SIEM McAfee – Security Information & Event Management Administration

Download Course Contents

SIEM McAfee – Security Information & Event Management Administration Course Overview

Enroll for our 4-day SIEM McAfee – Security Information & Event Management Administration course from Koenig Solutions. This course provides an in-depth knowledge on the design, setup, configuration, communication flow, and data source management of SIEM appliances.

Through a blend of hands-on labs and interactive lectures, you will learn how to effectively implement the appliances in a complex enterprise environment.

Target Audience:

  • System and Network Administrators
  • Security Personnel
  • Auditors, and/or Consultants concerned with Network and System Security

Learning Objectives:

After completing this course, you will be able to:

  • Configure McAfee Enterprise Log Manager.
  • Install and configure McAfee Enterprise Security Manager.
  • Work with the receiver.
  • Work with the advanced correlation engine.
  • Add data sources.
  • Work with the policy editor.


This is a Rare Course and it can be take up to 3 weeks to arrange the training.

The 1-on-1 Advantage


Flexible Dates

  • • Choose Start Date
  • • Reschedule After Booking
  • • Weekend / Evening Option

4-Hour Sessions

You will learn:

Module 1: SIEM Overview
  • The Big Picture
  • McAfee® Enterprise Log Manager (ELM)
  • What is SIEM?
  • McAfee® Advanced Correlation Engine (ACE)
  • Large Centralized Deployment Example
  • Risk Correlation
  • McAfee® Event Receiver (ERC)
  • Elusive Security Events
  • McAfee® Application Data Monitor (ADM)
  • Application Data Monitor (ADM)
  • McAfee® Database Event Monitor (DEM)
  • Advanced Correlation Engine (ACE)
  • Event Aggregation
  • Log Management and Retention
  • Event Analysis and Workflow
  • Follow Testing Procedures
  • First-Time ESM Setup
  • FIPS Compliant Mode
  • Do Validation Testing
  • McAfee SIEM Architecture – “Combo Boxes”
  • Configure the Device Properties
  • Event Normalization
  • Add the Devices to the System
  • Event Correlation
  • Receiver (ERC)
  • Enterprise Security Manager(ESM)
  • Ensure end-user communications
  • How SIEM is Used
  • Apply Software Updates
  • Security Information Management
  • SIEM Components Overview
  • Large Distributed Deployment Example
  • Database Event Monitor (DEM)
  • ESM Settings – File Maintenance
  • ESM – Add User
  • Practice 2: SIEM Users and Groups
  • McAfee Enterprise Security Manager
  • ESM – Profile Management
  • ESM – Login Security
  • McAfee Receiver
  • ESM – Watchlists
  • ESM – System Logs
  • ESM – Add Privileges
  • ESM – Users and Groups
  • ESM – Add Group
  • ESM – Reports
  • Receiver HA
  • McAfee ESMI
  • Key Dashboards
  • The Data Problem
  • Configure User-specific ESM Settings
  • Syntax for contains and regex
  • String Normalization
  • String Normalization File
  • Practice 4: Watchlists
  • Points to consider when using contains or regex:
  • Watchlists and Variables
  • Data Source Profiles
  • Data Sources – WMI Event Logs
  • Data Source Grouping
  • Time Delta Page
  • Real Time Data Enrichment
  • Data Sources – Syslog
  • Receiver Data Sources
  • Data Sources – WMI
  • Practice 5: Data Sources
  • Data Sources – Auto Learn
  • Importing and Exporting Data Sources
  • Child Data Sources
  • Discovered Assets
  • Data Sources – Correlation Engine
  • Data Sources – Generic Net Flow
  • McAfee ePO
  • Data Source Time Problems
  • Flow Aggregation – Custom
  • How Aggregation Works
  • Port Values
  • Start at Level Aggregation
  • Flow Aggregation Levels
  • Flow Aggregation
  • Practice 6: Aggregation
  • Level Aggregation
  • Modify Event Aggregation Settings
  • Aggregation Overview
  • Flow Aggregation – Ports
  • Practice 2: Using the Syslog Parser – Part 2
  • Advanced Syslog Parser Rules
  • Copy packet
  • The Inheritance Icons
  • Severity
  • Rollout Policy Correlation
  • Field Assignment Tab
  • Severity Weights
  • Policy Rollout
  • Tools Menu
  • Practice 1: Using the Syslog Parser – Part 1
