McAfee Enterprise Security Manager 9.3.2



Similar documents
McAfee Security Information Event Management (SIEM) Administration Course 101

Data Center Connector for OpenStack

Product Guide. McAfee Enterprise Security Manager 9.4.0

McAfee Endpoint Encryption for PC 7.0

McAfee Content Security Reporter 2.0.0

Data Center Connector for vsphere 3.0.0

McAfee Directory Services Connector extension

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

Product Guide Revision A. McAfee Web Reporter 5.2.1

Setting up Microsoft Office 365

Juniper Networks Management Pack Documentation

McAfee Database Activity Monitoring 5.0.0

McAfee Asset Manager Console

McAfee VirusScan and epolicy Orchestrator Administration Course

Setting up Microsoft Office 365

F-Secure Messaging Security Gateway. Deployment Guide

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Performance Optimizer Software

NetApp Storage System Plug-In for Oracle Enterprise Manager 12c Installation and Administration Guide

McAfee Web Gateway 7.4.1

User's Guide. Product Version: Publication Date: 7/25/2011

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Installing and Configuring vcloud Connector

Configuring Security for FTP Traffic

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Spector 360 Deployment Guide. Version 7

Copyright 2012 Trend Micro Incorporated. All rights reserved.

After you have created your text file, see Adding a Log Source.

McAfee Content Security Reporter Software

McAfee MOVE AntiVirus Multi-Platform 3.5.0

TSM Studio Server User Guide

Release Notes McAfee Risk Advisor Software For use with epolicy Orchestrator and Software

vrealize Operations Manager Customization and Administration Guide

McAfee Public Cloud Server Security Suite

LogLogic Trend Micro OfficeScan Log Configuration Guide

IBM Security SiteProtector System Configuration Guide

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

OnCommand Performance Manager 1.1

Reference and Troubleshooting: FTP, IIS, and Firewall Information

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release.

McAfee VirusScan Enterprise for Linux Software

User Management Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

About this release. McAfee Application Control and Change Control Addendum. Content change tracking. Configure content change tracking rule

Setup Guide Revision A. WDS Connector

Video Administration Backup and Restore Procedures

FTP, IIS, and Firewall Reference and Troubleshooting

Application Performance Monitoring for WhatsUp Gold v16.1 User Guide

Setup Guide Revision B. McAfee SaaS Archiving for Microsoft Exchange Server 2010

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

Product Guide Revision A. McAfee Secure Web Mail Client Software

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

WatchDox Administrator's Guide. Application Version 3.7.5


Spector 360 Deployment Guide. Version 7.3 January 3, 2012

HP Device Manager 4.6

Creating a Content Group and assigning the Encrypt action to the Group.

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

McAfee Enterprise Mobility Management 11.0 Software

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

Symantec Security Information Manager 4.6 Administrator's Guide

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

McAfee Network Security Platform Administration Course

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

epolicy Orchestrator Log Files

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

vcenter Operations Management Pack for SAP HANA Installation and Configuration Guide

Direct Storage Access Using NetApp SnapDrive. Installation & Administration Guide

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

RSA Event Source Configuration Guide. Microsoft Internet Information Services

HP A-IMC Firewall Manager

McAfee Host Intrusion Prevention Patch 6 Software

VMware Identity Manager Administration

Integrating with IBM Tivoli TSOM

Avaya Network Configuration Manager User Guide

Velocity Web Services Client 1.0 Installation Guide and Release Notes

Setup Guide. Archiving for Microsoft Exchange Server 2003

Installation Guide for Windows May 2016

Setup Guide. Archiving for Microsoft Exchange Server 2010

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

HP IMC Firewall Manager

Product Guide. McAfee epolicy Orchestrator Software

User Guide to the Snare Agent Management Console in Snare Server v7.0

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

SevOne NMS Download Installation and Implementation Guide

Plesk 11 Manual. Fasthosts Customer Support

McAfee epolicy Orchestrator Software

Product Guide. McAfee epolicy Orchestrator Software

McAfee Certified Product Specialist McAfee epolicy Orchestrator

Group Management Server User Guide

Application Performance Monitoring for WhatsUp Gold v16.2 User Guide

Sage Intelligence Financial Reporting for Sage ERP X3 Version 6.5 Installation Guide

