McAfee Event Receiver appliances are responsible for the collection of log and event information from hundreds of third-party devices including firewalls, IDS/IPS devices, UTMs, switches, routers, applications, servers and workstations, identity and authentication systems, vulnerability assessment scanners, and more. McAfee Event Receiver uses a variety of collection methods including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, as well as an encrypted collection validated to FIPS 140-2 Level 2.
Robust collection, powerful correlation — When a McAfee Event Receiver collects an event, it parses all relevant details into a fully normalized event taxonomy, and then provides full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.
Flexible collection architecture — McAfee Enterprise Security Manager supports fully centralized “all-in-one” event collection and management, or fully distributed event collection using dedicated Event Receiver appliances, rated for several thousand to tens of thousands of events per second.
High reliability — Deploy McAfee Event Receiver redundantly for maximum reliability without any risk of data loss.
Features & Benefits
Get immediate access to data
Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
Leverage flexible deployment options
Make highly distributed deployment easier and more cost effective with virtual appliances.
Retain and collect large amounts of security data
Collect over 20,000 events per second with a single McAfee Event Receiver. Every Event Receiver caches all collected data locally to preserve data in the event of a network communication error or outage.