cancel
Showing results for 
Search instead for 
Did you mean: 

How to immunize your environment from emerging threats with McAfee Threat Intelligence Exchange

Introduction

McAfee Threat Intelligence Exchange allows you to immunize your environment from emerging threats.

Video

Prerequisites

 

Objective

The objective of this use case is to demonstrate the ability to immunize your environment before a threat ever occurs.  Successful completion of this use case will demonstrate the ability to import threat intelligence.

 

Use Case

You have the ability to immunize your environment before a threat occurs. You can get this intelligence from third-party threat feeds, the media, or other security products.

In ePO click on Menu | Systems Section | TIE Reputations | File Overrides

Click Actions | Import Reputations

bm.png

 

Enter
Filename: MORPH.EXE

 

SHA-1 Hash:
0x13ECDDA4F45CD028221AF300EEBB207B60CB5C6C

MD5 Hash:
0xFB36DE68696BC60D9A51B537F97BDAD3

 

Set to Most Likely Malicious

bn.png

Click OK and OK on the confirmation screen

**Reputations can also be imported via xml or ePO API

Note:  There is no specified limit in the file size that can be imported but be aware that every definition will trigger a reputation change event.

 

Hash tool
Determining the hash of a file allows the administrator to import a reputation before the file ever enters the environment.  As referenced in the Content section a free Hash tool can be found at  http://www.keir.net/hash.html

 

Log in to the Client system and attempt to run Morph.exe.

morph.png

The file is blocked immediately because we set its reputation to Most Likely Malicious in the previous step. This reputation was immediately known by the endpoint because TIE and the DXL operate in real time.

morph block.png

  

 

Conclusion


The TIE solution gives the administrator the ability to immunize the enterprise with imported threat intelligence.

Labels (1)
Tags (2)
Contributors
Version history
Revision #:
3 of 3
Last update:
‎03-15-2018 01:17 PM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community