cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jogvan
Level 10
Report Inappropriate Content
Message 1 of 11
‎12-14-2021 12:48 AM

ATD and MVISION ePO

Jump to solution

Hello,

 

Has anyone of you guys configure MVISION ePO to use an on premise ATD? I can’t find any documentation about such a setup. Someone told med that an DXL Broker is required on premise. 

Best regards

Jógvan

0 Kudos
Reply
1 Solution

Accepted Solutions
hsadi
Employee
Employee
Report Inappropriate Content
Message 11 of 11
‎01-06-2022 02:56 AM

Re: ATD and MVISION ePO

Jump to solution

Hi jogvan

Definitely, we will make sure that there will be a detailed documentation with flowcharts when Engineering adds the feature into ATD.

Best regards

View solution in original post

0 Kudos
Reply
10 Replies
hsadi
Employee
Employee
Report Inappropriate Content
Message 2 of 11
‎12-14-2021 08:58 AM

Re: ATD and MVISION ePO

Jump to solution

Hi Jogvan,

 

Unfortunately, in the ATD support/Engineering department we haven't tested the integration ATD and MVISION ePO, so we don't have much information on this integration. I reckon professional services should conduct a POC to determine if this is feasible. I believe Endpoints submit samples to the "local DXL broker" on-premise which then submits the file to ATD, so a local DXL is needed for this to work.

Please refer this document to know how the sample submission flow works with MVePO, TIE through DXL Local Broker: https://docs.mcafee.com/bundle/mvision-threat-intelligence-exchange-product-guide/page/GUID-ECD57A75...

 

Update TIE policy:

https://docs.mcafee.com/bundle/mvision-threat-intelligence-exchange-product-guide/page/GUID-B4ABAF6B...

 

Update ATP policy:

https://docs.mcafee.com/bundle/mvision-threat-intelligence-exchange-product-guide/page/GUID-9E519168...

In the meantime, we have asked ATD engineering to provide more detailed steps on how to integrate ATD and MVISION ePO, they have acknowledged the ask and they are planning it in H222.

Hope this helps,

0 Kudos
Reply
johei
Level 7
Report Inappropriate Content
Message 3 of 11
‎12-15-2021 05:13 AM

Re: ATD and MVISION ePO

Jump to solution

Hi,

So there is no documentation how to make ATD work with MVISION ePO and nobody can tell us how to configure it. I'm woundering why there is a feature in MVSION ePO, to configure it with ATD (Settings => Threat Intelligence Exchange Server)? 

Best regards
Jogvan

0 Kudos
Reply
hsadi
Employee
Employee
Report Inappropriate Content
Message 4 of 11
‎12-15-2021 05:49 AM

Re: ATD and MVISION ePO

Jump to solution

Hi johei

We don’t need to worry about setting up anything in ATD around epo or DXL settings.

In ATD we only need to enter ePO's IP address, there is no other configuration to be done.

The question is how MVISION TIE communicates with ATD, i believe this is using local DXL broker and the DXL client in ATD can communicate with the DXL broker.

This question is more relevant to DXL/TIE/ePO team than ATD.

I will move this discussion to DXL/TIE/ePO team so they can provide more information.

 

Best regards

 

Reply
johei
Level 7
Report Inappropriate Content
Message 5 of 11
‎12-15-2021 05:57 AM

Re: ATD and MVISION ePO

Jump to solution

When configuring ATD to MVISION ePO, which ip shall we use to connect the ATD to MVISON ePO? 

See attached screenshot.

Best regards

Jogvan 

0 Kudos
Reply
jogvan
Level 10
Report Inappropriate Content
Message 6 of 11
‎12-28-2021 02:48 AM

Re: ATD and MVISION ePO

Jump to solution

Hi,

 

There is no documentation how to configure MVISION ePO and ATD. We have customers who have purchased ATD to use with MVSION ePO and nobody at McAfee, can tell us how to configure MVISION ePO and ATD.  I'm not going to write my thoughts, in this forum about McAfee selling ATD to MVISION ePO customers.

 

Regards
Jogvan

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 7 of 11
‎12-28-2021 06:02 AM

Re: ATD and MVISION ePO

Jump to solution

Mvision IP's can change, so there is no set IP that can be used to configure it.  Under appliance and server registration, there is only option to add a dlp appliance or network security device to register a new appliance.  

Per KB87121, it only lists on-prem epo versions.  If ATD cannot be configured via url instead of IP, that seems to me to be a product enhancement request and I would suggest a refund and talk with your sales person that sold it to you.

ePolicy Orchestrator
ePO 5.1 and 5.3 have reached End of Life (EOL). Use ePO 5.9 or 5.10:
  • Operating system profiling with ePO 5.10.0 does not work in ATD 4.0–4.6. McAfee Enterprise recommends using 5.9.0 with these ATD releases.
  • ATD 4.8 and later works with 5.9.0 and 5.10.0 and is fully supported.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
jogvan
Level 10
Report Inappropriate Content
Message 8 of 11
‎01-05-2022 03:34 AM

Re: ATD and MVISION ePO

Jump to solution

Hi,

As I see it. It's not possible to use ATD if you are a MVSION ePO customer.

It's pretty strange that there is a feature to configure ATD in MVSION ePO and nobody at McAfee knows how to make it work?

 

Best regards

Jogvan

0 Kudos
Reply
hsadi
Employee
Employee
Report Inappropriate Content
Message 9 of 11
‎01-05-2022 03:54 AM

Re: ATD and MVISION ePO

Jump to solution

Hi Jogvan,

I understand the frustration about the setup ATD/MVISION ePO.

We have spoken to ATD engineering and they said at the moment ATD cannot be configured via url it is only via IP, which will not work when using MVISION ePO.

So our ATD Product Manager has taken this into consideration and they have decided to enhance ATD to allow it integrate with MVISION ePO.

The product manger has acknowledged this enhancement and they are planning it this year.

Hope this helps

0 Kudos
Reply
jogvan
Level 10
Report Inappropriate Content
Message 10 of 11
‎01-06-2022 02:29 AM

Re: ATD and MVISION ePO

Jump to solution

Hi hsadi,

Thanks for the update.

It would also be nice with some documentation and flowchart of a MVISION ePO/ATD setup.

Best regards
Jogvan 

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC