Check: TIDX-BK-000001
Trellix TIE/DXL STIG:
TIDX-BK-000001
(in versions v2 r2 through v1 r0.1)
Title
The McAfee Data Exchange Layer (DXL) Broker Management Broker Keepalive Interval must be set to a minimum of 1 minute. (Cat II impact)
Discussion
The McAfee DXL Broker Keepalive interval determines how often a ping occurs between brokers. The default is 1 minute. If the Threat Intelligence Exchange (TIE) is the only Broker, a keepalive interval of 1 is sufficient.
Check Content
This check needs to be completed for the active McAfee TIE Server Management policy that manages the site McAfee TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Verify the "Broker Keepalive Interval" is set to 1 or more. If the "Broker Keepalive interval" is not set to 1 or more, this is a finding.
Fix Text
From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Set the Broker keepalive to 1 or more.
Additional Identifiers
Rule ID: SV-221989r506938_rule
Vulnerability ID: V-221989
Group Title: SRG-APP-000190
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001133 |
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
Controls
| Number | Title |
|---|---|
| SC-10 |
Network Disconnect |