Skip to content

McAfee ePolicy Orchestrator

Constructor : Mcafee

Product : ePolicy Orchestrator

Log format : splunk

Structured log message :

AutoID=60757851 signature=\"Protection standard commune:Empecher l\'arret des processus McAfee signature_id=1092 category=hip.file severity_id=5 event_description=\"Access Protection rule violation detected and blockedC:PROGRAM FILESMCAFEEVIRUSSCAN ENTERPRISEVSTSKMGR.EXE\" detection_method=OAS action=NT AUTHORITYSYSTEM\" user=N/A dest_nt_domain=EU dest_dns=FRT dest_nt_host=FR fqdn=FRD.eu dest_ip=10.10.11.12 dest_netmask= dest_mac=0000CC216f3b os= os_version=5.2 os_build=3790 timezone= src_dns=_ src_ip=10.1.2.3 src_mac= process=\"C:PROGRAM FILESEMCNAVISPHERE AGENTNAVIAGENT.EXE\" url= logon_user_1= is_laptop=0 product= product_version=8.8 engine_version= dat_version= vse_dat_version=8040.0000 vse_engine64_version=N/A vse_engine_version=5800.7501 vse_hotfix=6 vse_product_version=8.8.0.1445 vse_sp=

Log format : csv

Csv log message :

2105984;6902F367-093D-4CDC-B70F-CB81331BE718;SERV1;2015-02-21 19:39:15.550;2015-02-21 19:38:31.000;8D2F0EF2-3352-486A-9670-787D8CB97994;VIRUSCAN8800;VirusScan Enterprise;8.8;D305967;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;7718.0000;5700.7163;(managed) Weekly Scan Virusscan Enterprise 8.8.0;_;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;NULL;NULL;NULL;D305967;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;SYSTEM;NULL;NULL;NULL;c:tempbackup_backupdiskebooks.zip70-271_70-272_MCDST_Study_Guide_and_Transcender_Exams.rartranscenderengine v3.5 Patch.exetranscenderengine v3.5 Patch.exe;av.pup;21280;1;Tool-TPatch;app_pua;deleted;1;0x0000000002E86EEF

Constructor field LMC field
[src_dns] [init][host][name]
[src_ip] [init][host][ip]
[src_mac] [init][host][mac]
[source_logon_user] [init][usr][name]
[process] [init][process][name]
[dest_dns] [target][host][name]
[dest_ip] [target][host][ip]
[dest_mac] [target][host][mac]
[dest_netmask] [target][host][net]
[logon_user] [target][usr][name]
[signature_id] [alarm][name]
[severity_id] [alarm][sev]
[timestamp] [mcafee][epo][received_utc]
[product] [mcafee][epo][analyzer_name]
[product_version] [mcafee][epo][analyzer_version]
[dat_version] [mcafee][epo][analyzer_dat_version]
[engine_version] [mcafee][epo][analyzer_engine_version]
[detection_method] [mcafee][epo][analyzer_detection_method]
[url] [mcafee][epo][source_url]
[file_name] [mcafee][epo][target_filename]
[category] [mcafee][epo][threat_category]
[signature] [mcafee][epo][threat_name]
[threat_type] [mcafee][epo][threat_type]
[action] [mcafee][epo][threat_action_taken]
[threat_handled] [mcafee][epo][threat_handled]
[event_description] [mcafee][epo][description]
[dest_nt_domain] [mcafee][epo][computer][nt_domain]
[fqdn] [mcafee][epo][computer][fqdn]
[is_laptop] [mcafee][epo][computer][is_laptop]
[os] [mcafee][epo][computer][os_type]
[os_build] [mcafee][epo][computer][os_build]
[os_version] [mcafee][epo][computer][os_version]
[sp] [mcafee][epo][computer][os_sp]
[timezone] [mcafee][epo][computer][timezone]
[user] [mcafee][epo][computer][user]
[vse_dat_version] [mcafee][epo][vse][dat_version]
[vse_engine64_version] [mcafee][epo][vse][engine64_version]
[vse_engine_version] [mcafee][epo][vse][engine_version]
[vse_hotfix] [mcafee][epo][vse][hotfix]
[vse_product_version] [mcafee][epo][vse][product_version]
[vse_sp] [mcafee][epo][vse][sp]

Unit Test List

unit_csv_1034.json unit_csv_1092.json unit_csv_1119.json unit_csv_21401.json unit_csv_1035.json unit_csv_1094.json unit_csv_21027.json unit_splunk.json unit_csv_1027.json unit_csv_1038.json unit_csv_1095.json unit_csv_21280.json