cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Intelligence Exchange Installation and Configuration Checklist

Introduction

The TIE Installation Guide can be found on the McAfee download site with a valid grant number.  The installation is fairly quick, however, the following steps should be performed in order.  This checklist is provided as a reference to give you a forward look at what steps will be performed as well as a reference to how far along in the install process you are.

Pre-requisites

 

The following steps need to be installed prior to following the installation steps of the TIE POC Guide

  • Install ePO 5.3
  • Install McAfee Agent 5.0 on 2 or more endpoints
    -  Check in package MA‑WIN 5.0.0 Build XXXX Package #x (ENU‑LICENSED‑Release‑MAIN)
    -  Install extension EPOAGENTMETA.zip
  • Install and deploy the ENS client to your endpoints
    -  Check the following files into the software repository:
      • ENS 10.5 Build xxxx Package #x (AAA‑LICENSED‑RELEASE‑PATCH 4)
      • ENS 10.5 Build xxxx Package #x (AAA‑LICENSED‑RELEASE‑HOTFIX 929019)
    • Install extension ENS 10.5 Build xxxx Package #x (AAA‑LICENSED‑RELEASE‑PATCH 4)
    • Deploy ENS to the Client systems
    • Create a client task to apply ENS hotfix

 

TIE/DXL Installation

 

POC Guide starts here

  • Install TIE/DXL extensions in ePO
    • DXLBrokerMgmt_3.0.1_Build_xxxx Package #x (ENU‑LICENSED‑RELEASE‑MAIN).zip
    • DXLClient_3.0.1_Build_xxxxPackage #x (ENU‑LICENSED‑RELEASE‑MAIN).zip
    • DXLClientMgmt_3.0.1_Build_xxxx Package #x (ENU‑LICENSED‑RELEASE‑MAIN).zip
    • TIEServerMgmt_2.0.1_Build_xxx Package #x (ENU‑LICENSED‑RELEASE‑MAIN).zip
    • TIEmMeta.zip
  • Check in DXL Client Package DXL 3.0.1 Build xxx Package #x (ENU‑LICENSED‑RELEASE‑MAIN)
  • Check in JTICAgent.zip
  • Deploy the TIE/DXL Virtual Server on ESXi server using TIEServer_2.0.1.xxx.x86_64‑MAIN.ova
  • Complete TIE/DXL server installation
  • Create a new Registered Server in ePO for the TIE postgres database
  • Deploy DXL Client using ePO product deployment
  • Deploy TIE Client using ePO product deployment

 

Verify the Installation

  • DXL Broker, DXL Client and TIE server visible in the system tree
  • DXL Client connection state = connected
  • TIE Server connection state = connected
  • A wildcard search for TIE file or cert reputation returns data (Note: you may have to execute a few samples on the endpoint to see data in the TIE reputations page)

 

Configure the TIE solution in ePO

 

  • Configure TIE server extension in ePO
  • Add Virus Total API Key to Server Settings
  • In the Policy Catalog configure GTI, Telemetry, and ATD settings
  • Configure DXL Broker in ePO server settings
Labels (1)
Tags (2)
Contributors
Version history
Revision #:
2 of 2
Last update:
‎03-15-2018 01:10 PM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community