cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iverbuyst
Level 9
Report Inappropriate Content
Message 1 of 7
‎03-23-2021 05:01 AM

TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hello,

We recently installed a McAfee TIE server and noticed in the TIE Reputation that for a lot of entries the GTI Reputation = "Not Available" but when we manually trigger the Refresh GTI Reputation for those entries the GTI Reputation becomes "Known Trusted".

We would expect this to be an automated proces but even entries older the 7 days have this. 

Did we miss something in the configuration oris this normal behaviour?

Best Regards,

Ivan

0 Kudos
Reply
1 Solution

Accepted Solutions
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 6 of 7
‎03-25-2021 05:37 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hi@iverbuyst,

That is indeed a very interesting inference. May I request you to kindly please have an SR created with your observation so that we can confirm this from our end as well by checking this with Engineering.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

0 Kudos
Reply
6 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 7
‎03-23-2021 09:22 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hello @iverbuyst 

Thanks for your post.

I would like to request you to please refer the below KB article:

FAQs for Global Threat Intelligence File Reputation

https://kc.mcafee.com/corporate/index?page=content&id=KB53735

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 3 of 7
‎03-23-2021 10:25 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

@Former Member 

FAQ explains what GTI is but not why the GTI Reputation on the TIE Reputation page stays not available until I manually trigger it to refresh the GTI Reputation.

In the TIE Server documentation I've found that "Not Available" means that the GTI was not reachable when TIE tried to retrieve the file reputation.

When we monitor our Firewall we see connection being made from our TIE servers to tieserver.rest.gti.mcafee.com on port 443 so this is also ok. 

0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 7
‎03-24-2021 05:58 PM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hi @iverbuyst,

Thank you for your post. Yes, you are right, we would need to investigate the part where your GTI connectivity is just fine, however, it does not refresh the status unless you manually do the same. I would recommend creating a Service Request to have this investigated and identify the behavior cause for the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 5 of 7
‎03-25-2021 02:28 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hi @AdithyanT 

We've did some further investigation and noticed that 99% of the files that have a "Not Available" GTI Reputation also have "137 v3 - Identify unsigned DOTNet assemblies that Might Be Trusted" as last applied rule.

So it may be that this rule instructs the TIE no to check GTI, but then it would make more sense that the rule would set the initial GTI Reputation to "Not Set" so that it gets updated during the hourly GTI-Refresh which is not the case when the GTI Reputation is "Not Available".

0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 6 of 7
‎03-25-2021 05:37 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Hi@iverbuyst,

That is indeed a very interesting inference. May I request you to kindly please have an SR created with your observation so that we can confirm this from our end as well by checking this with Engineering.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 7 of 7
‎03-26-2021 04:11 AM

Re: TIE Reputation - When is GTI Reputation updated?

Jump to solution

Ok,

We'll submit a SR.

Best Regards,

Ivan

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC