McAfee Enterprise Security Manager Administration 101


Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.


I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

Upcoming Dates

Sep 19 - Sep 22, 2022
09:00 - 17:00

Oct 17 - Oct 20, 2022
09:00 - 17:00

Nov 14 - Nov 17, 2022
09:00 - 17:00

Dec 12 - Dec 15, 2022
09:00 - 17:00

Jan 9 - Jan 12, 2023
09:00 - 17:00

Feb 6 - Feb 9, 2023
09:00 - 17:00

McAfee Enterprise Security Manager Administration 101
4 days  (Instructor Led Online)  |  CyberSecurity

Course Details

McAfee® Enterprise Security Manager—the core of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course prepares McAfee Enterprise Security Manager engineers and analysts to understand, communicate, and use the features provided by McAfee Enterprise Security Manager. Through hands-on lab exercises, you will learn how to optimize the McAfee Enterprise Security Manager by using McAfee-recommended best practices and methodologies


McAfee Enterprise Security Manager Overview

  • Define McAfee Enterprise Security Manager and SIEM concepts, identify appliances and their features, and describe the McAfee Enterprise Security Manager solution component architecture.


  • Configure and customize receiver data sources and data source profiles.

McAfee Enterprise Log Manager and McAfee Enterprise Log Search

  • Configure McAfee Enterprise Log Manager settings, and mirror McAfee Enterprise Log Manager data storage.

McAfee Enterprise Security Manager Views

  • Effectively navigate the McAfee Enterprise Security Manager dashboard, and create custom McAfee Enterprise Security Manager data views.

Data Sources

  • Locate events, and manage cases using a variety of data sources, assets, and enriched data.


  • Customize event and flow aggregation fields on a persignature basis, and define the advantages and nuances associated with event and flow aggregation.

Policy Editor

  • Create, modify, and delete McAfee Enterprise Security Manager policies within the policy editor.

Query Filters

  • Apply filters in views, create filter sets, use string normalization, and understand the basic syntax of regular expressions.


  • Configure and deploy custom correlation rules within the correlation editor.

Watch Lists and Alarms

  • Create and configure watch lists and alarms.


  • Create and configure reports.

System Management

  • Perform routine maintenance on McAfee Enterprise Security Manager, including updates and clearing policy modifications and rule updates.


  • Perform troubleshooting steps associated with login issues, operating systems and browser-specific issues, hardware issues, and McAfee Enterprise McAfee Security Manager dashboard issues.

Use Case Design

  • Understand how the McAfee Enterprise Security Manager interface dashboards and views are used to identify specific events and incidents.


Day 1

  • Course Introduction
  • Architecture Overview
  • Devices and Settings
  • McAfee Enterprise Security Manager Interface and Views

Day 2

  • Data Sources
  • Working with McAfee® Enterprise Log Manager and McAfee® Enterprise Log Search
  • Event Analysis
  • Aggregation

Day 3

  • Watch Lists and Policy Editor
  • Query Filters
  • Rule Correlation
  • Alarms

Day 4

  • Workflow and Analysis
  • Reports
  • System Maintenance and Troubleshooting
  • Introduction to Use Case Design

Target Audience

This course is aimed at McAfee Enterprise Security Manager users responsible for monitoring activity on systems, networks, databases, applications, and for configuration and management of the McAfee Enterprise Security Manager solution. Attendees should have a working knowledge of networking and system administration concepts, a good understanding of computer security concepts, and a general understanding of networking and application software.


It is recommended that students have a working knowledge of networking and system administration concepts.