Skip to main content
McAfee Enterprise MVISION Cloud

Cloud Connector Config SIEM Integration

Use these settings to forward incidents to SIEM.

IMPORTANT: You must have the MVISION Cloud Connector user role to configure Cloud Connector. For details, see About User Roles and Access Levels

IMPORTANT: You must access the MVISION Cloud user interface from the same network that your Cloud Connector is on. Otherwise, you cannot enable the feature or configure settings. An error message displays, "SIEM settings cannot be accessed outside of your company's network. You need to be inside your company's network to turn on the feature."

clipboard_e8da0531b5499972bb7e16670e654420f.png

Field Description
SIEM Server Port Enter the SIEM server port number. 
SIEM Server Host Enter the SIEM server hostname. 
SIEM Protocol

Select the SIEM server protocol from the menu:

  • TCP
  • UDP
  • TCP+TLS
Data Export Format Type

Select the data export format type from the menu:

  • Key Value Pairs
  • Log Event Extended Format
  • Common Event Format
Anomaly Export Type

Select the Anomaly export type from the menu: 

  • All Anomalies. All anomalies remaining in MVISION Cloud are sent. 
  • New Anomalies Only. New anomalies after this configuration are sent. 
  • None. No anomalies are sent. 
Incident Export Type

Select the Incident export type from the menu: 

  • All Incidents. All incidents remaining in MVISION Cloud are sent. 
  • New Incidents Only. New incidents after this configuration are sent. 
  • None. No anomalies are sent. 
Audit Log Export Type

Select the Audit Log export type from the menu. 

  • All. All events remaining in MVISION Cloud are sent. 
  • New Only. New events after this configuration are sent. 
  • None. No events are sent. 
Anomaly Endpoint Suffix Enter the suffix for the Anomaly import endpoint from the MVISION Cloud API. 

 

Advanced Settings 

Click Show Advanced Settings to display. 

Field Description
Audit Log Job Frequency Enter the frequency in milliseconds for Audit Log downloads. The default is 14400000 milliseconds. This property is only relevant when Audit Log import is enabled for SIEM
Incident Job Frequency Enter the frequency in milliseconds for Incident downloads. The default is 14400000 milliseconds. This property is only relevant when Incident import is enabled for SIEM.
Anomaly Job Frequency Enter the frequency in milliseconds for Anomaly downloads. The default is 14400000 milliseconds. This property is only relevant when Anomaly import is enabled for SIEM.
Disable SIEM Local Detokenization Select Yes to disable SIEM local detokenization. Select No to enable.
SIEM Escape CSV Type Select Yes to enable the SIEM escape CSV type. Select No to disable.
SIEM Format Type Select Yes to enable the old SIEM format type. Select No to enable the new SIEM format type.
Max Message Length Enter the number of Bytes for the maximum message length.
SIEM Incidents Import Limit Enter the number limit of SIEM incidents that can be imported.
SIEM Audit Log Batch Size Enter the number limit of SIEM audit logs that can be imported.
Replaceable Keys Enter the JSON to map SIEM payload keys from MVISION Cloud to your custom keys.
Insert Keys Enter any additional custom keys to be inserted with values as constants, used as part of the SIEM payload.
Exclude Keys Enter any key and its value to be excluded from the data exporting to SIEM.
Exclude certain messages Exclude any messages from going to the SIEM, for example, certain messages that contain sensitive data.
SIEM Export Max Field Length Enter the maximum field length in characters so that the data is truncated before exported to SIEM. Please enter 0 if no truncation is required.
  • Was this article helpful?