Aspera Connect User Guide

Operating System Installation Guide

There are numerous ways to access monitors:

Moving the TRITON Reporting Databases

POLICY PATROL MFT. Manual

Transcription:

Release Notes McAfee Enterprise Security Manager 9.3.2 Contents About this release New features for 9.3.2 Upgrade instructions for 9.3.2 Find product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, contact the McAfee Beta Team at beta7@mcafee.com for the upgrade process. 1

New features for 9.3.2 This release of the product includes these new features. Feature Hadoop HBase Description McAfee ESM now provides a connector to the relational data source in Hadoop HBase, using the key-value pairs from the source for enrichment or watchlists. This data can be used in a watchlist. For example, it can be fed into alarms that trigger when values in the watchlist are found in new events. Additionally, the identity mapping in HBase can be pulled to a Receiver regularly to enrich events. Add a data enrichment source that uses Hadoop HBase as the data source: 1 On the system navigation tree, select System Properties, then click Data Enrichment. 2 On the Data Enrichment Wizard, fill in the fields on the Main tab, then click the Source tab. 3 In the Type field, select Hadoop HBase (REST), then type the host name, port, and name of the table. 4 On the Query tab, fill in the lookup column and query information: Format Lookup Column as columnfamily:columnname. Populate the query with a scanner filter, where the values are Base64 encoded. For example: <Scanner batch="1024"> <filter> { "type": "SingleColumnValueFilter", "op": "EQUAL", "family": " ZW1wbG95ZWVJbmZv", "qualifier": "dxnlcm5hbwu=", "latestversion": true, "comparator": { "type": "BinaryComparator", "value": "c2nhcgvnb2f0" } } </filter> </Scanner> 5 Complete the information on the Scoring, and Destination tabs. Add a watchlist using Hadoop HBase as the source: 1 On the system navigation tree, select the system and click the Properties icon, then click Watchlists. 2 On the Main tab of the Add Watchlist wizard, select Dynamic, enter the information requested, then click the Source tab. 3 Select Hadoop HBase (REST) in the Type field, then type the host name, port, and name of the table. 4 Fill in the information on the Query and Values tabs. Dynamic watchlist These source types have been added for dynamic watchlists: CIFS NFS FTP Oracle LDAP SCP MSSQL SFTP MySQL 2

Feature Active Directory font case Description When adding an Active Directory filter to a correlation rule, you are now asked to select its font case. The options are As Is, Lowercase, and Uppercase. The correlation engine then uses this case on the rule so it matches the Active Directory data. The default case setting is As Is. You can edit this setting on an existing rule: 1 On the McAfee ESM console, click the Policy Editor icon. 2 In the Rule Types pane, select Correlation, then click New Correlation Rule. 3 Click the menu on the Match Component or Deviation Component logical element, then click Edit. 4 Click the Active Directory you want to change, then click Edit. 5 On the Edit Filter Field page, click the variables icon, then click the Active Directory tab. 6 Click the Active Directory in the Group column, then click Add. 7 On the Active Directory Case Option page, select the case, then click OK. The case setting for the Active Directory is changed. ACE correlation managers You can now add multiple rule and risk correlation managers to a single ACE device, adding filters to define the events they each process. 1 On the system navigation tree, select the ACE and click the Properties icon, then click Correlation Management. 2 Click Add, then select the type of manager this is. 3 If you selected Rule Correlation, enter the requested information on the Main tab, then click the Filters tab and design the filters for the data. 4 If you selected Risk Correlation, enter the requested information on the Main, Fields, and Thresholds tabs. Click the Filters tab and design the filters for the data. McAfee Network Threat Response McAfee Network Threat Response is now supported on McAfee ESM. You can add it as a data source on your system: 1 On the system navigation tree, select the Receiver, then click the Add Data Source icon. 2 In the Data Source Vendor field, select McAfee. 3 In the Data Source Model field, select Network Threat Response. 4 Complete the information requested, then click OK. 3

