Mappings: McAfee Endpoint Update Event Logs
| Input | Value |
|---|---|
| Vendor | McAfee |
| Product | Endpoint Security |
| Log Format | JSON |
| Event ID Regex Pattern | UpdateEvents |
| Output | Value |
|---|---|
| Vendor | McAfee |
| Product | Endpoint Security |
| Record Type | Endpoint |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| device_hostname | UpdateEvents.MachineInfo.MachineName | |
| device_ip | UpdateEvents.MachineInfo.IPAddress | |
| device_mac | UpdateEvents.MachineInfo.RawMACAddress | |
| timestamp | UpdateEvents.McAfeeCommonUpdater.UpdateEvent.GMTTime | We expect the orginal record value of UpdateEvents.McAfeeCommonUpdater.UpdateEvent.GMTTime is in the format YYYY-MM-dd'T'HH:mm:ss |
| user_username | UpdateEvents.MachineInfo.UserName |