Title

The McAfee Data Exchange Layer (DXL) Client policy for all managed systems must have client broker preference enabled. (Cat II impact)

Discussion

This policy configures whether the DXL client connects to a preferred DXL Broker. In order to force the DXL client to connect specifically to the DXL broker coupled with the Threat Intelligence Exchange (TIE) server, the client needs to be configured to have a client broker preference.

Check Content

If the DXL Broker for the McAfee TIE server is the only DXL Broker in the architecture, this check is Not Applicable. This check needs to be completed for the active McAfee DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions" select Edit for the policy that manages the managed clients. Under Client Broker Connections, verify the check box for "Enable client broker preference" is selected. If under Client Broker Connections, the check box for "Enable client broker preference" is not selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Client Broker Connections, select the check box for "Enable client broker preference".

Additional Identifiers

Rule ID: SV-221994r506938_rule

Vulnerability ID: V-221994

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.