff between security level and performance. The defined settings are applied to the entire vpatch policy. You can't set the security level for the global vpatch policy. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Select a copy of the vpatch Rules policy. The security level for the vpatch policy appears as a link in the policy header. 3 Click the security level link to open the Security Level page. 4 Select a preconfigured security level (Top, High, Medium, or Low) or select Custom to define settings based on a combination of these parameters: Apply to DBMS Versions Vulnerable Versions Only: Enables vpatch rules based on relevant DBMS versions. All Versions: Enables vpatch rules on all DBMS versions. Level Enables vpatch rules according to the selected severity level (High Only, Medium and High, or All). Confidence Enables vpatch rules according to the selected confidence level (High Only, Medium and High, or All). 5 Click OK. Remove vpatch rule actions You can remove specific actions from a vpatch rule. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click the vpatch rule policy to display the list of vpatch rules. 3 Select the rules where you want to remove an action, then click Actions Remove Actions. 4 Deselect the actions that you want to remove from the selected rules, then click OK. McAfee Database Activity Monitoring Product Guide 25

26 3 Policy configuration vpatch rules The rule actions are updated. The removed actions are no longer applied when the selected vpatch rule is matched as part of the monitoring process. Create an allow rule An allow rule enables you to define exceptions to specific conditions of an existing rule. vpatch allow rules are always evaluated before built-in vpatch rules. If the allow rule is matched, rule evaluation stops for all vpatch rules. You can also create an allow rule from the Application Mapping page. 1 Click Menu Policy vpatch Rules. 2 Click the vpatch rule policy to display the list of vpatch rules. 3 Select each of the rules where you want to create an allow rule, then click Actions Create allow rule. 4 In the Name field, enter a name for the rule. 5 Under Rule text, enter the comparator statements that make up the conditions of the rule. 6 Under Monitoring source, set the sources of information used to determine compliance with this rule: Auto (All) The sources of information are detected and sampled automatically. All All available sources of information are used. Memory Information is collected by memory sampling. Network Information is collected from network traffic. 7 (Optional) Add tags or comments to the rule. 8 Select Enable Rule to enable the rule on all vpatch policies. 9 Click OK to add the rule. The rule is added. See also Rule syntax on page 31 Rule examples on page 33 Remove allow rule You can remove multiple allow rules from the vpatch Rules list. For option definitions, click? in the interface 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select vpatch Rules. 2 Click the vpatch rule policy to display the list of vpatch rules. 26 McAfee Database Activity Monitoring Product Guide

27 Policy configuration Custom rules 3 3 Select the rules you want to remove, then click Actions Remove allow rule. 4 When prompted for confirmation, click OK. Custom rules Based on ongoing monitoring of potential risks, custom rules can be defined to provide protection against activity that your IT policy considers suspicious. Custom rules also help protect specific DBMSs according to their functionality. You can create and enable custom rules that determine how to handle statements received by the DBMS. Rules can allow statements that match (whitelist), or they can be used to generate alerts regarding statements that do not match the policy (blacklist). A rule can also be used to automatically close potentially dangerous sessions. Each rule consists of one or more comparator statements. Comparator statements are made up of Identifiers, Operators, and Literals.The relationship between multiple comparator statements is based on Boolean logic, using AND, OR, or NOT. You can define exceptions to a rule that does not allow certain conditions by creating an Allow rule for the exception and placing it before the rule in the Rules list. You can also create an exception within the rule itself. Create a custom rule You can create custom rules based on the needs of your organization. For example, you can monitor access to sensitive tables in an HR DBMS, or you can protect against the use of SQL query tools that are not allowed on your production databases. Before you begin Before attempting to create custom rules, we recommend that you familiarize yourself with Application Mapping, which can save time when you create custom rules. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b From the Category drop-down list, select Custom Rules. 2 Click the default vpatch rule policy or a duplicate policy to display the list of vpatch rules. 3 On the Custom Rules policy page, click Create New Rule. 4 In the Name field, enter a name for the rule. 5 Under Rule text, enter the comparator statements that make up the conditions of the rule. 6 Under Monitoring source, set the sources of information used to determine compliance with this rule: Auto (All) The sources of information are detected and sampled automatically. All All available sources of information are used. Memory Information is collected by memory sampling. Network Information is collected from network traffic. McAfee Database Activity Monitoring Product Guide 27

