McAfee MVISION Cloud

  • Updated on Feb 5, 2025
  • Published on May 28, 2023
Prev Next

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

MVISION Cloud

✅

✅

mcafee_mvision_cloud

LEEF

S3

Overview

imageMcAfee is a cybersecurity company that provides security solutions for individuals and businesses, focusing on antivirus protection, threat intelligence, and endpoint security. Known for its antivirus software, McAfee offers tools to protect against malware, phishing, ransomware, and other cyber threats. Its enterprise solutions include cloud security, network defense, and advanced threat detection, helping organizations safeguard their data and IT infrastructure.

Supported data types

MVISION Cloud

Table name: mcafee_mvision_cloud

This data type contains several types of events:

  • Shadow Anomaly - Anomalies (alerts) on services connected to MVISION that can not be sanctioned by the product (called shadow services)

  • Sanctioned Anomaly - Anomalies (alerts) on services connected to MVISION that can be sanctioned by the product.

  • Threat - Threats are collections of anomalies in normal behavior that point to potential security incidents happening within your organization for data on a cloud service. Because threats are only triggered when specific anomalies occur in concert, they are more likely to represent real breaches to your system to investigate.

Send data to Hunters

Hunters supports the ingestion of McAfee MVISION logs via an intermediary AWS S3 bucket.

To connect McAfee MVISION logs:

  1. Export your logs from McAfee to an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

The expected format of the logs is the LEEF format as exported by MVISION.

MVISION Cloud log sample

Oct 28 16:02:10 eu-mvisnp-m001 LEEF:1.0|McAfee|MVISION Cloud|5.2.1.0|Incident|cat=Alert.Policy.Dlp\tdevTimeFormat=MMM dd yyyy HH:mm:ss.SSS zzz\tdevTime=Oct 27 2022 12:49:38.000 UTC\tusrName=user.sample@domain.com\tsev=0\tactivityName=[Email]\tactorIdType=USER\tincidentId=DLP-3032521\triskSeverity=info\tincidentRiskSeverityId=3\tcollaborationSharedLink=false\tinformationContentItemCreatedOn=2022-10-27T12:49:38.000Z\tcontentItemId=37D0_1351_273549_4793-4B31-9C33-245s2F5D18710.1.eml\tcontentItemName=RE: [EXTERNAL] Re: VENT-01/VTU66643-24443X: second draft synopsis for review\tFileSize=117422\tcontentItemType=EMAIL\tinformationEventId=295787\texternalCollaborators=[otheruser@gmail.com]\tinformationExternalCollaboratorsCount=4{....}