The McAfee Event Receiver is responsible for the collection of log and event
information from hundreds of third-party devices including firewalls,
IDS/IPS devices, UTMs, switches, routers, applications, servers and
workstations, identity and authentication systems, vulnerability
assessment scanners, and more. McAfee Event Receiver uses a variety of
collection methods including passive log collection, authenticated log
collection, CEF, OPSEC, SDEE, XML, ODBC, as well as an encrypted
collection validated to FIPS 140-2 Level 2.
When a McAfee Event
Receiver collects an event, it parses all relevant details into a fully
normalized event taxonomy, and then provides full correlation against
all events to detect larger incidents. McAfee Event Receiver correlates
events collected by other distributed receivers for system-wide threat
detection.