28 3 Policy configuration Custom rules 7 (Optional) Under Exceptions, click Add Exception to display the rule exceptions section. In the text box that appears, enter the comparator statements that define the exception. 8 UnderActions, set the action to be taken when the rule conditions are met. 9 (Optional) Under Tags, add tags as needed. 10 (Optional) Under Comments, enter information for future reference. 11 Select Enable Rule to enable the rule. 12 Click Save. See also Rule syntax on page 31 Rule examples on page 33 Remove a custom rule You can remove a rule from the Custom Rules list. For option definitions, click? in the interface 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b c From the Category drop-down list, select Custom Rules. Select a Custom Rules policy to display its list of rules. 2 In the Custom Rules policy page, select the rule that you want to remove, then click Actions Remove rule. 3 When prompted for confirmation, click OK. Change rule order The order of the rules in the Custom Rules policy is important. The first rule that is matched is the rule that is applied to the statement. If a statement does not match any of the existing rules, the statement is allowed. 1 Click Menu Policy Policy Catalog, then: a From the Product drop-down list, select Database Activity Monitoring. b c From the Category drop-down list, select Custom Rules. Select a Custom Rules policy to display its list of rules. 2 In the Custom Rules policy page, select the rule that you want to reposition in the policy, then click Actions Place New Location. 3 Set the location of the rule in the list, then click OK. 28 McAfee Database Activity Monitoring Product Guide

29 Policy configuration Rule objects 3 Copy a custom rule to another policy You can copy a rule from one custom rule policy to another. This save you time if you need to include it in more than one custom rule policy. 1 In the Custom Rules policy page, select the rule that you want to copy to another policy, then click Actions Copy Rules to Another Policy. 2 Select the policy where you want to add the rule, then OK. Rule objects Rule objects are components that can be used in defining dynamic rules. These components are helpful when working with Allow rules. For example, you can use a rule object in the definition of a rule intended to allow a specific range of IP addresses. McAfee DAM comes with several predefined rule objects. These predefined objects are used in the predefined rules and are listed on the Policy Rule Objects page. You can add rule objects to the global rule object policy. Rule objects can also be populated by different methods such as LDAP queries and DVM checks. All rule objects are included in all rule object policies. You can edit the rule object values in duplicated policies. Rule objects are managed on the Policy Rule Objects page. Define rule objects You add rule objects to the global Rule Objects policy. The rule objects can then be used as components in rules. 1 Click Menu Policy Rule Objects, then click Actions New Object. 2 Configure these parameters: Name The name of the rule object (must be in English without spaces). Type The type of identifier for the rule object. Value The object value (according to the selected type), which can be manually input or automatically uploaded (see Dynamic Value ). Comment A brief comment or description. Dynamic Value Automatically uploads the object values based on the selected option. Static Uploads a list of values from an existing CSV file, enter the file location in the File upload field or click Browse to locate and select the file, then click Upload CSV File. LDAP Enables the use of LDAP Security groups for this rule object. Select the server, enter the fully qualified name of the LDAP Group, then click Add. McAfee Database Activity Monitoring Product Guide 29

30 3 Policy configuration Rule objects Click Show values to view the uploaded values in the Value text box. The use of dynamic LDAP objects is available only if LDAP server is configured in the Menu Configuration Registered Servers page. The DVM option uploads the object values based on an object that was created from a DVM result. It is not enabled here. The use of dynamic LDAP objects is available only if LDAP server is configured in the Menu Configuration Registered Servers page. The rule object is automatically added to the list of available values according to Identifier type and can be used in rule definitions. Edit rule object properties You can view and edit the properties of a rule object. 1 Click Menu Policy Rule Objects. 2 Select the rule object, then click Actions Edit Properties. 3 On the Rule Object page, edit the parameters, then click Save. Remove rule objects You can remove a rule object provided that it is not in use in an existing rule. 1 Click Menu Policy Rule Objects. 2 Select at least one rule object, then click Actions Remove Rule Objects. 3 When prompted for confirmation, click Yes. Configure dynamic DVM objects You can configure a dynamic rule object based on the findings of a McAfee Vulnerability Manager for Databases vulnerability scan. If you are adding the object to the global Rule Objects policy, you can create a new rule object or override a selected rule object. 1 Click Menu Reporting DVM Events, then click the name of the event. 2 Click Actions Set Rule Object. This option is available only if data appears in the data set table. 3 Select the policy where you want to add the rule object. 30 McAfee Database Activity Monitoring Product Guide

