Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Trellix ESM 11.0 and 11.5 Essentials > How to Add Data Sources in ESM > Flashcards

How to Add Data Sources in ESM Flashcards

1
Q

What are common formats an ERC can collect (mention 3)?

A
  • Syslog
  • WMI
  • SNMP
  • Snare or the Trellix Agent for Windows logs
  • MEF - McAfee Event Formats for custom log settings
  • Netflow (generic Netflow, sFlow)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why would you need to create a system profile to add data sources on ESM?

A

To pre-populate parameters, this is helpful when you have a lot of data sources of the same type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you add a Data Source profile on ESM?

A
  • Clic on ESM properties
  • Clic on Profile Managament
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Receiver’s Data Source - Auto Learn feature provide?

A

Allows the system to learn unknown IP addresses with the option to add each as a data source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you manually retrieve Events and Flows on ESM?

A
  • Clic the ESM component of interest like ERC, ACE, ADM or DEM
  • Clic on the Events and Flows Icon
  • Check what you want to get (Event, Flows or both)
  • Clic start
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the Asset Sources feature on ESM provide?

A

It allows to retrieve data from Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Trellix ESM 11.0 and 11.5 Essentials (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions