Splunk Add-on for McAfee

The Splunk Add-on for McAfee allows a Splunk Enterprise administrator to collect anti-virus information and Network Security Platform (Intrushield) information. You can then directly analyze the McAfee data or use it as a contextual data feed to correlate with other security data in Splunk. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as Splunk App for Enterprise Security and Splunk App for PCI Compliance. Please note that the DB Connect Add-on is required to manage database connectivity; it must be installed and configured before this Add-on can be used to collect data from an ePolicy Orchestrator (ePO) installation.

Built by Splunk Inc.

Latest Version 2.1.1

June 18, 2015

Release notes

Compatibility

Not Available

Platform Version: 6.3, 6.2, 6.1, 6.0

CIM Version: 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

Ranking

#44

in Security, Fraud & Compliance

#46

in Utilities

The Splunk Add-on for McAfee allows a Splunk Enterprise administrator to collect anti-virus information and Network Security Platform (Intrushield) information. You can then directly analyze the McAfee data or use it as a contextual data feed to correlate with other security data in Splunk. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as Splunk App for Enterprise Security and Splunk App for PCI Compliance. Please note that the DB Connect Add-on is required to manage database connectivity; it must be installed and configured before this Add-on can be used to collect data from an ePolicy Orchestrator (ePO) installation.