Feature McAfee epolicy Orchestrator (McAfee epo ) device authentication Description Authentication is now required before using McAfee epo tagging or actions, or Real Time for McAfee epo. There are two types of authentication: Single global account If you belong to a group that has access to a McAfee epo device, you can use these features after entering the global credentials. Separate account for each device per user If you belong to a group with the required privileges, you can set up your own credentials to use these features. Global account authentication is the default setting. There are three things you must do to set up separate account authentication: 1 Ensure that you are in a group that has these privileges (System Properties Users and Groups): Access to a McAfee epo device Device Actions Device Management 2 Ensure that Require user authentication is selected on the Add Device Wizard when adding the McAfee epo device or when you set up its connection settings (epo Properties Connection). 3 Click options epo Credentials, select the device, then click Edit and type your credentials. When you use actions, tags, or Real Time for McAfee epo, use the selected method of authentication. If the credentials aren't found or are invalid, you are prompted to enter valid credentials, which you must save for future communication with this device. Running reports, data enrichment, and dynamic watchlists in the background through Real Time for McAfee epo uses the originally supplied McAfee epo credentials. Port and protocol names and raw numbers By default, event and flow port and protocol names are displayed. You can now choose to display raw numbers. 1 On the system navigation tree, select the system, then click the Properties icon. 2 Click ESM Management, then click Name Map on the Configuration tab. If you have upgraded to 9.3.2, all ports and protocols are selected by default. If you are not upgrading, only protocols are selected by default. 3 Deselect the ports and protocols that can display raw numbers instead of names, then click OK. 4

Feature Limited access group Description An option has been added to the privileges that you can assign to a group of users. When you select Limit access of this group, access to several of the features on McAfee ESM is limited. Alarms No access to alarm management recipients, files, or templates; can't create, edit, remove, enable, or disable alarms. Case Management Can access all features except Organization. ELM Can perform enhanced ELM searches; can't save ELM searches or access ELM device properties. Reports Can only run a report that emails them the output. Watchlists Can only add a static watchlist. Asset Manager and Policy Editor Can't access either of these features Zones Can only view zones they have access to in their list of zones. System Properties Can only access Reports and Watchlists. Filters Can't access String Normalization, Active Directory, Assets, Asset Groups, or Tags filter tabs Actions toolbar Can't access device management, multi-device management, or Event Streaming Viewer. 1 On the system navigation tree, select the system, then click the Properties icon. 2 Click Users and Groups, then type the system password. 3 Do one of the following: If the group is already set up, select it on the Group table, then click Edit. If you are adding a group, click Add next to the Groups table, then fill in the name and description and select the users. 4 Click Privileges, then select Limit access of this group. Several of the privileges become disabled. 5 Select the privileges that you want this group to have from the remaining list of privileges. 6 Click Devices, Zones, Group Time Restrictions, Reports, View, and Watchlists and select the settings for the group. On Reports, Views, and Watchlists, select the items the group can have access to. If the items are set to inherit their settings, the checkboxes are grayed out. To change that setting, click the items you to change, click Share, and deselect Inherit modify settings. Click one or more reports, views, or watchlists; click Share; then select which of the users or groups can have access to those items. The Share option is also available on the System Properties Reports and System Properties Watchlists pages. 5

