How to integrate Kaspersky Threat Data Feeds with McAfee ESM
Latest update: February 19, 2021
ID: 15713
McAfee Enterprise Security Manager (ESM) expedites data handling and security operations to help analysts prioritize, investigate, and respond more effectively in less time, despite increasing threat volumes and operational pressures. McAfee ESM Named a 2020 Gartner Peer Insights Customers’ Choice for SIEM.
Kaspersky CyberTrace for McAfee ESM allows you to check URLs, file hashes, and IP addresses contained in events that arrive in McAfee ESM. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.
To integrate Kaspersky Threat Data Feeds using Kaspersky CyberTrace with McAfee ESM:
- Download and install Kaspersky CyberTrace for Other SIEMs. For details, see this article.
- Configure Kaspersky CyberTrace for integration with McAfee ESM according the guide.
- Configure forwarding events from McAfee ESM to Kaspersky CyberTrace according the guide.
- Configure sending events from Kaspersky CyberTrace and parsing them in McAfee ESM according the guide.
- After this, you can browse CyberTrace events, that contains actionable information from Kaspersky Threat Data Feeds as well as from other vendors or sources, in McAfee ESM to identify existing breaches or newly launched attacks, and inform your business or clients about the risks and implications associated with the threat.
Following the guide, you will be able to integrate any supported version of Kaspersky CyberTrace with McAfee SIEM v10 and v11. This integration allow McAfee users to take advantage of Kaspersky Data Feeds and operationalize Threat Intelligence management leveraging the full capabilities of the Cybertrace TI Plaform.
You can download the guide here.
