Title

The Trellix Threat Intelligence Exchange (TIE) Server Management DXL Traffic Logging must be enabled. (Cat II impact)

Discussion

It is important to collect performance information for the TIE server to improve troubleshooting and gain a better understanding of the product. The performance metrics are related to response time, number of information requests submitted to the server by the endpoints, and unattended and automatic processes ran by the TIE server.

Check Content

This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. From the "Server Configuration" tab, verify the "Log DXL traffic" check box for "Enabled" is selected. If the "Log DXL traffic" check box for "Enabled" is not selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. From the "Server Configuration" tab, verify the "Log DXL traffic" check box for "Enabled" is selected.

Additional Identifiers

Rule ID: SV-222012r961860_rule

Vulnerability ID: V-222012

Group Title: SRG-APP-000515

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.