Latest Version 2.2.1
June 27, 2018
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. App archiving documentation
Splunk Add-on for McAfee
***Splunk Add-on for McAfee is no longer supported. For best results, you should deploy and use the new Splunk Add-on for McAfee ePO Syslog. Splunk Add-on for McAfee ePO Syslog works with Splunk Connect for Syslog, which provides a number of benefits over the legacy database integration.***
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Ranking
#37
in Utilities
***Splunk Add-on for McAfee is no longer supported. For best results, you should deploy and use the new Splunk Add-on for McAfee ePO Syslog. Splunk Add-on for McAfee ePO Syslog works with Splunk Connect for Syslog, which provides a number of benefits over the legacy database integration.***
The Splunk Add-on for McAfee allows a Splunk Enterprise administrator to collect anti-virus information and Network Security Platform (Intrushield) information. You can then directly analyze the McAfee data or use it as a contextual data feed to correlate with other security data in Splunk. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as Splunk App for Enterprise Security and Splunk App for PCI Compliance. Please note that the DB Connect Add-on is required to manage database connectivity; it must be installed and configured before this Add-on can be used to collect data from an ePolicy Orchestrator (ePO) installation.
Categories
Created By
Splunk Works
Type
addon
Downloads
20,927
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing