Merge pull request #2688 from x3nc0n/patch-1

Fix McAfee ePO parser for ePO 5.10

Solutions/McAfeeePO/Parsers/McAfeeEPOEvent.txt

@@ -5,6 +5,7 @@
 let mcafee_epoevent =() {
 Syslog
 | where SyslogMessage contains '<EPOevent>'
+    or ProcessName contains 'EPOEvents' //for EPO verion 5.10 at least, this is the format now
 | extend EventVendor = 'McAfee'
 | extend EventProduct = 'McAfee ePO'
 | extend DvcHostname = extract(@'\<MachineName\>(.*?)\<\/MachineName\>', 1, SyslogMessage)
@@ -189,4 +190,4 @@ union isfuzzy=true mcafee_epoevent, mcafee_updateevent
         , InitiatorId
         , InitiatorType
         , SiteName
-        , Description
+        , Description