Feature McAfee epo device queries Description You can now query multiple McAfee epo devices if they are integrated with Real Time for McAfee epo. Reports and views When setting up a report or view, you select the devices to be queried on the second page of the Query Wizard. The data generated is combined into a single result set. 1 On the Query Wizard, click the drop-down list, select Real Time for McAfee epo, then select the element or question for the query. 2 Click Next, click Devices, then select the McAfee epo devices to query. Combined results are only generated if the column headers match. The Question must return the same Elements. Data enrichment sources and watchlists When adding a Real Time for McAfee epo data enrichment source or watchlist, you select the devices on the Source tab after selecting Real Time for epo as the type. Real Time for epo dashboard You can run a query of multiple McAfee epo devices on the Real Time for McAfee epo dashboard view. 1 On the system navigation tree, select the McAfee epo devices to be queried. 2 On the view pane, select Real Time for epo from the drop-down list of available views. 3 In the Filters pane, select the elements and filters that produce the data you want. 4 Click the Run Query icon in the Filters pane to run the query. Streaming viewer Searches and filters Real Time for McAfee epo actions You can now see streaming events for McAfee epo and McAfee Network Security Manager (Manager) devices. To add a regular expression in a search or filter field, type regexp(https.*). You can apply case insensitivity to these regular expressions by typing regexp(/ https.*/i). Non-Indexed custom types are now displayed in the global Filters pane. You can only use them to filter by regular expressions. Execute Real Time for McAfee epo actions on the results of a Real Time for McAfee epo question from the ESM and component that displays an IP address in the view. 1 On the view pane of the ESM console, click the menu icon on a view component that shows the results of a Real Time for McAfee epo question. 2 Highlight Actions, then click Real Time for epo Actions. 3 On the Devices tab, select the McAfee epo devices to perform the action. 4 On the Actions tab, which lists the actions available for the selected devices, click an action. 5 On the Filters tab, specify a set of filters to apply to the question, then press Finish. Filters aren't available from the McAfee epo dashboard or components. When creating an alarm, you can set up an action by selecting Real Time for epo Actions on the Actions tab of the Alarm Settings wizard. 6

Upgrade instructions for 9.3.2 There are several steps you must take to prepare your system to upgrade to the 9.3.2 software release. When your system is ready, you can download the upgrade files for the ESM, Nitro IPS, ACE, ADM, Database Event Monitor (DEM), Receiver, ELMERC, ELM, and ESM/Receiver combo, then upgrade them in the order described. For information about installing the devices, see McAfee Enterprise Security Manager 9.3.0 Installation Guide. Tasks Download the upgrade files on page 10 When the system is ready to upgrade, download the upgrade files to your local system. Upgrade the system to 9.3.2 on page 11 When upgrading the ESM and its devices, do it in a specific order. The order is based on your mode. After you upgrade, rewrite the device settings and roll out the policy. Preparing to upgrade to 9.3.2 There are several things you must do before you can upgrade. Review the ESM checklist to make sure that the ESM and devices are in a good state before starting the upgrade. Make sure that the ESM database rebuild from a previous build (9.2.1 or later) is complete, and that you can schedule the appropriate outage window for this upgrade. Complete a database backup of the ESM before beginning the upgrade. Make sure that the soft raid subsystem is running with two active drives. If you are running ESM 4245R, 5205R, 5510R, or 5750R; ESMREC 4245R, 5205R, or 5510R; ESMLM 4245R, 5205R, or 5510R, issue the cat/proc/mdstat command in one of these ways: On the ESM console, click System Properties ESM Management Terminal, then click Write and type the command. SSH into the ESM. Connect a monitor and keyboard to the device. If the output looks like this, the raid is functioning properly and you can proceed with the upgrade: Personalities : [raid1] md_d127 : active raid1 sda[0](w) sdb[1](w) 488386496 blocks [2/2][UU] Unused devices: <none> The active drives are identified by [UU]. If it shows [_U] or [U_], a drive is not part of the raid. If so, contact McAfee Support before upgrading. Review this information and take the necessary steps before upgrading. 7

