Title

The Trellix Advanced Threat Defense (ATD) Poll interval must be configured. (Cat II impact)

Discussion

Trellix ATD is a separate Trellix product which enables organizations to detect advanced, evasive malware and convert threat information into action and protection. It includes additional inspection capabilities that broaden detection and expose evasive threats. It integrates with other Trellix security solutions, one of which is the Trellix TIE server. This requirement is to be configured if the organization has the Trellix ATD solution implemented as part of their security infrastructure.

Check Content

If the organization has not implemented the Trellix ATD as part of their security infrastructure, this is Not Applicable. This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, verify the "Poll interval": under "Connection Settings" is configured. If the "Poll interval:" is not configured, this is a finding.

Fix Text

This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, configure the "Poll interval": under "Connection Settings".

Additional Identifiers

Rule ID: SV-222006r961863_rule

Vulnerability ID: V-222006

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.