cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee ESM GTI watchlists vs rule updates

Jump to solution

According to the McAfee ESM documentation and our experience GTI watchlists are enabled and populated initially during ESM Rule update (provided, a GTI license was purchased for the account).

Question: do subsequent GTI watchlist updates require ESM Rule updates, or are they updated independently? Particularly, will GTI watchlists be updated automatically, even if one disables automatic ESM Rule updates?

Thank you.

1 Solution

Accepted Solutions

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

If the box for automatic rule updates is unchecked then there will also not be any GTI updates. 

This is the only way for GTI to work too. Unlike rules, there isn't any way to manually update GTI. The ESM must be connected to the Internet to use GTI and can only receive updates via the rules server. Thanks.

5 Replies
Highlighted

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

I think they go together

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

My understanding is the following based on my experience with GTI:

-GTI requires a subscription, and the appropriate credentials entered in the ESM properties

-If credentials exist and are valid, updates to the GTI 'watchlists' are performed during the daily rules update.

-If credentials are not entered or are no longer valid, the rules update will be performed without consuming any of the GTI data.

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

Almost - no credentials, then no rules either. GTI is attached the credentials in the background and there isn't an external identifier it's active (other than active watchlists). 

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

The question is not whether the credentials are required, but whether the automatic checkbox should be ticked in Rule Updates for the GTI watchlists to be updated too. In other words, consider scenario:

1. Credentials for rule updates are entered
2. Manual Rule Update is initiated
3. GTI Watchlists become active
4. Automatic rule updates are disabled
... will the watchlists still be updated automatically after that, or it is required to have automatic rule updates enabled?

Re: McAfee ESM GTI watchlists vs rule updates

Jump to solution

If the box for automatic rule updates is unchecked then there will also not be any GTI updates. 

This is the only way for GTI to work too. Unlike rules, there isn't any way to manually update GTI. The ESM must be connected to the Internet to use GTI and can only receive updates via the rules server. Thanks.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community