Accepted Solutions
Servus Thorsten,
the below is all you need. MWG can just subscribe and not publish (yet).
To be very clear - MWG can not publish reputations to TIE right now. We are working internally to get this lined up.
The generic DXL protperties that are reference will enable you to do all kinds of cool things on a Main version while we introduce specfic properties such as TIE.Filereputation in the Controlled version of MWG. The generic properties will allow you to do all these things that the property automates by hand, so that you can use more and new features even when you are not a controlled release but have selected 7.5.2 as Main, once it becomes Main.
+ you need to enter the ePO DXL credentials under Configuration > ePO
+ you need the mep extension (available from https://contentsecurity.mcafee.com)
+ you need to have TIE/DXL running obviously
Servus Thorsten,
the below is all you need. MWG can just subscribe and not publish (yet).
To be very clear - MWG can not publish reputations to TIE right now. We are working internally to get this lined up.
The generic DXL protperties that are reference will enable you to do all kinds of cool things on a Main version while we introduce specfic properties such as TIE.Filereputation in the Controlled version of MWG. The generic properties will allow you to do all these things that the property automates by hand, so that you can use more and new features even when you are not a controlled release but have selected 7.5.2 as Main, once it becomes Main.
+ you need to enter the ePO DXL credentials under Configuration > ePO
+ you need the mep extension (available from https://contentsecurity.mcafee.com)
+ you need to have TIE/DXL running obviously
Hallo Michael,
thanks for the rely, the MWG product manual and the MWG help were confusing me, especially Page 160 in the product manual.
So, i do not have to configure something under Configuration -> Proxies -> Data Exchange Layer. Is this right?
But, and this is really helpful, i can see MWG under TIE Reputations (Where has file run) 🙂
Cheers,
Thorsten
this is real easy going. My information depends on a functioning TIE, DXL environment.
1) Install the Mobile EPO extension into EPO. You can download the extension from https://contentsecurity.mcafee.com -> download -> tools -> McAfee EPO extension -> MePO extension.
2) After a successfull checkin you can see a new option in the McAfee Agent policy.
Activate this setting as seen in the screenshot.
3) In MWG GUI -> Configuration -> ePolicy Orchestrator add the EPO Server name and an user account to register MWG to DXL.
You can use the admin account. If you are using a different user this EPO must must have the following user right granted: DXL McAfee MePO Certificate Creation:
Check the dxl Log on MWG if there are any errors. The log is located under the debug logs.
Note: There is no McAfee Agent installed on MWG. There is only a System Tree object generated in the EPO System Tree through the MePO extension!
If anything is fine you can see MWG in the System Tree. Some infos which are important.
- The last communication field shows the date when the object was generated. This value will not be updated. At the moment this is made by design.
- The Agent version 4.6.0 is show. This is okay and made by design at the moment. Remember, there is no McAfee Agent installed on MWG!!
3) Add the ruleset as shown above from to your MWG ruleset.
- Do NOT enter any value under Configuration -> Proxies (HTTP(S), SOCKS, ICAP...) -> Data Exchange Layer. This is not necessary.
Finally just test your deployment with any file downloadable from internet.
4) EPO Reporting
4.1) If anything is suscessfull you can see the proxy entry under TIE Reputations -> Where has file run -> (dxlproxy.mal.ware is my mwg)
4.2) The query "TIE Server Top 10 Systems with New Files in Last Week" also shows the requests of your proxy.
4.3) If you are using ATD version 3.4.8.96.50610 you will also see your ATD System like your MWG.
4.4) If using the ATD Threat Event extension in EPO you can see a Threat Event for any ATD detection in EPO.
5) At the moment there are two limitations with MWG and the MePO extension.
- If MWG queries the TIE server database a entry without a file name is generated. This cannot be changed at the moment.
- If MWG is removed from the System Tree the systems is not registered again automatically. Even you are entering the EPO credentials MWG is not registered. In this case you have to do the following steps on MWG. I got htis information from support and it works.
-Stop MWG services: service mwg stop
-Delete the following folder and its contents: /opt/mwg/data/dxl (do NOT remove the subdirectories)
-Start MWG services: service mwg start
Hope this helps,
Cheers
You Deserve an Award
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA