McAfee Event Receiver

Collect up to tens of thousands of events per second

McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.

  • Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
  • Leverage flexible event collection deployment options. Make highly distributed deployment easier and more cost effective with virtual appliances.
  • Collect tens of thousands of events per second with a single McAfee Event Receiver. Every event receiver caches all collected data locally to preserve data in the event of a network communication error or outage.

Easy, highly distributed event collection

Correlation for incident management

Provide full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.

Scalable log collection

Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.

Diverse collection methods

Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.

Flexible architecture

Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.


Resources


System Requirements

McAfee Event Receiver deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.

Model Numbers Maximum EPS Appliance Size Local Storage Network Interfaces (10/100/1000) System Requirements
ERC-VM-8 500 VM Recommended 250GB VM (AWS, ESX, KVM) 8 processor cores, 4GB of memory
ERC-VM-12 5,000 VM Recommended 500GB VM (AWS, ESX, KVM) 12 processor cores, 64GB of memory
ERC-VM-32 15,000 VM Recommended 2TB+480GB SSD VM (AWS, ESX, KVM) 32 processor cores, 96GB of memory
ERC-1260 6,000 1U 1TB 2 + HA ports Requires ESM
ERC-2600 12,000 2U 1.8TB 2 + HA ports Requires ESM
ERC-3450 18,000 2U 1.8TB+240GB SSD 2 + HA ports Requires ESM
ERC-4600 24,000 2U 3TB+480GB SSD 2 + HA ports Requires ESM

Related Products

McAfee Enterprise Security Manager, the core product in our SIEM portfolio, seamlessly integrates with our other SIEM solutions, offering deeper insights in data management, advanced correlation, dedicated database and application monitoring, as well as McAfee Global Threat Intelligence.

McAfee Enterprise Security Manager

McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.

As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.
 
McAfee Advanced Correlation Engine

McAfee Advanced Correlation Engine

Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic. You tell McAfee Advanced Correlation Engine what you value—users or groups, applications, specific servers, or subnets—and it will alert you if the asset is threatened.

Read more

McAfee Application Data Monitor

McAfee Application Data Monitor

Advance security and compliance beyond log management by monitoring all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

Read more

McAfee Database Event Monitor for SIEM

McAfee Database Event Monitor for SIEM

Get a complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

Read more

McAfee Event Receiver

McAfee Event Receiver

Collect up to tens of thousands of events per second with a single receiver, and use a highly indexed database to quickly retrieve data and analysis.

Read more

McAfee Enterprise Log Manager

McAfee Enterprise Log Manager

Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

Read more

McAfee Global Threat Intelligence for Enterprise Security Manager

McAfee Global Threat Intelligence for Enterprise Security Manager

Enhance your SIEM deployment with a constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Read more