Latest Version 2.2.1
June 27, 2018
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Splunk Add-on for McAfee
***Splunk Add-on for McAfee is no longer supported. For best results, you should deploy and use the new Splunk Add-on for McAfee ePO Syslog. Splunk Add-on for McAfee ePO Syslog works with Splunk Connect for Syslog, which provides a number of benefits over the legacy database integration.***
Built by Splunk Works
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Ranking
#35
in Utilities
***Splunk Add-on for McAfee is no longer supported. For best results, you should deploy and use the new Splunk Add-on for McAfee ePO Syslog. Splunk Add-on for McAfee ePO Syslog works with Splunk Connect for Syslog, which provides a number of benefits over the legacy database integration.***
The Splunk Add-on for McAfee allows a Splunk Enterprise administrator to collect anti-virus information and Network Security Platform (Intrushield) information. You can then directly analyze the McAfee data or use it as a contextual data feed to correlate with other security data in Splunk. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as Splunk App for Enterprise Security and Splunk App for PCI Compliance. Please note that the DB Connect Add-on is required to manage database connectivity; it must be installed and configured before this Add-on can be used to collect data from an ePolicy Orchestrator (ePO) installation.
Categories
Created By
Splunk Works
Type
addon
Downloads
20,869
Licensing
Splunk Answers
Resources
Log in to report this app listing