cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Blue88
Level 7
Report Inappropriate Content
Message 1 of 4
‎11-03-2020 09:23 AM

Active Response and air-gap enviroment

Jump to solution

Hello,

Is it possible to use Active Response or just the MAR search without connecting to the McAfee cloud?

Can I update the Tie Reputation db manually in order to see my cases in the Active Response Search in an air-gap environment (no internet connection)?

Thanks in advance!

0 Kudos
Reply
1 Solution

Accepted Solutions
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4
‎11-04-2020 04:15 AM

Re: Active Response and air-gap enviroment

Jump to solution

Hello, 

 

I do not believe so. ENS ATP is the primary endpoint product that will consume TIE reputation. The MAR search capabilities are limited to the information the collectors you call actually collect. I am afraid none of the collectors pull an inventory of TIE reputations into the search results. 

 

The threats area (the part requiring cloud connectivity) does perform this lookup for any acknowledged potential threats. However, it does not do it for ALL files. 

 

I hope this information helps!

Brian

View solution in original post

0 Kudos
Reply
3 Replies
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎11-03-2020 01:45 PM

Re: Active Response and air-gap enviroment

Jump to solution

Hello Blue88Report, 

 

Registration of Active Response and operating the product in a way that will not generate any UI errors does require active cloud connectivity.  MAR search is a feature that does NOT leverage the cloud, it is primarily used instead to store threat and telemetry data. 

 

I am not sure I understand your follow up question:

"Can I update the Tie Reputation db manually in order to see my cases in the Active Response Search in an air-gap environment (no internet connection)?"

 

Active response UI can be used to issue reputation overrides with TIE server. However, that functionality is only available when viewing MAR threats (the cloud connected UI). I am not sure that answers your questions, if you could perhaps clarify I can try to get you a better answer.

 

Thanks 

Brian Barnes

0 Kudos
Reply
Blue88
Level 7
Report Inappropriate Content
Message 3 of 4
‎11-03-2020 07:55 PM

Re: Active Response and air-gap enviroment

Jump to solution

Hello Brian,

Thanks for the reply!

I'm updating the Tie Reputation manually using the "file override" option. Will it correspond with the Active Repose search in case of any hits?

Thanks in advance!

0 Kudos
Reply
bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4
‎11-04-2020 04:15 AM

Re: Active Response and air-gap enviroment

Jump to solution

Hello, 

 

I do not believe so. ENS ATP is the primary endpoint product that will consume TIE reputation. The MAR search capabilities are limited to the information the collectors you call actually collect. I am afraid none of the collectors pull an inventory of TIE reputations into the search results. 

 

The threats area (the part requiring cloud connectivity) does perform this lookup for any acknowledged potential threats. However, it does not do it for ALL files. 

 

I hope this information helps!

Brian

View solution in original post

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC