Title

The Trellix Data Exchange Layer (DXL) Client policy for all managed systems Broker Keepalive Intervals must be configured to a minimum of 30 minutes. (Cat II impact)

Discussion

This policy configures the DXL client to verify the connection to the DXL Broker every 30 minutes. The DXL client must be able to reach the DXL broker in order to facilitate full functionality with the Threat Intelligence Exchange (TIE) server. This setting ensures for that connectivity.

Check Content

This check must be completed for the active Trellix DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Broker Keepalive, verify the value for is configured to a minimum of every 30 minutes. If the value for "Broker keepalive interval" is not configured to a minimum of every 30 minutes, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Set the value for "Broker Keepalive Interval" to a minimum of every 30 minutes.

Additional Identifiers

Rule ID: SV-221992r961068_rule

Vulnerability ID: V-221992

Group Title: SRG-APP-000190

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.