31 Policy configuration Rule syntax 3 4 Select one of these options: New Object Creates a new object in the global Rule Objects policy. This option is enabled if Global Rule Object Policy is selected. Override Object Overrides the settings of an existing rule object. 5 Under Pattern, set the type of values to fetch and how they appear in the rule object by selecting at least one option (Type, Username or Lock). The syntax for the value appears in the text box. 6 Click OK. Rule syntax Each rule consists of one or more comparator statements, which are made up of Identifiers, Operators and Literals. The relationship between multiple comparator statements is based on Boolean logic, using AND, OR, or NOT. Comparator statements can be grouped using parentheses. If parentheses are not used, the order of precedence is: 1 NOT 2 AND 3 OR Identifiers Three basic types of identifiers are used in rule comparator statements. Identifier type Description String-based Number-based Enumerated Types that are matched against strings. Types that can be translated into a number representation. Numbers can be in a specific range. Number-based types can be enforced to equal only a fixed set of constants. Types that represent a fixed set of constants that cannot be translated into a number representation. McAfee DAM supports these identifiers. All rules are case-insensitive. An identifier can be specified in lowercase, uppercase, or a combination of both. For example: user, User, USER, and user are all legal for the user identifier. Constant values are case-insensitive, so SUNDAY and SunDAy are equivalent. Identifier Type Description action string The application action. application string The application used to connect to the DBMS. client_appl_name string The Sybase client application name. (Sybase only) client_host_name string The Sybase client host name. (Sybase only) client_name string The Sybase client name. (Sybase only) clientid string The application set clientid accessing the DBMS. (Oracle only) cmdtype string An action the statement is trying to perform, for example, select. McAfee Database Activity Monitoring Product Guide 31

32 3 Policy configuration Rule syntax Identifier Type Description context_info string Microsoft SQL context information. (Microsoft SQL only) date error_code number The date the statement is executed. The date must be in the form MM/DD/YY (US date format), for example 1/25/07. number The error code returned by the DBMS (for example, when the user is trying to access a table that does not exist). exec_user string If a user logs on to an application and then changes to another user, the exec_user is the new user. host string The domain name of the connecting application. hour number The hour when the statement is executed. The hour must be in the form HH[:MM] where HH is in the range of 0 23 and MM in the range of Note the minutes setting is optional. inflow string The inflow PL/SQL object that originated the current executing statement. Same format as object. inflowsql string The SQL statement part that originated the current executing command. instance string The instance where the execution takes place. In Oracle, this value is the SID of the database instance. In Sybase, this value is the instance name. In MS SQL, it is the full instance name including the host (for example: MYHOST\SQLSERVER). ip number The IP address where the statement is executed. IP addresses must be in the form of: XXX.XXX.XXX.XXX (single IP address) or XXX.XXX.XXX.XXX/YYY.YYY.YYY.YYY (IP with subnet). Each IP address is validated by McAfee DAM to prevent errors. module string The application set module. month number The month when the statement is executed: JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER. Alternatively, the short form of month name is also supported for example: JAN. nethost string The host name of the network (this might differ from the host name reported for an application). Applicable only when network monitoring is enabled. netip number The IP address of the network (this might differ from the IP address reported for an application). Applicable only when network monitoring is enabled. object string The DBMS object being accessed. Supports syntax of the form [owner.]objectname. DBMS objects include tables, triggers, and stored procedures. In Oracle, the format is owner.objectname; in MS SQL, and Sybase it is database.owner.objectname. osuser string The operating system user. schema string The default schema of the session. session_state string session_state=new_session for monitoring session logons session_state=end_session for logoffs session_state=new_login and session_state=end_login for monitoring change of user during transaction execution (specifically for Microsoft SQL Server) session_state=change_schema for monitoring changes in schema during the session (Oracle only) session_state=execute for all other statements statement string The raw statement sent to the server. 32 McAfee Database Activity Monitoring Product Guide

33 Policy configuration Rule syntax 3 Identifier Type Description terminal string The machine where the user is logged on. user string The DBMS user that is accessing the DBMS. See also exec_user. version_mssql version_oracle version_sybase number The Microsoft SQL version. For example, version_mssql = for the relevant version of MS SQL 2005 (rarely used). number The full 5-digit oracle version. For example, (rarely used). number The Sybase particular version. For example, version_sybase = 12.5 or later (rarely used). weekday value The day of the week when the statement is executed: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY. Alternatively, the short form is also supported, for example, TUE. Operators McAfee DAM supports these operators. Operator Description = Equals (all types) < Less than (all types) > Greater than (number types only) <= Less than or equal to (number types only) >= Greater than or equal to (number types only) <> Not equal to (all types) (not)?like Compare to a string supporting the % character as a symbol to any string (string types only) (not)?between Check if an identifier is between two values (number types only) (not)?in Check if an identifier is in a list of values (all types) (not)?matches Perform a regular expression match (string types only) (not)?contains Perform a simple and fast string match (string types only) length When inserted before an identifier, indicates a condition on the field's length. For example: "length statement > 1024" catches statements longer than 1024 bytes. "length user < 10" catches SQL statements where a DB user name length is shorter than 10 characters. Rule examples These examples illustrate the rule syntax. More examples are provided in the Custom Rules Rule Examples template. Example 1 OSUSER = 'mycompany\john' AND APPLICATION CONTAINS 'sqlplus' AND HOST = 'johnlaptop.localdomain' AND IP = Action: Allow This rule allows John to use SQL*Plus from his station (defined by host name and IP address), thereby bypassing many rules that come later, such as preventing SQL*Plus from being used. McAfee Database Activity Monitoring Product Guide 33

34 3 Policy configuration Rule syntax Example 2 APPLICATION CONTAINS 'sqlplus' OR APPLICATION CONTAINS 'toad' Action: Log-high, terminate This rule blocks any access by the applications Toad or SQL*Plus. It logs an alert with high severity. Example 3 STATEMENT CONTAINS 'emps' Action: log-medium This example assumes that the emps.* columns include sensitive data that require protection, and that emps.salary and emps.cc are particularly sensitive. This rule provides an alert every time a SQL statement includes the string emps. This rule alerts on any attempt to access columns containing the name emps (as well as any SQL statement component that includes the string emps). Even when the user is not actually accessing the objects (for example, the DBMS prohibits access based on authorization rules), this rule generates alerts (in contrast to using object, see example 4). Example 4 OBJECT = 'emps.salary' OR OBJECT = 'emps.cc' Action: Log-high This example assumes that the tables emps.salary and emps.cc are particularly sensitive. This rule provides a high-level alert each time the specified objects are accessed. An alert appears whether the object is accessed via a view, a stored procedure, a trigger, or another database. In this case, if the DBMS successfully restricts the user from accessing the objects, an alert is not generated because the object is not accessed. Example 5 Statement contains 'drop session' Alert low Statement contains 'alter DBMS' Alert low Statement contains 'drop table' Alert low Statement contains 'grant' Alert low Statement contains 'grant dba' Alert medium Statement contains 'grant sysdba' Alert medium Statement contains 'noaudit' and osuser <> 'mycompany\johnd' Alert high Action: Alert-high In this example, the user receives alerts when various DDL commands are executed when someone other than the database administrator attempts to stop auditing. 34 McAfee Database Activity Monitoring Product Guide

35 Policy configuration DAM server configuration 3 DAM server configuration The DAM server configuration includes the archiving and logging settings, external interface settings, licensed components, and advanced settings. Edit DAM server settings You can modify the DAM server settings Server Settings page, for example, to change the external interface settings. 1 Click Menu Configuration Server Settings, then select Database Activity Monitoring. 2 Edit the settings as needed, then click Save. DAM server settings Table 3-1 Archive settings Option Enable Archive Directory Path Rolling Interval Definition Select this option to enable saving of events in an archive. The full path to the location of the archive. The time period covered by each archive file (hourly or daily). Table 3-2 Syslog settings Option Enable Syslog Host Port Transport Maximum Packet Length Facilities Format Definition Select this option to enable syslog to monitor events. The IP address of the host where the syslog resides. The port to be used for syslog communications. The transport type for connecting with the syslog server. The maximum length of a packet in the syslog. The syslog facilities. The file type to be used for the syslog (CSV, Sentinel, or Custom). Table 3-3 Windows Event Log settings Option Enable Windows Event Log Host Format Definition Select this option to enable the Windows Event Log to monitor events. The IP address of the host where the Windows Event Log resides (read-only). The file type to be used for the Windows Event Log (CSV, Sentinel, or Custom). Table 3-4 Log to File settings Option Enable Log to File Directory Path Rolling Interval Delete Files Older than Format Definition Select this option to enable saving of events in a file. The full path to the location of the log file. The time period covered by each log (hourly or daily). The number of days after which the log file is deleted. The file type of the log file (CSV, CEF, Sentinel, or Custom). McAfee Database Activity Monitoring Product Guide 35

36 3 Policy configuration DAM server configuration Table 3-5 Licensing and Advanced settings Option Upload License License Component Name License Type Expiration Date Advanced Properties Key Value Definition Click Browse to locate and select a license key, then click Upload. The name of the licensed component. The type of license. The date the license is set to expire. Consult with McAfee support before modifying these properties. The name of the key. The value assigned to the key. 36 McAfee Database Activity Monitoring Product Guide

37 4 Database 4 monitoring configuration McAfee DAM enables you to configure the monitoring settings for individual DBMSs and DBMS clusters. Contents Database monitoring View DBMS details View DBMSs attached to sensor Manage DBMS clusters Disable monitoring Edit alternative connection Merge DBMSs Recalculate DBMS policies Reset application mapping Clone DBMS Add a DBMS Database monitoring McAfee Database Activity Monitoring works within McAfee epo to monitor and manage database activity for multiple databases. Once a McAfee DAM sensor is installed, all detected databases are added to the System Tree. You can also manually add or import databases. View DBMS details You can view the detailed properties of a DBMS, including monitoring settings, application mapping settings, and policy timestamps. 1 Click Menu Systems System Tree, then select the Systems tab. 2 Click the name of the DBMS where the sensor is deployed to display the DBMS properties page, then click the DBMS Details tab. View DBMSs attached to sensor You can view a list of the DBMSs attached to a specific sensor. The DBMSs attached to a sensor are affected when changes are made to the DAM Sensor Configuration policy. McAfee Database Activity Monitoring Product Guide 37

38 4 Database monitoring configuration Manage DBMS clusters 1 Click Menu Systems System Tree, then select the Systems tab. 2 Select the system where the sensor is deployed, then click the DBMS Details tab. The DBMSs attached to the sensor are listed. You can click a DBMS name to view its detailed properties. Manage DBMS clusters DBMSs can be grouped into clusters, enabling you to handle two DBMSs as a single managed system. All DBMSs in a cluster are managed and reported by the same DBMS entry. DBMS clustering also enables the implementation of Active-Passive or Active-Active failover. s Cluster DBMSs on page 38 You can select multiple DBMSs and group them into a single cluster. This is useful when several nodes of the same DBMS cluster are detected, and you want to manage them as a single DBMS. Change DBMS cluster type on page 39 You can change the type of failover that is implemented on the database instances in a cluster. Break DBMS cluster on page 39 You can ungroup the databases in a DBMS cluster so that they are no longer treated as a single DBMS. Cluster DBMSs You can select multiple DBMSs and group them into a single cluster. This is useful when several nodes of the same DBMS cluster are detected, and you want to manage them as a single DBMS. 1 Click Menu Systems System Tree, then select the Systems tab. 2 Select at least one database of the type you want to include in the cluster, then click Actions Database Monitoring Cluster DBMSs. 3 On the Cluster DBMSs page, select the databases to include in the cluster, then click Actions Create Cluster. 4 On the Create cluster page, set these cluster properties: Cluster Type The type of failover clustering to implement: Active-Passive One active database instance runs at a time, with the second instance remaining idle. If failover occurs, the idle instance takes over for the database that is down. Active-Active Two separate database instances run at the same time in the cluster. If failover occurs, the remaining instance handles the requests of both database instances. 38 McAfee Database Activity Monitoring Product Guide

39 Database monitoring configuration Disable monitoring 4 Remove Merged DBMSs from System Tree The databases that are contained in the cluster are merged into a single entry in the System Tree and the individual nodes are removed. 5 Click OK. A cluster containing the selected databases is created. Change DBMS cluster type You can change the type of failover that is implemented on the database instances in a cluster. 1 Click Menu Systems System Tree, then select the Systems tab. 2 Select the database cluster, then click Actions Database Monitoring Change Cluster Type. 3 Select the required cluster type (Active Passive or Active-Active), then click OK. Break DBMS cluster You can ungroup the databases in a DBMS cluster so that they are no longer treated as a single DBMS. 1 Click Menu Systems System Tree, then select the Systems tab. 2 Select the database cluster, then click Actions Database Monitoring Break DBMS Cluster. 3 When prompted for configuration, click Yes. Disable monitoring You can disable the default Monitoring Configuration policy for selected databases. For example, the databases discovered by the sensor might include databases outside the required auditing scope. Disabling the Monitoring Configuration policy does not affect the enforcement of other types of policies (DBMS sensor configuration, vpatch rules, and custom rules). 1 Click Menu Systems System Tree, then select the Systems tab. 2 Select the databases where you want to disable monitoring, then click Actions Database Monitoring Disable Monitoring. 3 When prompted for confirmation, click OK. McAfee Database Activity Monitoring Product Guide 39

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Content Security Reporter 2.0.0

McAfee Content Security Reporter 2.0.0 Product Guide Revision A McAfee Content Security Reporter 2.0.0 For use with epolicy Orchestrator 4.6.5 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 Upgrade Guide McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee MOVE AntiVirus Multi-Platform 3.5.0 Product Guide McAfee MOVE AntiVirus Multi-Platform 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Endpoint Security 10.0.0 Software

McAfee Endpoint Security 10.0.0 Software Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without

More information

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Product Guide. McAfee Endpoint Protection for Mac 2.1.0 Product Guide McAfee Endpoint Protection for Mac 2.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2010

Setup Guide. Email Archiving for Microsoft Exchange Server 2010 Setup Guide Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2007

Setup Guide. Email Archiving for Microsoft Exchange Server 2007 Setup Guide Email Archiving for Microsoft Exchange Server 2007 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2003

