Hi All,
Does anyone know what is best method to forward the logs from Splunk to Mcafee ESM.
Requirement is McAfee ESM should understand each log sourcetype for example cisco asa , qualys VM etc,
Thanks in advanced 🙂
Hi,
always a good place to start is this documentation :
https://docs.splunk.com/Documentation/Splunk/6.0.1/Forwarding/Forwarddatatothird-partysystemsd
here is an example for macaffee itself:
https://answers.splunk.com/answers/704667/forward-all-eventssyslog-from-splunk-721-to-esm-mc.html
Any luck with that? If it was helpfull please accept the answer, thank you 🙂
Thanks for the reply but Mcafee ESM parser is not working.