Title

The McAfee Data Exchange Layer (DXL) Client policy for all managed systems Broker Keepalive Intervals must be configured to a minimum of 30 minutes. (Cat II impact)

Discussion

This policy configures the DXL client to verify the connection to the DXL Broker every 30 minutes. The DXL client must be able to reach the DXL broker in order to facilitate full functionality with the Threat Intelligence Exchange (TIE) server. This setting ensures for that connectivity.

Check Content

This check needs to be completed for the active McAfee DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions" select Edit for the policy that manages the managed clients. Under Broker Keepalive, verify the value for is configured to a minimum of every 30 minutes. If the value for "Broker keepalive interval" is not configured to a minimum of every 30 minutes, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Set the value for "Broker Keepalive Interval" to a minimum of every 30 minutes.

Additional Identifiers

Rule ID: SV-221992r506938_rule

Vulnerability ID: V-221992

Group Title: SRG-APP-000190

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.