How to migrate McAfee Enterprise Log Manager (ELM) index Database

The Enterprise Log Manager (ELM) management database stores the records that track logs sent to the ELM.

By default the management database is stored on the local disk of the ELM, it is a good practice to migrate the management database to an external location to be sure that it has enough space to maintain the track of the event sent to the ELM.

The migration of the management database can takes several hours depending of the amount of information that it contains. It is a good practices to define the new location when you first set up the ELM device.

The system allows to create two copies of the ELM database using the Mirror function during the migration process.

Once the management database is located on the desire location we can start defining the different storage volumes for long time retention of information.

The following video shows the migration process to an external NFS shared created explicitly to the management database.

Next videos will show the creation of storage volumes and how to setup data sources to point to these locations.

Thanks for reading

Comments

Working with McAfee SIEM API

McAfee SIEM has a strong API that allows to interact with the application programatically. This API offers a RESTful interface and its documentation is available in the following URL on a running ESM https://<ESM_IP>/rs/esm/help In this post, through a set of code snippets I will show you how to connect to the ESM API via RESTful and execute different API commands. 1) Initial connection to the API Server In this first code snippet we are authenticating against the API and we obtain a token in the response that we use in order to create an authenticated header that will be used for the rest of API connections. 2) Testing that we have all the authentication parameters needed. Getting the time of the system. In this second code snippet we use the just obtained authentication header in order to get the system time through the available command (essmgtGetESSTime) 3) Getting the version (builtstamp) of the system. 4) Other useful available ...

Integrating McAfee SIEM with Apache Nifi Video 2/3

In this second video, I will show how to create a workflow blueprint. The workflow created, does the following steps: Collect information from twitter and filter them by some keywords, in order to do this certain credentials must be obtained from the twitter api (Consumer secret and access token secret), the sensible information is not shown on the video. Next step is pull key attributes, from the twitter json string, so we don't have to deal with the information we are not interested in, in this example I am extracting user name, language used and message information. Next, we check that it is in fact a twitter message and if so we route the information to the next step. Next , the traffic flow is transformed into a json string Last step is to send the information as the message string of a syslog event to the receiver. In the SIEM receiver we create a Data Source and log the unknown syslog information as unknown, in the next post I will create a parser so the...

How to blacklist IPs on McAfee Network Security Platform

Python script that allows to blacklist IPs on McAfee Network Security Platform. The uses is quite straightforward, bellow you can see some examples Usage nsmcli.py [-h] -u USER -p PASSWORD -nsm NSM_IP [-get_sensors][-get_qhosts][-sensor SENSOR_NAME][-i IP_ADDRESS][-quarantine][-remove] [-t {15,30,45,60,240,480,720,960,999}][--version] Examples of usage Get the list of sensors managed by a Network Security Manager nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_sensors Name ID Model Sensor IP SW Ver Sigset Ver Active M2750-4pocs 1001 M-2750 192.168.0.203 7.5.3.16 7.6.14.9 1 Get the list of quarantine IPs nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_qhosts Quarantined hosts for M2750-4pocs ...

built4tech

Search This Blog