Type of information Device types supported Device removal Details The ESM, ESM/Event Receiver (ESMREC), or ESM/Log Manager (ENMELM) only communicates with 9.3.1 device models. To check the model of your device, issue the cat/proc/cpuinfo command in one of the three ways described previously. The output includes the CPU number on the model name line. The CPU must be one of the following: 1275 5450 2160 5645 2670 6300 3220 6400 5405 7500 5410 7542 5440 9400 Before upgrading the ESM, ESMREC, or ENMELM, all device models specified and virtual IPSs for the specified Nitro IPS models must be removed. If this isn't done, a message appears on the Login page and the message log stating that this problem occurred, and that the upgrade will fail. ESS will also fail to upgrade and notations are placed in the device message log. To remove a virtual IPS, select the device in the system navigation tree and click the Properties icon. Select Device Configuration Virtual Devices, then select the existing virtual devices and click Remove. Click Write to write the settings to the IPS. Roll out policy from the 9.3.2 ESM, ESMREC, or ENMELM to the IPS device or the IPS remains in bypass mode and no traffic is inspected. Rebuild time Upgrade paths Upgrade Receiver-HA devices Table rebuild time varies based on the ESM, ESMREC, or ENMELM. There are two ways to help speed up the upgrade of the ESM database: Set collection duration of events, flows, and logs to a longer pull time, allowing more time for the rebuild. On the ESM console, click System Properties Events, Flows & Logs, then set Auto check every. Turn off collection of events, flows, and logs until the rebuild finishes if the number of events and flows sent to the ESM is low. On the ESM console, click System Properties Events, Flows & Logs, then deselect Auto check every. This time variation is also true for all devices. The rebuild time for devices is around 45 minutes. You can upgrade to 9.3.2 directly from 9.2.1 or later. Versions before 9.2.1 must be upgraded following one of these paths: 7.x.x > 8.2.x > 8.3.x > 8.4.2 > 8.5.6 > 9.0.2 > 9.2.1 > 9.3.0 > 9.3.2 7.x.x > 8.2.x > 8.3.x > 8.4.2 > 8.5.6 > 9.0.2 > 9.2.1 > 9.3.2 To upgrade Receiver-HA devices, first check the High Availability status of the Receiver. See Check Receiver high availability status in the ESM online Help. 8

Special upgrade situations for 9.3.2 There are a few situations where you might need to take additional steps prior to or after upgrading. Situation Installing a new McAfee ESM model Obtaining offline rule updates Action If you are installing a new McAfee ESM model, you have 30 days to register your hardware so you can receive policy, parser, and rule updates as part of your maintenance contract. If you don't register, you will not have access to these upgrades. To get your permanent user name and password, email Licensing@McAfee.com with the following information: McAfee grant number, account name, address, contact name, and contact email address. If you are not able to get the rule updates directly from McAfee on the Internet, go to the Product Downloads web page at http://www.mcafee.com/us/downloads/ DOWNLOADS.ASPX. 1 Enter your customer grant number in the Download My Products search box, then click Search. 2 Click MFE Nitro Rules Downloads. The available update files are listed by ESM version. 3 Download the rules for the version of your ESM. Resolving device communication issues If you just upgraded a McAfee device (not ESM) and you see the message "The device needs to be upgraded to 9.3.2 before the operation can be performed," make sure the ESM has the correct version information. 1 On the ESM console, select the device in the system navigation tree, then select the Properties icon. 2 Click Connection, then click Status. The version updates. 3 Retry the operation that resulted in the message. 9

Situation Upgrading a redundant ESM Action You must upgrade the primary ESM first, then upgrade the redundant ESM. Follow these steps or the redundant ESM will be misconfigured. If this happens, you must contact McAfee Support for assistance. 1 On the primary ESM, go to System Properties Events, Flows & Logs and deselect Auto check every. 2 On the primary ESM, go to System Properties Backup and Restore Redundancy Configuration and deselect Enabled. 3 Upgrade the primary ESM. 4 Upgrade the redundant ESM. 5 On the primary ESM, re-enable redundancy. 6 On the primary ESM, re-enable the collection of events, flows, and logs after the redundant ESM upgrade is complete. A way to make sure that the redundant ESM is done processing alerts is to SSH into the ESM, run the top command, and make sure no event insert processes are running (see items in bold below). 12169 root 20 0 6031m 4.5g 9700 S 0 4.8 58:37.20 cp Job31 idle 12170 root 20 0 6031m 4.5g 9700 S 0 4.8 73:51.55 cp Job32 idle 12171 root 20 0 6031m 4.5g 9700 S 0 4.8 62:37.59 cp Job33 idle 12172 root 20 0 6031m 4.5g 9700 S 0 4.8 69:39.24 cp Job34 idle 12173 root 20 0 6031m 4.5g 9700 S 0 4.8 2:32.00 cp Backup 12174 root 20 0 6031m 4.5g 9700 S 0 4.8 0:00.72 cp RedundantInsert McAfee epo If the McAfee epo device is already on the ESM, you must refresh it. 1 If you are not on an all-in-one, make sure that the upgrade on the Receiver that McAfee epo device is connected to is complete. 2 On the ESM console, click epo Properties Device Management, then click Refresh. 3 Log out of the ESM console, then log back in. Download the upgrade files When the system is ready to upgrade, download the upgrade files to your local system. Task 1 On the McAfee Product Downloads website athttp://www.mcafee.com/us/downloads/ DOWNLOADS.ASPX, enter your customer grant number in the Download My Products field, then click Search. 2 Select the device you want to upgrade. 10

