Title

The Trellix Advanced Threat Defense (ATD) server list must be populated with IP address/Fully Qualified Domain Name (FQDN) and port of the Cloud Threat Detection (CTD) server. (Cat II impact)

Discussion

Trellix ATD is a separate Trellix product which enables organizations to detect advanced, evasive malware and convert threat information into action and protection. It includes additional inspection capabilities that broaden detection and expose evasive threats. It integrates with other Trellix security solutions, one of which is the Trellix TIE server. This requirement is to be configured if the organization has the Trellix ATD solution implemented as part of their security infrastructure.

Check Content

NOTE: If the organization has not implemented the Trellix ATD as part of their security infrastructure, this is Not Applicable. This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, in the Server list, verify the IP address or the FQDN and the port of the CTD server is populated. If the IP address/FQDN and port of the CTD being used is not populated, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, in the Server list, populate the IP address/FQDN and port of the CTD being used.

Additional Identifiers

Rule ID: SV-222003r961863_rule

Vulnerability ID: V-222003

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.