Skip to content

McAfee EPO

The McAfee EPO suite of products enables alerts to pinpoint when attacks happen and on which assets by linking together those notifications with telemetry seen across the environment.

Data Types

  • Alerts

Configuration

McAfee EPO requires syslog destinations to use TLS. CYDERES will activate a listener with a self signed certificate unless one is provided.

Reference: https://kc.mcafee.com/corporate/index?page=content&id=KB87927

  1. In the McAfee EPO console, go to Menu > Configuration > Registered Servers.
  2. Add a new Registered Server with the Syslog type.
  3. Enter in the IP and port of your CYCLOPS appliance.
  4. Click Enable event forwarding. Optionally, you can send a test message by using Test Connection
  5. Click Save to save the configuration.