cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding malicious hash values in TIE File overrides.

Hi Team, I would like to know the best practices in adding malicious hash values to TIE reputation through file overrides. We receive malicious hash values through open source intelligence alerts.

Please suggest if it is recommended to add them in TIE reputation.

Thanks in advance.

1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Adding malicious hash values in TIE File overrides.

Hello Satish_Talatam, 

 

Bulk adding malicious hashes to the TIE DB often just results in excessive information being available in the TIE database. As GTI often contains the same list of malicious hashes, the manual import efforts are duplicated. Any manual import also exists in the database forever...even if your environment never shows any evidence of those hashes. Over time this can inflate thee database with local override information that would have been available in GTI anyway. For that reason we typically recommend customizing a workflow with OpenDXL that first queries TIE for the hashes in your data source, and then only imports the ones that it finds are NOT AVAILABLE. More information about Open DXL can be found at www.openDXL.com.

 

Thanks

Brian Barnes

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community