Loading...

Knowledge Center


Supported platforms, environments, and operating systems for Enterprise Security Manager
Technical Articles ID:   KB82516
Last Modified:  11/12/2019
Rated:


Environment

McAfee SIEM Enterprise Security Manager (ESM) 11.x.x, 10.x.x
McAfee SIEM Enterprise Event Receiver (Receiver) 11.x.x, 10.x.x

Summary

As new versions of Windows or Linux operating systems are released, the original product guides might not reflect the current Technical Support policy for those platforms. This article provides the latest information regarding supported platforms and environments, and is updated when needed to reflect the current state of support for the McAfee SIEM Enterprise Security Manager (ESM). Most of the following information is available in the ESM Product Installation Guides and README.TXT files. But, some of the information is available only in Product Management statements published in the Knowledge Base.

The McAfee SIEM is managed and maintained entirely through a web/Flash interface. The minimum requirements for a host connecting to the ESM are provided in the following tables.


Recent updates to this article
Date Update
November 12, 2019 Added SIEM 11.3.x release information.
November 8, 2019 Renamed Amazon Web Services section to Cloud Services. Added Oracle Cloud and Microsoft Azure to the Cloud Services section. Updated Supported Operating Systems.
October 28, 2019 Merged Additional SIEM Components section into Virtual Machine Requirements section. Updated SIEM Components information. 
June 25, 2019 Updated the Virtual Machine Requirements and Internet Browsers sections.
February 26, 2019 Added the following note to Virtual Machine Requirements: 
  • ESM 10.3 and later VMs can be created on the Azure, Hyper-V 2016 and later, and XEN 6.5 and later platforms.


Hardware Component Requirement
Processor (CPU)
  • P4-class Intel® (not Celeron) or later (Mobile/Xeon/Core2/Core i3/5/7)
  • AMD/AMD2 class or later (Turion64/Athlon64/Opteron64/A4/6/8)
Memory (RAM) 16 GB
NOTES:
  • The ESM VM uses many features that require CPU and RAM. If the ESXi environment shares the CPU and RAM requirements with other VMs, the performance of the ESM VM is impacted.
  • ESM 10.3 and later VMs can be created on the Azure, Hyper-V 2016 and later, and XEN 6.5 and later platforms.
 
Hardware Component Requirement
Processor (CPU)
  • 8 cores 64-bit, Dual Core2/Nehalem or later
  • AMD Dual Athlon64/Dual Opteron64 or later
Memory (RAM) 16 GB or more (depending on model)
Disk space 500 GB or more (depending on model)
ESXi Server 5.0 or later
Thick / Thin provisioning You must decide the hard disk requirements needed for your server.
The minimum requirement is 500 GB unless the VM purchased has more. See the specifications for your VM product.
 

 ESM, ELM, REC
“All-In-One” / ETM-ELM

Provides SIEM, Log Management, and Network Analysis functions.
Includes the Event Receiver.
Provides compliant Log Management and collects data for correlation and analysis by the ESM.

ESM-ELM-ERC-VM: VMware ESX/ESXi Server 5.x+
8 Processor Cores, 16 GB of Memory
Recommended disk space: 500 GB1

Enterprise Log Manager

 The ELM provides Compliant Log Management functions.

ELM-VM: VMware ESX/ESXi Server v.5.x+
8 Processor Cores, 8 GB of Memory
Recommended VM Environment of 500 GB

ELM-VM-4-CORE-ADDON: VMware ESX/ESXi Server v.5.x+
4 additional Processor Cores (max 32 cores total), 16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2

Enterprise Log Search

The ELS provides high-speed Elastic search functions.

ELS-VM: VMware ESX/ESXi Server v.5.x+
8 Processor Cores, 8 GB of Memory
Recommended VM Environment of 500 GB

ELS-VM-4-CORE-ADDON: VMware ESX/ESXi Server v.5.x+
4 additional Processor Cores (max 32 cores total), 16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2

Event Receiver  

The Receiver collects third-party logs, events, and flow data for correlation and analysis by the ESM.

ERC-VM: VMware ESX/ESXi Server v.5.x+
8 Processor Cores, 8 GB of Memory
Recommended disk space: 500 GB1 

ERC-VM-4-CORE-ADDON: VMware ESX/ESXi Server v.5.x+
4 additional Processor Cores (max 32 cores total), 16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1

Advanced Correlation Engine 

Provides McAfee RSC and Enterprise correlation. 
Identifies and scores threat events in real time or historical mode, using both rule- and risk-based logic, for the ESM.

ACE-VM: VMware ESX/ESXi Server v.5.x+
8 Processor Cores, 32 GB of Memory
Recommended disk space: 500 GB1 + 480 GB SSD2

ACE-VM-4-CORE-ADDON: VMware ESX/ESXi Server v.5.x+
4 additional Processor Cores (max 32 cores total), 16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 480 GB SSD2

Application Data Monitor 

The Application Data Monitor decodes an application session to Layer 7. This decoding provides analysis of everything from the protocols and session integrity to the contents of the application itself. (For example, the text of an email or its attachments.)

ADM-VM: VMware ESX/ESXi Server v.5.x+
8 Processor Cores, 16 GB of Memory
Recommended disk space: 500 GB1

ADM-VM-4-CORE-ADDON: VMware ESX/ESXi Server v.5.x+
4 additional Processor Cores, 16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2

1

Represents usable event and flow storage at 100 IOPS, after RAID configuration.

2

Minimum 50 K IOPS for SSD; a minimum of 100 IOPS additional storage is recommended

ESM supports the following Microsoft Windows operating systems:
 
Operating System ESM 11.3 ESM 11.2 ESM 11.1 ESM 11.0 ESM 10.3 ESM 10.2
Windows Server 2016 Yes Yes Yes Yes Yes Yes
Windows Server 2012 Yes Yes Yes Yes Yes Yes
Windows Server 2008 Yes Yes Yes Yes Yes Yes
Windows 10 Yes Yes Yes Yes Yes Yes
Windows 8.1 Yes Yes Yes Yes Yes Yes
Windows 8 Yes Yes Yes Yes Yes Yes
Windows 7 Yes Yes Yes Yes Yes Yes
Windows Vista Yes Yes Yes Yes Yes Yes
Windows 2003 Server Yes Yes Yes Yes Yes Yes
Windows XP  Yes Yes Yes Yes Yes Yes

Microsoft ended extended support for Windows XP SP3 on April 8, 2014. For best results and optimal security, upgrade to a supported operating system. See KB78434 for details.

Microsoft ended extended support for Windows Server 2003 SP2 on July 14, 2015. As of the end of 2015, the only McAfee product supported with Windows Server 2003 SP2 is Application and Change Control. See KB81563 for details. 
The following web browsers are supported with the ESM. Because some features of the web application use pop-up windows, Technical Support recommends that you allow pop-ups for the IP address or host name of the ESM.
 
Browser Version Required
Mozilla Firefox Version 42 or later
Google Chrome Version 48 or later
Apple Safari Version 5.1.7 or later
Microsoft Internet Explorer

Version 11 or later

The McAfee SIEM products listed in this article support the following cloud services:
  • Amazon Web Services
  • Oracle Cloud Infrastructure
  • Microsoft Azure
This support enables a virtual deployment of the ESM to monitor and report on cloud servers and other types of security infrastructure supported in their respective cloud environments.
Software Version Required
Flash Player

Version 11.2.x.x or later

 

Rate this document

Affected Products

Getting Started
SIEM Advanced Correlation Engine 11.3.x
SIEM Advanced Correlation Engine 11.2.x
SIEM Advanced Correlation Engine 11.1.x
SIEM Advanced Correlation Engine 11.0.x
SIEM Advanced Correlation Engine 10.4.x
SIEM Advanced Correlation Engine 10.3.x
SIEM Advanced Correlation Engine 10.2.x (EOL)
SIEM Application Data Monitor 11.3.x
SIEM Application Data Monitor 11.2.x
SIEM Application Data Monitor 11.1.x
SIEM Application Data Monitor 11.0.x
SIEM Application Data Monitor 10.4.x
SIEM Application Data Monitor 10.3.x
SIEM Application Data Monitor 10.2.x (EOL)
SIEM Database Event Monitor 11.3.x
SIEM Database Event Monitor 11.2.x
SIEM Database Event Monitor 11.1.x
SIEM Database Event Monitor 11.0.x
SIEM Database Event Monitor 10.4.x
SIEM Database Event Monitor 10.3.x
SIEM Database Event Monitor 10.2.x (EOL)
SIEM Direct Attached Storage (DAS) 11.3.x
SIEM Direct Attached Storage (DAS) 11.2.x
SIEM Direct Attached Storage (DAS) 11.1.x
SIEM Direct Attached Storage (DAS) 11.0.x
SIEM Direct Attached Storage (DAS) 10.4.x
SIEM Direct Attached Storage (DAS) 10.3.x
SIEM Direct Attached Storage (DAS) 10.2.x (EOL)
SIEM Enterprise Log Manager 11.3.x
SIEM Enterprise Log Manager 11.2.x
SIEM Enterprise Log Manager 11.1.x
SIEM Enterprise Log Manager 11.0.x
SIEM Enterprise Log Manager 10.4.x
SIEM Enterprise Log Manager 10.3.x
SIEM Enterprise Log Manager 10.2.x (EOL)
SIEM Enterprise Security Manager 11.3.x
SIEM Enterprise Security Manager 11.2.x
SIEM Enterprise Security Manager 11.1.x
SIEM Enterprise Security Manager 11.0.x
SIEM Enterprise Security Manager 10.4.x
SIEM Enterprise Security Manager 10.3.x
SIEM Enterprise Security Manager 10.2.x (EOL)
SIEM Event Receiver 11.3.x
SIEM Event Receiver 11.2.x
SIEM Event Receiver 11.1.x
SIEM Event Receiver 11.0.x
SIEM Event Receiver 10.4.x
SIEM Event Receiver 10.3.x
SIEM Event Receiver 10.2.x (EOL)

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.