Adding McAfee devices

• In the Log360 Cloud console, navigate to Settings -> Configuration Settings -> Log source configuration -> Applications -> Security Applications -> Add Security Applications

• Select Add-on type as McAfee
• Expand the list by clicking the "+" icon to add a new device.
• Choose from the drop-down menu to add Configured devices, Workgroup devices, domain devices, etc.

• To add new devices manually, click on Configure Manually and enter Log Source

• Click on Select and Add to add the log source.
• Use the Select Agent dropdown to select the device that is the agent to which the logs will be forwarded.
• The applications will now be added for monitoring.

Configuring McAfee Solutions

Log360 Cloud collects log data from McAfee solution and presents it in the form of graphical reports. For the solution to start collecting this log data, it has to be added as a threat source.

To configure McAfee in Log360 Cloud, please follow the steps below.

1. Configure HTTPS in Log360 Cloud.
2. Enable the required TLS port. Settings > System Settings > Listener ports
3. Configure your McAfee ePO server to use the newly created syslog server.
4. Add a new registered server and select Syslog for the type of server.
5. Enter the IP address or host name of the Log360 Cloud Agent server..
6. Enter <default 514> for the port number.
7. Click on enable event forwarding.
8. Click on test connection. A Syslog connection success message will be displayed.
9. Click on save.