Specification Sheet McAfee SIEM Appliances

April 2020

Maximum Maximum Appliance

Product Solution Description Model Number Part Number Ingestion EPS1 Query EPS2 Size Local Storage3 Network Interfaces System Requirements
ESM-ELM-ERC Provides SIEM, Log Management, ESM-ELM-ERC-VM ELUVME-AA 5,000 1,500 VM Minimum 1 TB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 16GB RAM
“All-In-One” and Network Analysis functions. ESM-ELM-ERC-5775 ENMELM-5775 3,500 1,750 2U 48 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 N/A
Includes McAfee Event Receiver. ESM-ELM-ERC-6075 ENMELM-6075 7,000 3,500 2U 60 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 N/A
Provides compliant Log
Management and collects data for
correlation and analysis by McAfee
Enterprise Security Manager.
Enterprise McAfee Enterprise Security ESM-VM ENUVME-AA 5,000 1,500 VM Minimum 500 GB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 16GB RAM
Security Manager provides Log Analysis, ESM-VM-4-CORE-ADDON4 ENU4AE-AA 13,000 3,500 VM See footnote 5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) Per 4 Core Add-on, 16GB RAM
Manager (ESM) SIEM and Network Analysis ESM-5775 ETM-5775 70,000 20,000 2U 48 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 N/A
functions. ESM-6075 ETM-6075 95,000 20,000 2U 60 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 N/A
ESM-X7-N ETM-X7-N 200,000 35,000 2U 17.3 TB SSD + 3.2 TB SSD (PCIe) (2) 10Gb Ports6 N/A
ESM-X9-N ETM-X9-N 300,000 60,000 2U 21.1 TB SSD + 9.6 TB SSD (PCIe) (2) 10Gb Ports6 N/A
ESM-X11-N ETM-X11-N 400,000 80,000 2U 32.6 TB SSD + 9.6 TB SSD (PCIe) (2) 10Gb Ports6 N/A
Enterprise Log McAfee Enterprise Log Manager ELM-VM ELMVME-AA 10,000 VM Minimum 500 GB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 8GB RAM
Manager (ELM) provides Compliant Log ELM-VM-4-CORE-ADDON4 ELM4AE-AA 7,500 VM See footnote 5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) Per 4 Core Add-on, 16GB RAM
Management functions. Requires ELM-SSD-6 ELM-SSD-6 55,000 2U 11.5 TB SSD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
an ESM and ERC. ELM-5775 ELM-5775 75,000 2U 48 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
ELM-6075 ELM-6075 100,000 2U 60 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
Enterprise Log McAfee Enterprise Log Search ELS-VM ELSVME-AA 7,500 VM Minimum 500 GB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 8GB RAM
Search (ELS) provides high speed Elastic Search ELS-VM-4-CORE-ADDON4 ELS4AE-AA 6,000 VM See footnote 5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) Per 4 Core Add-on, 16GB RAM
functions. Requires an ESM and ELS-SSD-6 ELS-SSD-6 40,000 2U 11.5 TB SSD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
ERC. ELS-5775 ELS-5775 40,000 2U 48 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
ELS-6075 ELS-6075 50,000 2U 60 TB HDD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM and ERC
Direct Attached McAfee Direct Attached Storage DAS-120 DAS-120 4U 144 TB HDD N/A Only for ESM, ELM, ELS
Storage (DAS) provides high performance storage DAS-250 DAS-250 4U 288 TB HDD N/A Only for ESM, ELM, ELS
array for ESM, ELM, and ELS,
redundant architecture with RAID
controller, mirrored cache, and IO
multi-pathing.
Event Receiver McAfee Event Receiver collects 3rd ERC-VM EV2VME-AA 1,500 VM Minimum 500 GB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 8GB RAM
(ERC) party logs, events and flow data for ERC-VM-4-CORE-ADDON4 EV24AE-AA 2,500 VM See footnote 5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) Per 4 Core Add-on, 16GB RAM
correlation and analysis by McAfee ERC-1270 ERC-1270 7,000 1U 4 TB HDD (2) 1Gb Ports + 4 MonitorPorts6 Requires an ESM
Enterprise Security Manager. ERC-2675 ERC-2675 14,000 2U 18 TB HDD (2) 10Gb Ports + 4 Monitor Ports6 Requires an ESM
ERC-3575 ERC-3575 20,000 2U 18 TB HDD + 960 GB SSD (2) 10Gb Ports + 4 Monitor Ports6 Requires an ESM
ERC-SSD-6 ERC-SSD-6 30,000 2U 11.5 TB SSD + 1.9 TB SSD (2) 10Gb Ports + 4 Monitor Ports6 Requires an ESM
Advanced Provides McAfee RSC and ACE-VM ACVVME-AA <20,000 VM Minimum 1 TB5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) 8 Processor Cores, 32GB RAM
Correlation Enterprise correlation - Identify and ACE-VM-4-CORE-ADDON4 ACV4AE-AA ~10,000 VM See footnote 5 VM (AWS, Azure, OCI, HyperV, ESX, KVM, XEN) Per 4 Core Add-on, 32GB RAM
Engine (ACE) score threat events in real time or ACE-2675 ACE-2675 <75,000 2U 18 TB HDD (2) 10Gb Ports6 Requires an ESM
historical mode, using both rule- ACE-SSD-6 ACE-SSD-6 <125,000 2U 11.5 TB SSD + 1.9 TB SSD (2) 10Gb Ports6 Requires an ESM
and risk-based logic, for McAfee
Enterprise Security Manager.
Application Data McAfee Application Data Monitor ADM-VM APMVME-AA 50 Mbps VM Minimum 1 TB5 VM (ESX) 8 Processor Cores, 16GB RAM
Monitor (ADM) decodes an application session to ADM-VM-4-CORE-ADDON APM4AE-AA 50 Mbps VM See footnote 5 VM (ESX) Per 4 Core Add-on, 16GB RAM
Layer 7, providing analysis of ADM-1270 APM-1270 1 Gbps 1U 4 TB HDD (2) 1Gb Ports + 4 Monitor Ports6 Requires an ESM
everything from the protocols and ADM-3575 APM-3575 1 Gbps 2U 18 TB HDD + 960 GB SSD (2) 10Gb Ports + 4 Monitor Ports6 Requires an ESM
session integrity to the contents of
the application itself (such as the text
of an email or its attachments).
 Environmental Hardware Specifications
McAfee SIEM Appliances
Input Power Power AMPS Weight Temperature (Max)
Model Number Dimensions Input Voltage Frequency Supply7 Consumption8 (Max) (lbs) Altitude (Max) Operating BTU/Hr
ESM-X11-N 2U 90V to 132V & 47 Hz to 63 1300W x 2 745 W 3.3 49 lbs Up to 10,000 ft 10C to 35C (50F to 95F) 2537
EXM-X9-N 3 1/2"H x 17 1/4" W 180V to 264V Hz 756 3.4 49 2576
ESM-X7-N x 28"L 686 3.1 47 2336