3 Select the correct link (MFE <device name> v9.3.2), read the McAfee EULA, then click I Agree. 4 Download these files to your local system: For McAfee Enterprise Security Manager (ESM or ETM) McAfee Enterprise Security Manager and Log Manager (ENMELM or ESMREC) McAfee Nitro Intrusion Prevention System (Nitro IPS or NTP) McAfee Event Receiver (ERC or ELMERC) McAfee Database Event Monitor (DEM) McAfee Advanced Correlation Engine (ACE) McAfee Enterprise Log Manager (ELM) McAfee Application Data Monitor (ADM) Download ESS_Update_9.3.2.tgz ESSREC_Update_9.3.2.tgz IPS_Update_9.3.2.tgz RECEIVER_Update_9.3.2.tgz DBM_Update_9.3.2.tgz RECEIVER_Update_9.3.2.tgz RECEIVER_Update_9.3.2.tgz APM_Update_9.3.2.tgz These files are now ready to be used to upgrade your ESM and devices. Upgrade the system to 9.3.2 When upgrading the ESM and its devices, do it in a specific order. The order is based on your mode. After you upgrade, rewrite the device settings and roll out the policy. Before you begin Review Preparing to upgrade and Special upgrade situations. Make sure that your system is running version 9.2.1 or later. If you recently upgraded to 9.2.1, verify that the database rebuild is complete. Task 1 Upgrade the devices in this order. Mode Order Non-FIPS a. Upgrade the ESM, ESMREC, or ENMELM. b. Wait for the database to build. c. Upgrade the ELM or ELMERC. d. Upgrade Nitro IPS, Event Receiver, ACE, DEM, and ADM. If you are upgrading a redundant ESM, see Upgrading a redundant ESM in Special upgrade situations. FIPS a. Upgrade the ELM or ELMERC. b. Upgrade Nitro IPS, Event Receiver, ACE, DEM, and ADM. c. Upgrade the ESM, ESMREC, or ENMELM. You can begin when all device upgrades start. Failure to upgrade the devices before upgrading the ESM when in FIPS mode could affect ELM log collection. 2 Verify that you have communication with the devices. 11

3 Follow this process to rewrite device settings for each device to make sure that all 9.3.2 settings are applied. a On the ESM console, select the device in the system navigation tree, then click the Properties icon. b Follow these steps for each device. Device type Event Receiver or ESM/Event Receiver combo ACE Nitro IPS, DEM, or ADM Process For data sources: Click Data Sources Write. For VA sources: Click Vulnerability Assessment Write. For risk correlation: Click Risk Correlation Management Write. For historical correlation: Click Historical Enable Historical Correlation Apply. If it's already selected, deselect it, select it again, then click Apply. For rule correlation: Click Rule Correlation, select Enable Rule Correlation, and click Apply. If it's already selected, deselect it, select it again, then click Apply. For virtual devices (IPS and ADM): Click Virtual Devices Write. For database servers: Click Database Servers Write. 4 Roll out the policy to all upgraded devices. After rolling it out to a Nitro IPS device, make sure to take the device out of bypass mode on Device Configuration Interfaces. 5 If you have an ELM or ELMERC collecting logs from a device, sync the ELM (Device Properties Device Configuration Sync ELM). Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 12

Product documentation Every McAfee product has a comprehensive set of documentation. See these documents for more information. McAfee Enterprise Security Manager 9.3.0 Product Guide McAfee Enterprise Security Manager 9.3.0 Installation Guide Copyright 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 0-00

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information