0 Replies Latest reply on May 11, 2016 10:45 AM by Troja

    MWG and TIE Reputations - First seen in the environment by MWG

    Troja

      Hi all,

      i have some questions about MWG and TIE integration. First of all, the integration into TIE/DXL works fine. I just have two questions regarding the TIE reputations.

      Some info about my MWG policy.

      1) TIE Query ruleset is located after the composite opener in front of the ATD and GAM Ruleset. I used the ruleset provided by @michael_schneider from this thread: TIE/DXL + MWG

      2) ATD integration is working fine. We do data Trickling until ATD analyzes the file.

       

      After downloading the Files it is not clear for me why the TIE Reputations are shown like described below.

       

      CASE 1:

      MWG is downloading a file and does a TIE Query through DXL. This file was not executed by any endpoint.

      If i´m searching for the file or the hash under TIE reputations i cannot find the file. If i execute the file it is visible under TIE. After clicking "Where has file run" i can see both entries, mwg first and afterwards the endpoint.

       

      CASE 2:

      MWG is downloading a file. No client executed the file before. MWG shows the data trickling page during file upload to ATD. (I´m not shure if this question is MWG or ATD related)

      The TIE Reputation entry is shown as below.

       

      The file name is the URL:

      Capture.GIF

       

      After clicking -> "Where has file run" i just see a GUID instead of a system name.

      Capture.GIF

       

      Any ideas?? Any Info??

       

      Cheers