The McAfee MVISION Cloud Log Collector is a part of the Analytics Engine that runs in the cloud.
MVISION Cloud Connector (CC) communicates with the Log Collector (LC) at pstat.myshn.net for the following reasons:
- CC uploads tokenized events and aggregated unmatched events from your firewall/proxy logs to Log Collector.
- CC uploads Active Directory (AD) data for Sanctioned user-groups or Shadow AD custom attributes when AD integration is enabled.
The connection between Cloud Connector and Log Collector is made over Transport Layer Security (TLS). Cloud Connector supports both TLSv1.2 and TLSv1.3 protocols.
NOTE: TLSv1.2 protocol is the default protocol in Cloud Connector. However, you can enable both the protocols.
TLS details include:
- Cipher Suite used: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- Log Collector Certificate:
- Signature: SHA256withRSA
- The server public key length is RSA 2048 bit
- Issuer: GlobalSign Organization Validation CA - SHA256 - G2
- Revocation Information: CRL and OCSP
IMPORTANT: It is not possible to edit the handshake protocol version for the communication between Cloud Connector and Log Collector.