McAfee Event Receiver
McAfee Event Receiver collects and retains large amounts of security data, and gives you immediate access to that data.
- Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
- Leverage flexible event collection deployment options. Make highly distributed deployment easier and more cost effective with virtual appliances.
- Collect tens of thousands of events per second with a single McAfee Event Receiver. Every event receiver caches all collected data locally to preserve data in the event of a network communication error or outage.
Easy, highly distributed event collection
Correlation for incident management
Provide full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.
Scalable log collection
Collect event and flow information from hundreds of third-party devices, including intrusion prevention systems (IPS), switches, routers, servers, workstations, identity and authentication systems, vulnerability assessment scanners, and more.
Diverse collection methods
Use various event collections, including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, and encrypted collection validated to FIPS 140-2 Level 2.
Select fully centralized all-in-one event collection and management or fully distributed event collection, available in both physical and virtual appliances and rated for several thousand to tens of thousands of events per second.
McAfee Event Receiver deployment options include physical and virtual appliances. Specific McAfee Event Receiver models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Numbers||Maximum EPS||Appliance Size||Local Storage||Network Interfaces (10/100/1000)||System Requirements|
|ERC-VM-8||500||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ERC-VM-12||5,000||VM||Recommended 500GB||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ERC-VM-32||15,000||VM||Recommended 2TB+480GB SSD||VM (AWS, ESX, KVM)||32 processor cores, 96GB of memory|
|ERC-1260||6,000||1U||1TB||2 + HA ports||Requires ESM|
|ERC-2600||12,000||2U||1.8TB||2 + HA ports||Requires ESM|
|ERC-3450||18,000||2U||1.8TB+240GB SSD||2 + HA ports||Requires ESM|
|ERC-4600||24,000||2U||3TB+480GB SSD||2 + HA ports||Requires ESM|
As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.