title | description | author | ms.topic | ms.date | ms.service | ms.author | ms.collection |
---|---|---|---|---|---|---|---|
McAfee Network Security Platform connector for Microsoft Sentinel |
Learn how to install the connector McAfee Network Security Platform to connect your data source to Microsoft Sentinel. |
cwatson-cat |
how-to |
04/26/2024 |
microsoft-sentinel |
cwatson |
sentinel-data-connector |
The McAfee® Network Security Platform data connector provides the capability to ingest McAfee® Network Security Platform events into Microsoft Sentinel.
This is autogenerated content. For changes, contact the solution provider.
Connector attribute | Description |
---|---|
Log Analytics table(s) | Syslog (McAfeeNSPEvent) |
Data collection rules support | Workspace transform DCR |
Supported by | Microsoft Corporation |
Top 10 Sources
McAfeeNSPEvent
| summarize count() by tostring(DvcHostname)
| top 10 by count_
Note
This data connector depends on a parser based on a Kusto Function to work as expected McAfeeNSPEvent which is deployed with the Microsoft Sentinel Solution.
Note
This data connector has been developed using McAfee® Network Security Platform version: 10.1.x
-
Install and onboard the agent for Linux or Windows
Install the agent on the Server where the McAfee® Network Security Platform logs are forwarded.
Logs from McAfee® Network Security Platform Server deployed on Linux or Windows servers are collected by Linux or Windows agents.
-
Configure McAfee® Network Security Platform event forwarding
Follow the configuration steps below to get McAfee® Network Security Platform logs into Microsoft Sentinel.
-
While creating a profile, to make sure that events are formatted correctly, enter the following text in the Message text box:
<SyslogAlertForwarderNSP>:|SENSOR_ALERT_UUID|ALERT_TYPE|ATTACK_TIME|ATTACK_NAME|ATTACK_ID |ATTACK_SEVERITY|ATTACK_SIGNATURE|ATTACK_CONFIDENCE|ADMIN_DOMAIN|SENSOR_NAME|INTERFACE |SOURCE_IP|SOURCE_PORT|DESTINATION_IP|DESTINATION_PORT|CATEGORY|SUB_CATEGORY |DIRECTION|RESULT_STATUS|DETECTION_MECHANISM|APPLICATION_PROTOCOL|NETWORK_PROTOCOL|
-
For more information, go to the related solution in the Azure Marketplace.