ESM-ELM-ERC-5775 2U 90V to 132V & 47 Hz to 63 1300W x 2 691 W 3.1 52 lbs Up to 10,000 (Operating) 10C to 35C (50F to 95F) 2354
ESM-ELM-ERC-6075 3 1/2"H x 17 1/4" W 180V to 264V Hz 728 3.3 56 2479
ESM-5775 x 28"L 691 3.1 52 2354
ESM-6075 728 3.3 56 2479
ELM-SSD-6/ELS-SSD-6 628 2.8 47 2137
ELM-5775/ELS-5775 691 3.1 52 2354
ELM-6075/ELS-6075 728 3.3 56 2479
ERC-2675 624 2.8 46 2125
ERC-3575 642 2.9 47 2186
ERC-SSD-6 628 2.8 47 2137
ACE-2675 624 2.8 46 2125
ACE-SSD-6 628 2.8 47 2137
ADM-3575 642 2.9 47 2186
ERC-1270 1U 90V to 132V & 47 Hz to 63 400W x 1 192.6 W 1.8 20 Up to 10,000 (Operating) 10C to 35C (50F to 95F) 656
ADM-1270 1 5/8"H x 17 1/4" W 180V to 264V Hz
x 21 5/8"L

DAS-120 4U 100-240 VAC 50/60 Hz 800W x 2 332 W 10@100- 105 lbs Up to 10,000 Ft (Operating) @ 68F 0C to 35C (32F to 95F) 1331
DAS-250 6 7/8” H x 19”W x full range 663 127VAC/ 146 lbs (operating) 2661
33 1/2”L 5@200- -20C to 60C (-4F to 140F)
240VAC (non-operating)

1. Maximum Ingestion Events Per Second (iEPS) describes peak advertised EPS for this appliance. iEPS is based on out-of-box settings with no adjustments to default event or flow aggregation and very limited overall SIEM user activity (Users, Alarms, Reports, IoCs, etc.). Any
customization in the configuration or increase in user activity may result in reduced observed EPS rates.

2. Maximum Query Events Per Second (qEPS) describes what a typical ESM appliance could expect to achieve under normal, active ESM usage conditions and reduced levels of event aggregation. Max qEPS assumes multiple analysts are accessing the system simultaneously while
background activities such as Alarms, Reports and CyberThreat (IoC) queries are executing. In addition, Max qEPS assumes that customers would adjust the event and flow aggregation rates lower than out-of-box settings. McAfee recommends using qEPS numbers as the basis for
sizing most ESM designs. Note that Max qEPS represents best performance estimates based on observations with typical larger enterprise customers; aggressive customizations or dramatic increases in user activity may result in reduced observed iEPS rates.

3. This is the total raw, unformatted storage available for a given appliance. Please note that usable storage capacity may vary by as much as 40% less, depending on the model, based on RAID configuration, operating environment, data cardinality, software version, and a number of
additional factors based on deployment customizations. For virtual models, the minimum space is a recommendation based on typical operating environments. McAfee SIEM virtual appliances may use as little as 250 GB but operating performance may not be optimal.
4. For ESM, ELM, ERC and ACE Virtual Applications, the 4-CORE-ADDON EPS values are on a per 4-Core basis. Each 4-CORE-ADDON purchased will increase its respective level of EPS for a given virtual appliance. Please Note that there is a 32-core maximum for any given
virtual appliance.
5. For ERC and ADM VM’s, it is recommended that a minimum of 1TB of storage be allocated for the base VM and 500GB for each 4-CORE-ADDON. For ESM and ELM VM’s space should be calculated based on the customer’s data retention requirements. In addition, for all virtual
appliances, especially the ESM, it is recommended that customers use dedicated SSD storage in order to reach higher Ingestion and Query EPS performance levels.

6. For standalone ERC’s, the Mgmt port(s) are used for management and event ingestion while the monitoring ports are used for flow monitoring via a SPAN or TAP port. For HA ERC’s, 2 ports must be configured for Mgmt and event ingestion, 2 ports are used to connect the ERC HA
pair together, and the remaining ports can be used for flow monitoring or additional management. For ADM, the 2 Mgmt ports are used for management and the 4 monitoring ports are used to monitor application or database event traffic. Please note that All McAfee SIEM
appliances, except DAS-120 and DAS-250, have IPMI adapters which can be used for remote console access. However, for HA ERC configurations, the IPMI port is used for the HA configuration and cannot be used for remote management. Because IPMI is not
available in virtual appliances, virtual ERCs do not support HA configuration.
7. For Appliances which ship with dual power supplies, these power units are hot swappable and can be replaced while the appliance is powered on.

8. Power consumption values will vary depending on the individual environment and system usage.


McAfee SIEM appliance specifications and descriptions herein are provided for information only, are subject to change without notice, and are provided without warranty of any kind, expressed or implied.

2821 Mission College Blvd. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be
Santa Clara, CA 95054 claimed as the property of others. Copyright © 2020 McAfee, LLC. 4453_0420
888.847.8766 APRIL 2020
www.mcafee.com