Setup Guide. Email Archiving for Microsoft Exchange Server 2003 Setup Guide Email Archiving for Microsoft Exchange Server 2003 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee SaaS Email Archiving

McAfee SaaS Email Archiving User Guide McAfee SaaS Email Archiving COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6 Integration Guide Manager for use with epolicy Orchestrator 4.6 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee SiteAdvisor Enterprise 3.5 Patch 2 Installation Guide McAfee SiteAdvisor Enterprise 3.5 Patch 2 For use with epolicy Orchestrator 4.5, 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Endpoint Encryption for PC 7.0

McAfee Endpoint Encryption for PC 7.0 Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee Data Loss Prevention 9.3.0

McAfee Data Loss Prevention 9.3.0 Product Guide Revision E McAfee Data Loss Prevention 9.3.0 For use with epolicy Orchestrator 4.5, 4.6, 5.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Content Security Reporter 1.0.0 Software

McAfee Content Security Reporter 1.0.0 Software Product Guide Revision A McAfee Content Security Reporter 1.0.0 Software For use with epolicy Orchestrator 4.6.2 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee VirusScan and epolicy Orchestrator Administration Course McAfee VirusScan and epolicy Orchestrator Administration Course Intel Security Education Services Administration Course Training The McAfee VirusScan and epolicy Orchestrator Administration course from

More information

McAfee Asset Manager Console

McAfee Asset Manager Console Installation Guide McAfee Asset Manager Console Version 6.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Product Guide Revision A. McAfee Web Reporter 5.2.1

Product Guide Revision A. McAfee Web Reporter 5.2.1 Product Guide Revision A McAfee Web Reporter 5.2.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software Installation Guide McAfee VirusScan Enterprise for Linux 1.9.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Product Guide. McAfee Endpoint Security 10

Product Guide. McAfee Endpoint Security 10 Product Guide McAfee Endpoint Security 10 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE,

More information

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 Setup Guide Revision B McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Enterprise Mobility Management 11.0 Software

McAfee Enterprise Mobility Management 11.0 Software Product Guide McAfee Enterprise Mobility Management 11.0 Software For use with epolicy Orchestrator 4.6.5-5.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release) Product Guide McAfee SaaS Endpoint Protection (October, 2012 release) COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software Product Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Setup Guide Revision A. WDS Connector

Setup Guide Revision A. WDS Connector Setup Guide Revision A WDS Connector COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee

More information

McAfee Directory Services Connector extension

McAfee Directory Services Connector extension Getting Started Guide Revision A McAfee Directory Services Connector extension For use with epolicy Orchestrator 4.6.1 through 5.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission.

More information

McAfee Endpoint Encryption for Files and Folders 4.2

McAfee Endpoint Encryption for Files and Folders 4.2 Product Guide McAfee Endpoint Encryption for Files and Folders 4.2 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release.

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release. Product Guide McAfee Help Desk 2.0 Software About Help Desk McAfee Help Desk is an extension installed in McAfee epolicy Orchestrator (McAfee epo ). Administrators use McAfee Help Desk to issue challenge/response

More information

The client transfer between epo servers guide. McAfee Drive Encryption 7.1.3

The client transfer between epo servers guide. McAfee Drive Encryption 7.1.3 The client transfer between epo servers guide McAfee Drive Encryption 7.1.3 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

Administration Guide Revision E. Account Management. For SaaS Email and Web Security

Administration Guide Revision E. Account Management. For SaaS Email and Web Security Administration Guide Revision E Account Management COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

McAfee Client Proxy 1.0.0 Software

McAfee Client Proxy 1.0.0 Software Product Guide McAfee Client Proxy 1.0.0 Software For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the

More information

McAfee Client Proxy 2.0

McAfee Client Proxy 2.0 Product Guide Revision B McAfee Client Proxy 2.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

Release Notes for McAfee epolicy Orchestrator 4.5

Release Notes for McAfee epolicy Orchestrator 4.5 Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator

More information

McAfee EETech for Mac 6.2 User Guide

McAfee EETech for Mac 6.2 User Guide McAfee EETech for Mac 6.2 User Guide COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software Product Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Solidcore 5.1.0 Product Guide

McAfee Solidcore 5.1.0 Product Guide McAfee Solidcore 5.1.0 Product Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager NetSuite Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide McAfee Optimized Virtual Environments - Antivirus for VDI Installation Guide COPYRIGHT Copyright 2010-2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide McAfee epolicy Orchestrator 4.5 Cluster Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in

More information

McAfee Host Intrusion Prevention 8.0.0 Patch 6 Software

McAfee Host Intrusion Prevention 8.0.0 Patch 6 Software Release Notes McAfee Host Intrusion Prevention 8.0.0 Patch 6 Software For Windows For use with McAfee epolicy Orchestrator Contents About this release New features Resolved issues Installation instructions

More information

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software Installation Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Enterprise Security Manager 9.3.2

McAfee Enterprise Security Manager 9.3.2 Release Notes McAfee Enterprise Security Manager 9.3.2 Contents About this release New features for 9.3.2 Upgrade instructions for 9.3.2 Find product documentation About this release This document contains

More information

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide McAfee Endpoint Security for Mac Threat Prevention 10.1.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

epolicy Orchestrator Log Files

epolicy Orchestrator Log Files Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

More information

Virtualization Guide. McAfee Vulnerability Manager Virtualization

Virtualization Guide. McAfee Vulnerability Manager Virtualization Virtualization Guide McAfee Vulnerability Manager Virtualization COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Policy Auditor 6.2.0 software Installation Guide

McAfee Policy Auditor 6.2.0 software Installation Guide McAfee Policy Auditor 6.2.0 software Installation Guide COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Performance Optimizer 1.0.0 Software

Performance Optimizer 1.0.0 Software Product Guide Performance Optimizer 1.0.0 Software For use with epolicy Orchestrator 4.6.6-5.1.1 Introduction The Performance Optimizer analyzes the performance of your McAfee epolicy Orchestrator (McAfee

More information

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables

More information

Product Guide. McAfee epolicy Orchestrator 4.6.0 Software

Product Guide. McAfee epolicy Orchestrator 4.6.0 Software Product Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

McAfee Policy Auditor 6.2.0 software

McAfee Policy Auditor 6.2.0 software McAfee Policy Auditor 6.2.0 software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule Addendum McAfee Application Control and Change Control 6.1.1 About this release For use with epolicy Orchestrator 4.6 5.0 Software This document is an addendum to the McAfee Change Control and Application

More information

Product Guide. McAfee Vulnerability Manager 7.5

Product Guide. McAfee Vulnerability Manager 7.5 Product Guide McAfee Vulnerability Manager 7.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

Product Guide. McAfee Application Control 6.1.0

Product Guide. McAfee Application Control 6.1.0 Product Guide McAfee Application Control 6.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot,

More information

Best Practices Guide. McAfee epolicy Orchestrator 5.0.0 Software

Best Practices Guide. McAfee epolicy Orchestrator 5.0.0 Software Best Practices Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software User Guide FIPS Mode For use with epolicy Orchestrator 4.6.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

McAfee Certified Product Specialist McAfee epolicy Orchestrator

McAfee Certified Product Specialist McAfee epolicy Orchestrator McAfee Certified Product Specialist McAfee epolicy Orchestrator Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 3 Recommended Exam Preparation 4 Exam Objectives

More information

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement Change Reconciliation and Ticket-based Enforcement COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Release Notes McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software

Release Notes McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software Release s McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software About this document New features System Requirements Supported Upgrades Installing and verifying

More information

McAfee MOVE AntiVirus (Agentless) 3.6.0

McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide McAfee MOVE AntiVirus (Agentless) 3.6.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Best Practices Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software

Best Practices Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software Best Practices Guide Revision B McAfee epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

Product Guide Revision A. McAfee Data Loss Prevention Endpoint 9.3.0

Product Guide Revision A. McAfee Data Loss Prevention Endpoint 9.3.0 Product Guide Revision A McAfee Data Loss Prevention Endpoint 9.3.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

McAfee Optimized Virtual Environments for Servers. Installation Guide

McAfee Optimized Virtual Environments for Servers. Installation Guide McAfee Optimized Virtual Environments for Servers Installation Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Policy Auditor 6.0 software Product Guide for epolicy Orchestrator 4.6

McAfee Policy Auditor 6.0 software Product Guide for epolicy Orchestrator 4.6 McAfee Policy Auditor 6.0 software Product Guide for epolicy Orchestrator 4.6 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee VirusScan Enterprise for Storage 1.1.0

McAfee VirusScan Enterprise for Storage 1.1.0 Product Guide McAfee VirusScan Enterprise for Storage 1.1.0 For use with epolicy Orchestrator 4.5.7, 4.6.x, 5.0.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

HP Server Automation Enterprise Edition

HP Server Automation Enterprise Edition HP Server Automation Enterprise Edition Software Version: 10.0 User Guide: Server Patching Document Release Date: June 13, 2013 Software Release Date: June 2013 Legal Notices Warranty The only warranties

More information

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software Installation Guide Revision B McAfee epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

