[Deprecated] McAfee Network Security Platform connector for Microsoft Sentinel
Important
Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector.
The McAfee® Network Security Platform data connector provides the capability to ingest McAfee® Network Security Platform events into Microsoft Sentinel. Refer to McAfee® Network Security Platform for more information.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | Syslog (McAfeeNSPEvent) |
| Data collection rules support | Workspace transform DCR |
| Supported by | Microsoft Corporation |
Query samples
Top 10 Sources
McAfeeNSPEvent
| summarize count() by tostring(DvcHostname)
| top 10 by count_
Vendor installation instructions
Note
This data connector depends on a parser based on a Kusto Function to work as expected McAfeeNSPEvent which is deployed with the Microsoft Sentinel Solution.
Note
This data connector has been developed using McAfee® Network Security Platform version: 10.1.x
- Install and onboard the agent for Linux or Windows
Install the agent on the Server where the McAfee® Network Security Platform logs are forwarded.
Logs from McAfee® Network Security Platform Server deployed on Linux or Windows servers are collected by Linux or Windows agents.
- Configure McAfee® Network Security Platform event forwarding
Follow the configuration steps below to get McAfee® Network Security Platform logs into Microsoft Sentinel.
- Follow these instructions to forward alerts from the Manager to a syslog server.
- Add a syslog notification profile, more details here. This is mandatory. While creating profile, to make sure that events are formatted correctly, enter the following text in the Message text box: :|SENSOR_ALERT_UUID|ALERT_TYPE|ATTACK_TIME|ATTACK_NAME|ATTACK_ID |ATTACK_SEVERITY|ATTACK_SIGNATURE|ATTACK_CONFIDENCE|ADMIN_DOMAIN|SENSOR_NAME|INTERFACE |SOURCE_IP|SOURCE_PORT|DESTINATION_IP|DESTINATION_PORT|CATEGORY|SUB_CATEGORY |DIRECTION|RESULT_STATUS|DETECTION_MECHANISM|APPLICATION_PROTOCOL|NETWORK_PROTOCOL|
Next steps
For more information, go to the related solution in the Azure Marketplace.