Moved to TIE for better support
McAfee Volunteer Moderator - Business Products
I would recommend to read the product guide for both TIE and DXL to find out what your next steps should be. If you want to go with the express method, you could go for the TIE POC Guide, it has a pretty straightforward procedure for installation of TIE and DXL. Google it.
Have to warn you though, it's outdated (2014). To be honest, there really is no substitute for reading the product documentation.
TIE is not only a product, much more TIE is also a strategy. TIE is one possible Information storage. If you are using TIE, i think so, you have also installed DXL Brokers (or DXL Service on TIE), DXL Client (Extension) in EPO, DXL Client on the endpoint.
WIth this infrastructure now the McAfee components are sharing Information using the DXL fabric. It gives you more Information about your Environment, because you can take a look which unknown Code has been executed in your Environment. Also the reaction time is reduced to a Minimum. If you figure out a file which may be malicious you can block it within a second in your whole environment.
Also DXL is now OpenDXL and you can share Information with "non McAfee security products".
The next step is to "enrich" your data (like in a SIEM product) in TIE. This could be based on virustotal.com Information or any other source.
How about using a MISP Environment, doing Threat Information sharing using STIX/TAXII. All of this is possible, where TIE is a part of it. How about connecting a Checkpoint Firewall. How about connecting Proxy Systems. How about connecting a SIEM solution?? .... so much useful opportunities. :-)
So finally, TIE is not only a product, it is also an Approach, a strategy.....
One thing is important from my side, you will see much unknown Code in TIE. Do not start to figure out the Reputation of any file, you will never finish that. But, if you want ro reduce the Grey in TIE the following links may be useful.
- Query virustotal based on Events: Convicter – Utilize VirusTotal with TIE/DXL to convict files automatically
- Golden Image Tool for TIE: Golden Image Tool with GUI
Hope this helps,