The ePO web API, which let's you change the reputation and comment, hasn't changed so it would not be possible.
FYI, with the latest Adaptive Threat Protection Extension Update, there are new Event Descriptions. Also Detecting Product ID is deprecated and one could use Detecting Product Name.
(If you are using ENS and TIE Module for VSE, the ENS Extension updates and overrides the TIE Module for VSE Extension with these new changes. They both use the same JTIC___1000 Extension in ePO.)
we installed this soulution several times. We just figured out a problem with Tomcat if you have a huge amount of Events in EPO and many TIE/Suspect Events. Often the Tomcat Service Needs more and more Memory or completely Brakes.
So we developed a OpenDXL solution to connect directly to the DXL fabric. We can see now any File request to TIE. Based on the query we are asking several Information Repositories for Black and Whitelisting, also including virustotal. The improvement is, we see any DXL request and we are not dependend on a threat Event in EPO. We see now any DXL request from any McAfee endpoint (VSE/ENS/Move), ATD, SIEM, MWG and so on. This Information is used to query several iinformation Repositories. The result of this requests is then processed and the TIE Reputation is updated.
but this is not possible. It is a complete System, also with a backbone system in our datacenter. After a client request, the backbone system queries severeal data sources, stores the information in a database and sends the result back to the FireS client at the customer. The customer himself can decide how the information is used and how the TIE reputation is updated.
We are selling this as a service to our customers and are working on a solution where other McAfee partners can use the solution for theire customers.
Finally, if you are interested in the solution just send mit a message.
I do according to the instructions in the first post.
It is necessary to adjust the script work for the program's McAfee Endpoint Security.
I stopped on the creation of an automatic response.
I have the list of products is not specified in the instructions.
I use the TIE v1.3.
Module integration McAfee Endpoint Security with TIE installed.
What could be the problem?
You need to add the following highlighted below.
You're showing the content of the "Master Repository", you need to install the module on one of the endpoint.
If it does not show it's because you have not had any events by that product.
I'd like to thank you for providing this convicter script. I receive the error "Missing or incorrect arguments" when I run the script either from the command line or test the registered executable within ePO. I entered the necessary information into the script for it to communicate with ePO and VT. The account has "run as a Batch Job" privileges and full control of the python27 folder. Any suggestions?