Check: TIDX-BK-000001
Trellix TIE/DXL STIG:
TIDX-BK-000001
(in versions v3 r1 through v2 r3)
Title
The Trellix Data Exchange Layer (DXL) Broker Management Broker Keepalive Interval must be set to a minimum of one minute. (Cat II impact)
Discussion
The Trellix DXL Broker Keepalive interval determines how often a ping occurs between brokers. The default is one minute. If the Threat Intelligence Exchange (TIE) is the only Broker, a keepalive interval of one is sufficient.
Check Content
This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Verify the "Broker Keepalive Interval" is set to 1 or more. If the "Broker Keepalive interval" is not set to 1 or more, this is a finding.
Fix Text
From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Set the Broker keepalive to 1 or more.
Additional Identifiers
Rule ID: SV-221989r961068_rule
Vulnerability ID: V-221989
Group Title: SRG-APP-000190
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001133 |
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
Controls
| Number | Title |
|---|---|
| SC-10 |
Network Disconnect |