Skip to main content
McAfee MVISION Cloud

Enterprise Connector 3.3

Enterprise Connector 3.3 SP3

Click here to Download Enterprise Connector 3.3 SP3

See Enterprise Connector Known Issues Item 8 for details on the changes. 

Enterprise Connector 3.3 SP2

Click here to Download Enterprise Connector 3.3 SP2

See Enterprise Connector Known Issues Items 6 and 7 for details on the changes. 

Enterprise Connector 3.3 SP1

Click here to Download Enterprise Connector 3.3 SP1

SIEM Integration Format

MVISION Cloud incidents, including anomalies, DLP violations, threats, etc., are exported using revised and consistent formats as a default option. For complete details, see Enterprise Connector SIEM Integration Formats

To export the incidents in the old (pre-3.3 SP1) format, (detailed below in Improvements to SIEM Export Format) set the property in the logprocessor.local.property file to siem.use.old.format=true.

Enterprise Connector 3.3

Integration of Multiple Service Groups with Proxy/ Firewall Devices

You can integrate Enterprise Connector with Bluecoat proxy or Palo Alto Panorama in order to create multiple policies based on MVISION Cloud Service Groups. Each Service Group creates a separate custom URL category on the edge device, and different policies can be configured for these different custom categories. Any change to URLs in any Service Group per the criteria defined on MVISION Cloud Dashboard can be updated automatically to the integrated edge devices. When Service Groups are updated, you can configure notifications and approvals to be sent to alert your admin, and they can approve those changes in the Firewall/Proxy Integration section of the MVISION Cloud Dashboard. 

Sending Email Notifications from a Corporate Domain

Delivers user email notifications for DLP violations from the customer’s domain (e.g. compliance@customerdomain.com) instead of MVISION Cloud’s domain (no-reply@skyhighnetworks.com). This feature requires an upgrade to Enterprise Connector v3.3.

Improvements to SIEM Export Format

The former Date/Time format as exported by Enterprise Connector was not usable when exported to a SIEM. Please see the examples below to familiarize yourself with the improvements. For details, see Exporting Anomalies and Threats to a SIEM.

CEF format with EC 3.3

CEF Format with EC 3.1 and Earlier

<14>Feb 22 00:40:28 lpvm02.app.qa.sjc.shn CEF:0|MVISION Cloud|Anomalies|3.3.2.0|

Brute Force Login|Access Anomalies|6|

<snip>

collab_group=shn.com countries=[IN] 

</snip>

<14>Feb 22 00:40:28 lpvm02.app.qa.sjc.shn CEF:0|MVISION Cloud|Anomalies|3.3.2.0|

Brute Force Login|Access Anomalies|6|

<snip>

collab_group=shn.com countries=[IN] 

</snip>

created_on_date=2017-02-23T23:17:50.000Z

information.created_on_date.afterNow=false information.created_on_date.beforeNow=true information.created_on_date.centuryOfEra=20 information.created_on_date.chronology.zone.fixed=true information.created_on_date.chronology.zone.id=UTC information.created_on_date.dayOfMonth=27 information.created_on_date.dayOfWeek=5 information.created_on_date.dayOfYear=148 information.created_on_date.equalNow=false information.created_on_date.era=1 information.created_on_date.hourOfDay=16 information.created_on_date.millis=1464365105000 information.created_on_date.millisOfDay=57905000 information.created_on_date.millisOfSecond=0 information.created_on_date.minuteOfDay=965 information.created_on_date.minuteOfHour=5 information.created_on_date.monthOfYear=5 information.created_on_date.secondOfDay=57905 information.created_on_date.secondOfMinute=5 information.created_on_date.weekOfWeekyear=21 information.created_on_date.weekyear=2016 information.created_on_date.year=2016 information.created_on_date.yearOfCentury=16 information.created_on_date.yearOfEra=2016 information.created_on_date.zone.fixed=true information.created_on_date.zone.id=UTC 

default_threshold=-1

<snip>

incident_id=1:2600:e358a38809d038d15ba390e1c6c3e7ae650be1aa:105:0:400:7984b0a0e139cabadb5afc7756d473fb34d23819:2016080323 

</snip>

default_threshold=-1

<snip>

incident_id=1:2600:e358a38809d038d15ba390e1c6c3e7ae650be1aa:105:0:400:7984b0a0e139cabadb5afc7756d473fb34d23819:2016080323 

</snip>

last_modified_date=2017-02-23T23:18:18.542Z

information.last_modified_date.afterNow=false information.last_modified_date.beforeNow=true information.last_modified_date.centuryOfEra=20 information.last_modified_date.chronology.zone.fixed=true information.last_modified_date.chronology.zone.id=UTC information.last_modified_date.dayOfMonth=7 information.last_modified_date.dayOfWeek=2 information.last_modified_date.dayOfYear=159 information.last_modified_date.equalNow=false information.last_modified_date.era=1 information.last_modified_date.hourOfDay=21 information.last_modified_date.millis=1465335266194 information.last_modified_date.millisOfDay=77666194 information.last_modified_date.millisOfSecond=194 information.last_modified_date.minuteOfDay=1294 information.last_modified_date.minuteOfHour=34 information.last_modified_date.monthOfYear=6 information.last_modified_date.secondOfDay=77666 information.last_modified_date.secondOfMinute=26 information.last_modified_date.weekOfWeekyear=23 information.last_modified_date.weekyear=2016 information.last_modified_date.year=2016 information.last_modified_date.yearOfCentury=16 information.last_modified_date.yearOfEra=2016 information.last_modified_date.zone.fixed=true information.last_modified_date.zone.id=UTC 

<snip>

</snip>

<snip>

</snip>

Known Issues

For information on new and resolved issues, see Enterprise Connector Known Issues.

  • Was this article helpful?