  • Data Source Rules – Auto Learned
  • Rules Display Pane
  • Policy Editor Overview
  • Rule Properties – Settings
  • Policy Change History
  • Rule Inheritance
  • Operations Menu
  • Policy Status
  • Action
  • To copy a policy, follow the steps
  • Export a Policy
  • Parsing Tab
  • Import a Policy
  • Normalization Categories
  • Event Correlation Engine
  • Optimized Risk Management
  • Practice 2: Adding an ACE Appliance
  • Criteria
  • Scanning Single Server (Distributed Dictionary Attack)
  • Practice 8.1: Correlation Rules
  • Practice 8.3: Historical Correlation
  • System penetration scenario
  • Rollout Correlation Policy
  • Rollout Correlation Policy
  • Alarm Settings – Actions
  • New Report Layout
  • Email Report Recipients
  • HA Failure
  • Deviation from Baseline
  • Field Match
  • Alarm Settings – Escalation
  • Device Status Change
  • Practice 9.1: Creating Alarms
  • Remove a Syslog Recipient
  • View Running Reports
  • FIPS Failure
  • Specified Event Rate
  • Device Failure
  • Alarms Log
  • Practice 9.2: Reporting
  • Syslog Report Recipients
  • View Report Files
  • Section 5
  • Designing Report Layout
  • Alarm Settings Additional Notes
  • Export views and reports
  • SNMP Reports Recipients
  • Email Report Groups
  • Report Conditions
  • Document Properties
  • Query Wizard
  • Triggered Alarms View
  • Alarm Settings – Devices
  • SMS Report Recipients
  • Internal Event Match
  • Additional Alarm Options
  • UCF Report Filter
  • Event Delta
  • Add a Syslog Recipient
  • Section 6
  • Alarm Details
  • Configuring the ELM for Storage
  • ELM Overview
  • Device Status Alerts
  • Reasons for Flags
  • How to manually set the time if no NTP server is available
  • ESM Login Screen Does Not Come Up on Linux Browser
  • How to ensure that the update file is not corrupt
  • How to access the terminal via the GUI
  • ESM and ESMI Troubleshooting
  • Beeping during initial startup
  • How to initiate a callhome
  • How to export the ESMI login history
  • Manual rules updates
  • Hardware Issues
  • Unable to download rules from the McAfee servers
  • The NGCP password for the ESMI desktop has been lost
  • User can log in to ESMI but they have no rights
  • How to determine if you are getting data from your data source
  • Troubleshooting Upgrade to Version 9.5.0
  • Unable to SSH or login to the ESM
  • Device Status Window
  • Update and Upgrade Issues
  • Software Upgrade Process
  • Operating System and Browser- specific Issues
  • McAfee Technical Support
  • Export/Download Troubleshooting When Using Windows 7
  • McAfee SIEM Sizing Overview
  • Login – unable to get the certificate using Firefox using IPv6 address
  • How to obtain the serial number from a device
  • ESM Settings – Database
Live Online Training (Duration : 32 Hours) Fee On Request
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites

It is recommended that the students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a working knowledge of McAfee® ePolicy Orchestrator® software administration.


Request More Information

Add Name and Email Address of participant (If different from you)


In both, you choose the schedule. In public, other participants can join, Private other participants want to join.
Yes, course requiring practical include hands-on labs.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
Yes, you can pay from the course page and flexi page.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Dubai, Goa, Delhi, Bangalore.
Yes you can request your customer experience manager for the same.
Yes, fee excludes local taxes.
Yes, we do.
The Fee includes:
  • Courseware
Schedule for Group Training is decided by Koenig. Schedule for 1-on-1 is decided by you.
In 1-on-1 you can select your own schedule, other students can be merged but you select the schedule. Choose 1-on-1 if published schedule do not meet your requirement. If you also want a private session, opt for 1-on-1 Public.
No, it is not included.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages



Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.