AlienVault® USM Anywhere™

Viewing Your McAfee ePO Events

Role Availability Read-Only Analyst Manager

With the collection of your McAfee ePO event logs through the configured AlienApp for McAfee ePO, USM Anywhere enriches and analyzes log data from your McAfee ePO SQL database. When USM Anywhere detects a threat, it generates an alarmAlarms provide notification of an event or sequence of events that require attention or investigation..

Note: A correlation rule automatically identifies McAfee ePO security critical events or events for a terminated antivirus service and it generates a USM Anywhere alarm. If you want to generate an alarm for other types of McAfee ePO events, you can create your own custom alarm rules and define the matching conditions to fit your criteria.

After the AlienApp for McAfee ePO collects the first McAfee ePO log data and USM AnywherenormalizesNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. that raw data, these events start appearing in the Events page. To provide a more focused view of these events, the McAfee ePO dashboard is available under Dashboards in the top navigation menu.

This dashboard summarizes the events originating from your McAfee ePO environment so that you see what's going on at a glance. Click items displayed in the data elements to drill down to the list of events:

  • Top Events
  • Events by Severity
  • Event by Action
  • Top Malware Families
  • Top Hosts
  • Top Users
  • Daily Activity