Configuring McAfee MVISION Cloud to communicate with QRadar

Procedure

  1. Log in to the McAfee Enterprise Connector administration interface.
  2. Select Enterprise Integration > SIEM Integration.
  3. Configure the following SIEM SYSLOG SERVICE parameters:
    Parameter Value
    SIEM server ON
    Format Log Event Extended Format (LEEF)
    Syslog Protocol TCP
    Syslog Server <QRadar IP or hostname>
    Syslog Port 514
    Send to SIEM new anomalies only
  4. Click Save.