Skyhigh (McAfee/Trellix) Secure Web Gateway Integration Guide
integrations network mcafee mcafee web gateway skyhigh
The following instructions are for configuring Skyhigh Secure Web Gateway (formerly McAfee Web Gateway) to facilitate log ingestion into Secureworks® Taegis™ XDR.
Connectivity Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Skyhigh Secure Web Gateway | Taegis™ XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration ⫘
Antivirus | Auth | DHCP | DNS | Encrypt | File | HTTP | Management | Netflow | NIDS | Process | Thirdparty | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Skyhigh Secure Web Gateway | D |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure the Skyhigh Secure Web Gateway to send logs to XDR via syslog, follow the instructions provided by the vendor. Consider the following requirements when completing the configuration steps:
- Protocol and Port — UDP/514
- Severity — 6 (Information)
- Log Types — Access and Audit logs
- Format — CEF