McAfee MVISION Cloud (formerly known as Skyhigh Networks Cloud Security Platform)
The IBM QRadar DSM for McAfee MVISION Cloud collects logs from a McAfee MVISION Cloud Platform.
McAfee MVISION Cloud is formerly known as Skyhigh Networks Cloud Security Platform.
The following table identifies the specifications for the McAfee MVISION Cloud DSM:
| Specification | Value |
|---|---|
| Manufacturer | McAfee |
| DSM name | McAfee MVISION Cloud |
| RPM file name | DSM-SkyhighNetworksCloudSecurityPlatform-QRadar_version-build_number.noarch.rpm |
| Supported versions | 2.4 and 3.3 |
| Protocol | Syslog |
| Event format | LEEF |
| Recorded event types | Privilege Access, Insider Threat, Compromised Account, Access, Admin, Data, Policy, and Audit |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | McAfee MVision Cloud (https://www.mcafee.com/enterprise/en-ca/products/mvision-cloud.html) |
To integrate McAfee MVISION Cloud with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Skyhigh Networks Cloud Security Platform DSM RPM
- DSMCommon RPM
- Configure your McAfee MVISION Cloud device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a McAfee MVISION Cloud log source on the QRadar Console. The following
table describes the parameters that require specific values for McAfee MVISION Cloud event
collection:
Table 2. McAfee MVISION Cloud log source parameters Parameter Value Log Source type McAfee MVISION Cloud Protocol Configuration Syslog Log Source Identifier The IP address or host name of the McAfee MVISION Cloud that sends events to QRadar.