McAfee Enterprise Security Manager Administration 201


Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.


I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

Upcoming Dates

Sep 19 - Sep 22, 2022
09:00 - 17:00

Oct 17 - Oct 20, 2022
09:00 - 17:00

Nov 14 - Nov 17, 2022
09:00 - 17:00

Dec 12 - Dec 15, 2022
09:00 - 17:00

Jan 9 - Jan 12, 2023
09:00 - 17:00

Feb 6 - Feb 9, 2023
09:00 - 17:00

McAfee Enterprise Security Manager Administration 201
4 days  (Instructor Led Online)  |  CyberSecurity

Course Details

McAfee® Enterprise Security Manager—the core of our security information and event management (SIEM) solution—provides near real-time visibility into the activity on all your systems, networks, databases, and applications. This enables you to detect, correlate, and remedy threats in minutes across your entire IT infrastructure. This course provides attendees with hands-on training on the design, setup, configuration, communication flow, and data source management of the ESM appliances. In addition, the course prepares McAfee ESM analysts to use and communicate the features provided by the solution. Through hands-on lab exercises and use case scenarios, you will learn how to optimize the McAfee Enterprise Security Manager by using McAfee-recommended best practices and methodologies.


Contextual Configurations:

  • Review ESM architecture and configuration tasks. Define Asset manager and how to manage assets and asset groups. Define and configure data enrichment using the Data Enrichment Wizard. Integrate vulnerability assessment (VA) tool with ESM.

Advanced Data Source Options:

  • Configure Auto Learn to listen to incoming events. Install and configure the SIEM Collector Agent.

Alarms, Actions, Notifications, and Reports:

  • Build and edit advanced alarms. Build and edit templates. Use remote commands. Create report queries. Configure notifications.

Data Streaming Bus:

  • Review the benefits of the Data Streaming Bus device. Add Data Streaming Databus (DSB). Configure Data Routing. Configure Data Sharing. Create Message Forwarding Rules.

Advanced Syslog Parser:

  • Understand Regex and available resources. Understand how to handle unknown events. Create custom parsing rules.

ESM Tuning and Best Practice:

  • Understand Event Tuning methodology. Configure events filtering on ERC. Identify key strategies for tuning correlation rules. Apply best practice to enhance ESM performance.

Performance Troubleshooting:

  • Discuss common performance issues. Describe possible causes and fixes. Learn how to avoid performance issues.

Advanced Correlation:

  • Utilize advanced rule correlation options. Configure deviation-based rule correlation. Configure risk correlation.

Analyst Tasks:

  • Make tuning recommendations according to your analysis. Identify events for immediate action, delayed action and no action (triage). Perform actions to maximize the usefulness of ESM output.

Use Cases Overview:

  • Define and discuss use cases. Follow a process to develop well defined use cases.

Management Directives Use Cases:

  • Create use cases from management directives.

Compliance Use Cases:

  • Create use cases from regulations to validate compliance.

Current Threat and Vulnerability Use Cases:

  • Research current threats and vulnerabilities. Create use cases from current threats and vulnerabilities.

Incident Use Cases:

  • Investigate incidents. Create use cases to quickly identify previously remediated incidents.


Day 1:

  • Welcome
  • Contextual Configurations
  • Advanced Data Source Options
  • Alarms, Actions, Notifications, and Reports

Day 2:

  • Data Streaming Bus
  • Advanced Syslog Parser
  • ESM Tuning and Best Practice
  • Performance Troubleshooting

Day 3:

  • Advanced Correlation
  • Analyst Tasks
  • Use Case Overview
  • Management Directives Use Cases

Day 4:

  • Organizational Policies Use Cases
  • Compliance Use Cases
  • Current Threats and Vulnerabilities Use Cases
  • Incident Identification Use cases

Target Audience

This course is aimed at McAfee customers acting as McAfee ESM engineers who are responsible for configuration and management of the solution and also for ESM analysts who are responsible for monitoring activity on systems, networks, databases, and applications. Attendees should have a good understanding of computer security concepts and a general understanding of networking and application software. Attendees should have at least one year of experience managing the McAfee Enterprise Security Manager Solution.


It is recommended that students have a working knowledge of:

  • McAfee Enterprise Security Manager (ESM / SIEM)
  • Networking and system administration concepts
  • Moderate understanding of computer security concepts
  • Experience with network security concepts and practices