cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

McAfee ESM GTI watchlists vs rule updates

Jump to solution

According to the McAfee ESM documentation and our experience GTI watchlists are enabled and populated initially during ESM Rule update (provided, a GTI license was purchased for the account).

Question: do subsequent GTI watchlist updates require ESM Rule updates, or are they updated independently? Particularly, will GTI watchlists be updated automatically, even if one disables automatic ESM Rule updates?

Thank you.

1 Solution

Accepted Solutions
Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

If the box for automatic rule updates is unchecked then there will also not be any GTI updates. 

This is the only way for GTI to work too. Unlike rules, there isn't any way to manually update GTI. The ESM must be connected to the Internet to use GTI and can only receive updates via the rules server. Thanks.

View solution in original post

5 Replies
Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

I think they go together

Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

My understanding is the following based on my experience with GTI:

-GTI requires a subscription, and the appropriate credentials entered in the ESM properties

-If credentials exist and are valid, updates to the GTI 'watchlists' are performed during the daily rules update.

-If credentials are not entered or are no longer valid, the rules update will be performed without consuming any of the GTI data.

Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

Almost - no credentials, then no rules either. GTI is attached the credentials in the background and there isn't an external identifier it's active (other than active watchlists). 

Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

The question is not whether the credentials are required, but whether the automatic checkbox should be ticked in Rule Updates for the GTI watchlists to be updated too. In other words, consider scenario:

1. Credentials for rule updates are entered
2. Manual Rule Update is initiated
3. GTI Watchlists become active
4. Automatic rule updates are disabled
... will the watchlists still be updated automatically after that, or it is required to have automatic rule updates enabled?

Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

If the box for automatic rule updates is unchecked then there will also not be any GTI updates. 

This is the only way for GTI to work too. Unlike rules, there isn't any way to manually update GTI. The ESM must be connected to the Internet to use GTI and can only receive updates via the rules server. Thanks.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community