McAfee ePO is a centralized security management solution, which collects and summarizes the alerts from multiple McAfee security systems.
Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
You will need to ensure you have the TLS (Transport Layer Security) configured, in order to send the alerts with the correct encryption.
See the Agent TLS page for instructions to achieve this.
Before proceeding, please make sure you have completed the prerequisites listed above.
McAfee ePO can easily be synchronized with the syslog server with the following steps:
- Choose the Configuration option from the Menu and go to Registered Services.
- Click the New Server button.
- On the Description page, select Syslog server from the Server type menu.
- Specify the server name, you can also add some notes. The server details will be available after installing the SOC.OS agent
- Go to the Registered Server Builder page and enter the Server name (a domain or an IP address).
- Enter the TCP port number. It is typically 2514, unless a different security system is already being ingested on that port, and will be agreed during agent installation.
- Click on Enable event forwarding.
- In order to verify the connection, click Test Connection. If you see the alert “Syslog connection failed”, it is likely caused by the TLS configuration and needs to be fixed (please see the prerequisites).
- Click Save.
https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-5C5332B3-837A-4DDA-BE5C-1513A230D90A.html
https://www.mcafee.com/enterprise/en-gb/products/epolicy-orchestrator.html