Suggested: default + syslog - easiest, default+custom + syslog - easy, custom - syslog+TLS - best for small environments, custom + syslog+TLS + syslog server + UF - best for large environments, custom + UF - most reliable. Syslog: using default nf, using modified template + raw tcp.Collection: local with UF, Syslog (UDP, TCP, TCP+TLS), log pushing, log pulling.Decide on log format (default, default+custom fields, MWGaccess3 or custom).The App works best with current versions of McAfee Web Gateway (9.2.x and 10.x) but will also work with older releases (7.6+) after minor modifications. Non-resolvable Domains, potential DGA (Domain Generation Algorythm)īlocked by URL Filter or by Web Reputation Top SRC with high Ratio of High Risk Requests Timechart DNS resolution time distribution (excluding Cached)ĮXE and Macro Uploads/Downloads with Magic Bytes Mismatch Timechart DNS resolution time distribution (including Cached) Multiple Usernames coming from a single IP Top IPs + User-Agent + DestHost by Failed Auth Top User-Agents + DestHost by Failed Auth
It provides field extraction and CIM field mapping using a default and custom McAfee Web Gateway log, facilitates fast incident response and troubleshooting.Ĭurrently there are 80 different charts and tables grouped in 21 views This Splunk App for McAfee Web Gateway allows rapid insights and operational visibility into McAfee Web Gateway (MWG) deployments. Contributors, Attributions and Copyrights.
0 kommentar(er)
