This Add-On provides inputs of McAfee FireCore Logs
Together with McAfee FireCore App (https://splunkbase.splunk.com/app/4763/) this Add-On helps to setup and maintain McAfee Client Proxy (MCP) deployment.
MCP has the very limited logging capability. One of the components that MCP based upon, the McAfee FireCore, has the logging functionality, but it disabled by default. This Add-On enables FireCore logging.
This app allows to collect FireCore logs from one or many systems and shows which connections are being redirected to which proxies and which connections bypass proxy.
During the MCP setup it is not just enough to install/deploy the MCP executable and configure proxy settings. Sooner or later some exceptions need to be configured. Usually (bad practice) exceptions are configured only after a user complains that something doesn't work. Much better way is to be proactive and to configure exceptions in advance.
This add-on provides the CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Discuss the Splunk Add-On for McAfee FireCore on Splunk Answers at http://answers.splunk.com/answers/app/4762
This is a first public release, consider it Beta.
For a single desployment (to collect FireCore logs from one system only) you need to install Splunk Enterprise + TA_McAfee_FireCore Add-On + McAfee_FireCore App on the system where MCP is installed.
For a distributed desploymeint (to collect FireCore logs from many systems):
This Add-On tested for MCP 2.x and 3.x version on x64 Windows platform.
*mcpservice.exe process cannot be filtered out.
*enable name resolution for ip addresses.
0.0.6 - minor fixes, CIM compatibility
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.