🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

McAfee Web Gateway Integration Guide

integrations network mcafee


McAfee Web Gateway should be configured to send logs to the Taegis™ XDR Collector via syslog by following the instructions provided by McAfee (sign in required).

Connectivity Requirements

Source Destination Port/Protocol
McAfee Web Gateway Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt File HTTP Management Netflow NIDS Process Thirdparty
McAfee Web Gateway               D          

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

To configure McAfee Web Gateway to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by McAfee (sign in required). Consider the following requirements when completing the configuration steps:

When following the instructions to configure the syslog daemon, use the options for sending both Access and Audit logs via UDP to the IP address of the Taegis™ XDR Collector.

When following the instructions to configure the rules in the McAfee Web Gateway, use the CEF format.

 

On this page: