Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Sien 4.7.4 syslog ( McAfee IPS)

Created: 01 Jul 2013 | 3 comments

Hi all,

I am getting syslog to my siem 4.7.4 from the mcafee ips. however, i do not get in the syslog the geolocation( IP source address COUNTRY).

The IPS shows this parameter when I connect to it through the web.

What is the solution? thank you all.

Operating Systems:

Comments 3 CommentsJump to latest comment

lukaszfr's picture

Have you looked into Raw Event field? If yes, is there any kind of such information?
It's possible that Geolocation data is available only in McAfee IPS console and are not send to SSIM.

Milan_T's picture

This feature has been added in SSIM 4.8.

You will be able to get GEOlocation for ip address and you not need to add extra efforts for it in 4.8 for geolocation during incident analysis.

VSK's picture

This feature has been added in the SSIM ver 4.8.1. You can see the Geolocation for the assets with external ip's. You can also enable the feature where you could see the Geolocation for the assets with internal ip addresses(this particular feature is disabled by DEFAULT).

-VSK