Skip to content

McAfee EPO

The McAfee EPO suite of products enables alerts to pinpoint when attacks happen and on which assets by linking together those notifications with telemetry seen across the environment

Data Types

  • MCAFEE_EPO

Configuration

McAfee EPO requires syslog destinations to use TLS. Cyderes will configure a port with a client provided self-signed certificate.

Reference: https://kc.mcafee.com/corporate/index?page=content&id=KB87927

  1. In the McAfee EPO console, navigate to Menu > Configuration > Registered Servers
  2. Add a new Registered Server with the Syslog type
  3. Enter in the IP and port of the CYCLOPS appliance
  4. Click Enable event forwarding. A test message may be sent by clicking Test Connection.
  5. Click Save