Has anyone of you guys configure MVISION ePO to use an on premise ATD? I can’t find any documentation about such a setup. Someone told med that an DXL Broker is required on premise.
Solved! Go to Solution.
Unfortunately, in the ATD support/Engineering department we haven't tested the integration ATD and MVISION ePO, so we don't have much information on this integration. I reckon professional services should conduct a POC to determine if this is feasible. I believe Endpoints submit samples to the "local DXL broker" on-premise which then submits the file to ATD, so a local DXL is needed for this to work.
Please refer this document to know how the sample submission flow works with MVePO, TIE through DXL Local Broker: https://docs.mcafee.com/bundle/mvision-threat-intelligence-exchange-product-guide/page/GUID-ECD57A75...
Update TIE policy:
Update ATP policy:
In the meantime, we have asked ATD engineering to provide more detailed steps on how to integrate ATD and MVISION ePO, they have acknowledged the ask and they are planning it in H222.
Hope this helps,
So there is no documentation how to make ATD work with MVISION ePO and nobody can tell us how to configure it. I'm woundering why there is a feature in MVSION ePO, to configure it with ATD (Settings => Threat Intelligence Exchange Server)?
We don’t need to worry about setting up anything in ATD around epo or DXL settings.
In ATD we only need to enter ePO's IP address, there is no other configuration to be done.
The question is how MVISION TIE communicates with ATD, i believe this is using local DXL broker and the DXL client in ATD can communicate with the DXL broker.
This question is more relevant to DXL/TIE/ePO team than ATD.
I will move this discussion to DXL/TIE/ePO team so they can provide more information.
There is no documentation how to configure MVISION ePO and ATD. We have customers who have purchased ATD to use with MVSION ePO and nobody at McAfee, can tell us how to configure MVISION ePO and ATD. I'm not going to write my thoughts, in this forum about McAfee selling ATD to MVISION ePO customers.
Mvision IP's can change, so there is no set IP that can be used to configure it. Under appliance and server registration, there is only option to add a dlp appliance or network security device to register a new appliance.
Per KB87121, it only lists on-prem epo versions. If ATD cannot be configured via url instead of IP, that seems to me to be a product enhancement request and I would suggest a refund and talk with your sales person that sold it to you.
ePO 5.1 and 5.3 have reached End of Life (EOL). Use ePO 5.9 or 5.10:
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
As I see it. It's not possible to use ATD if you are a MVSION ePO customer.
It's pretty strange that there is a feature to configure ATD in MVSION ePO and nobody at McAfee knows how to make it work?
I understand the frustration about the setup ATD/MVISION ePO.
We have spoken to ATD engineering and they said at the moment ATD cannot be configured via url it is only via IP, which will not work when using MVISION ePO.
So our ATD Product Manager has taken this into consideration and they have decided to enhance ATD to allow it integrate with MVISION ePO.
The product manger has acknowledged this enhancement and they are planning it this year.
Hope this helps