McAfee Security for Microsoft SharePoint 2.5.0 User Guide

McAfee Security for Microsoft SharePoint 2.5.0 User Guide McAfee Security for Microsoft SharePoint 2.5.0 User Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

Installation Guide. McAfee SaaS Endpoint Protection

Installation Guide. McAfee SaaS Endpoint Protection Installation Guide McAfee SaaS Endpoint Protection COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installation Guide. McAfee Vulnerability Manager 7.5

Installation Guide. McAfee Vulnerability Manager 7.5 Installation Guide McAfee Vulnerability Manager 7.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism,

More information

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Desktop Release Notes. Desktop Release Notes 5.2.1

Desktop Release Notes. Desktop Release Notes 5.2.1 Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Installation Guide. McAfee SaaS Endpoint Protection 6.0

Installation Guide. McAfee SaaS Endpoint Protection 6.0 Installation Guide McAfee SaaS Endpoint Protection 6.0 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Authoring for System Center 2012 Operations Manager

Authoring for System Center 2012 Operations Manager Authoring for System Center 2012 Operations Manager Microsoft Corporation Published: November 1, 2013 Authors Byron Ricks Applies To System Center 2012 Operations Manager System Center 2012 Service Pack

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise McAfee DAT Reputation Implementation Guide Version 1.0 for Enterprise McAfee DAT Reputation... 2 What is McAfee DAT Reputation?... 2 Rollout phases: Elective Download, AutoUpdate & AutoEnable... 3 DAT

More information

Administration Guide Revision A. SaaS Email Protection

Administration Guide Revision A. SaaS Email Protection Administration Guide Revision A SaaS Email Protection COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances Administrators Guide Revision A McAfee Email Gateway 7.5.0 Appliances COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

McAfee Host Intrusion Prevention 8.0 Product Guide for use with epolicy Orchestrator 4.5

McAfee Host Intrusion Prevention 8.0 Product Guide for use with epolicy Orchestrator 4.5 McAfee Host Intrusion Prevention 8.0 Product Guide for use with epolicy Orchestrator 4.5 COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6 New Deployments Only Windows Deployment 1 Table of Contents 1 Introduction 4 1.1 System requirements 4 1.2 High level process 5 1.3 Troubleshooting

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

McAfee Total Protection Service Installation Guide

McAfee Total Protection Service Installation Guide McAfee Total Protection Service Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Anti-Spyware Enterprise Module software

Anti-Spyware Enterprise Module software Anti-Spyware Enterprise Module software version 8.0 Guide What is the Anti-Spyware Enterprise Module? The McAfee Anti-Spyware Enterprise Module is an add-on to the VirusScan Enterprise 8.0i product that

More information

Embarcadero DB Change Manager 6.0 and DB Change Manager XE2

Embarcadero DB Change Manager 6.0 and DB Change Manager XE2 Product Documentation Embarcadero DB Change Manager 6.0 and DB Change Manager XE2 User Guide Versions 6.0, XE2 Last Revised April 15, 2011 2011 Embarcadero Technologies, Inc. Embarcadero, the Embarcadero

More information

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Security Information Event Management (SIEM) Administration Course 101 McAfee Security Information Event Management (SIEM) Administration Course 101 Intel Security Education Services Administration Course The McAfee SIEM Administration course from McAfee Education Services

More information

McAfee Endpoint Encryption for PC 6.2

McAfee Endpoint Encryption for PC 6.2 EETech User Guide McAfee Endpoint Encryption for PC 6.2 For use with epolicy Orchestrator 4.5, 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Administration Guide. McAfee SaaS Email Archiving

Administration Guide. McAfee SaaS Email Archiving Administration Guide McAfee SaaS Email Archiving COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism,

More information

Enforcive /Cross-Platform Audit

Enforcive /Cross-Platform Audit Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)

More information

Administration Guide Revision E. SaaS Email Protection

Administration Guide Revision E. SaaS Email Protection Administration Guide Revision E SaaS Email Protection COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

McAfee Database Security. Dan Sarel, VP Database Security Products

McAfee Database Security. Dan Sarel, VP Database Security Products McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing

More information

Product Guide. McAfee Security for Microsoft SharePoint 3.0.0

Product Guide. McAfee Security for Microsoft SharePoint 3.0.0 Product Guide McAfee Security for Microsoft SharePoint 3.0.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Endpoint Encryption 7.0

McAfee Endpoint Encryption 7.0 Product Guide McAfee Endpoint Encryption 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee

More information

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation

More information

IBM Information Server

IBM Information Server IBM Information Server Version 8 Release 1 IBM Information Server Administration Guide SC18-9929-01 IBM Information Server Version 8 Release 1 IBM Information Server Administration Guide SC18-9929-01

More information