cancel
Showing results for 
Search instead for 
Did you mean: 

TIE & McAfee ePO

I have installed the TIE server and its communicating to the McAfee ePO server.

What should i do next for reputations ?  Is there anything to be done in TIE server ?

Please advice me ! Thanks in advance

4 Replies

Re: TIE & McAfee ePO

Moved to TIE for better support

Rich

McAfee Volunteer Moderator - Business Products

Re: TIE & McAfee ePO

I would recommend to read the product guide for both TIE and DXL to find out what your next steps should be. If you want to go with the express method, you could go for the TIE POC Guide, it has a pretty straightforward procedure for installation of TIE and DXL. Google it.

Have to warn you though, it's outdated (2014). To be honest, there really is no substitute for reading the product documentation.

Re: TIE & McAfee ePO

You can find the product guides in the Knowledgebase

TIE Server Product Guide

DXL 3.0.1 Product Guide

Rich

McAfee Volunteer Moderator - Business Products

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: TIE & McAfee ePO

Hello ​,

TIE is not only a product, much more TIE is also a strategy. TIE is one possible Information storage. If you are using TIE, i think so, you have also installed DXL Brokers (or DXL Service on TIE), DXL Client (Extension) in EPO, DXL Client on the endpoint.

WIth this infrastructure now the McAfee components are sharing Information using the DXL fabric. It gives you more Information about your Environment, because you can take a look which unknown Code has been executed in your Environment. Also the reaction time is reduced to a Minimum. If you figure out a file which may be malicious you can block it within a second in your whole environment.

Also DXL is now OpenDXL and you can share Information with "non McAfee security products".

The next step is to "enrich" your data (like in a SIEM product) in TIE. This could be based on virustotal.com Information or any other source.

How about using a MISP Environment, doing Threat Information sharing using STIX/TAXII. All of this is possible, where TIE is a part of it. How about connecting a Checkpoint Firewall. How about connecting Proxy Systems. How about connecting a SIEM solution?? .... so much useful opportunities. 🙂

So finally, TIE is not only a product, it is also an Approach, a strategy.....

One thing is important from my side, you will see much unknown Code in TIE. Do not start to figure out the Reputation of any file, you will never finish that. But, if you want ro reduce the Grey in TIE the following links may be useful.

  • Query virustotal based on Events:
  • Golden Image Tool for TIE:

Hope this helps,

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community