Title

The Trellix Threat Intelligence Exchange (TIE) Server Management Performance metrics frequency must be 30 minutes or less. (Cat II impact)

Discussion

The Trellix TIE metrics collected include resource usage and capacity, which measures CPU, RAM, disk, and network usage when using the TIE solution over a few hours, latency impact and scalability, which measures the throughput capacity differences when adding new secondary server instances, and caching benefits on required bandwidth and throughput and increased service throughput when implementing cached reputation stores. An organization will determine the best frequency to ensure continued performance metric monitoring for the size of their network but must not be configured for more than 30 minutes.

Check Content

This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Server Configuration" tab. Under "Performance metrics report", verify the value for "Frequency minutes" is set to 30 minutes or less. If the "Performance metrics report" value for "Frequency minutes" is not set to 30 minutes or less, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Select the "Server Configuration" tab. Under "Performance metrics report", set the value for "Frequency minutes" to 30 minutes or less.

Additional Identifiers

Rule ID: SV-222014r961068_rule

Vulnerability ID: V-222014

Group Title: SRG-APP-000190

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.