Product GuideMcAfee Threat Intelligence Exchange1.0.0For use with ePolicy Orchestrator 5.1.1 Software
• Brokers — Installed on managed systems and communicate messages between ThreatIntelligence Exchange modules. The network of brokers tracks active co
How Threat Intelligence Exchange worksThreat Intelligence Exchange is the first product to use the Data Exchange Layer framework to sharefile and thre
6If the file hash is not found in the Threat Intelligence Exchange cache or database, the serverqueries McAfee GTI for the file hash reputation. If fo
2Using Threat Intelligence ExchangeContents Getting started with Threat Intelligence Exchange Blocking or allowing files and certificates Cha
Use the Event Manager and McAfee ePO Dashboards to see the files and certificates that are allowedor blocked based on the policies.You can view detail
File-only information• File name, path, size, product, publisher, and prevalence• SHA and MD5 Hash information• Operating system version of the report
Create a Threat Intelligence Exchange module policyPolicy settings determine when a file or certificate is allowed to run, is blocked, or if users are
Scenarios• Your site commonly uses a file whose default reputation is unknown or might be classified maliciousbecause it is a custom file. Because you
4Select items in the list and use the Actions menu to set reputation override settings. The files orcertificates are then added to the overrides list.
Example import file<?xml version="1.0" encoding="UTF-8"?><TIEReputations> <FileReputation>
COPYRIGHTCopyright © 2014 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee
TaskFor option definitions, click ? in the interface.1Click Menu | Systems | TIE Reputations.2Click the File Search tab.3Enter a specific file name, o
Examples• If a specific system regularly prompts users, select the system from the list on the TIE module forVSE Events page. You can then see details
Responding to eventsUse the information on the TIE module for VSE Events page to adjust file and certificate reputations toprevent threats and other e
Managing Data Exchange Layer brokersThe Data Exchange Layer (DXL) includes a client and at least one broker that allows bidirectionalcommunication bet
To use a Data Exchange Layer broker in a DMZ, firewall rules are necessary. Also, the Data ExchangeLayer topology must be structured in a way that all
3ReportingYou can access Threat Intelligence Exchange reports from the McAfee ePO Queries & Reports feature.There are reports for the Threat Intel
3ReportingViewing reports26McAfee Threat Intelligence Exchange 1.0.0 Product Guide
IndexAabout this guide 5Advanced Threat Defense 14configuring for TIE 16sending files to 15used in determining reputations 11allowing files and certif
Product Improvement Program 14promptingsetting up 16Rreputationschanging for a file or certificate 16changing using McAfee ePO API 19how they are adde
ContentsPreface 5About this guide ... 5Audience ... 5Conventions ...
Contents4McAfee Threat Intelligence Exchange 1.0.0 Product Guide
PrefaceThis guide provides the information you need to work with your McAfee product.Contents About this guide Find product documentationAbout t
Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.Task1Go to the
1OverviewMcAfee® Threat Intelligence Exchange provides context-aware adaptive security for your enterpriseenvironment.Contents Benefits of Threat I
Threat Intelligence Exchange componentsThreat Intelligence Exchange includes multiple components.• A module for McAfee® VirusScan® Enterprise• A serve
• Create policies that allow or block files and certificates depending on their reputation. Or receive aprompt each time a file or certificate with a
Comments to this Manuals