Title

The Trellix Threat Intelligence Exchange (TIE) Server Management Global Threat Intelligence (GTI) Reputations must be enabled to get file reputation from the Trellix GTI. (Cat I impact)

Discussion

This setting dictates whether to use the Trellix GTI to get file reputation. Trellix GTI is used if the TIE server does not have reputation information for a file or if the TIE server is unavailable.

Check Content

This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. For TIE servers on the SIPRNet or classified network, GTI must be disabled; therefore this requirement is Not Applicable. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Trellix Global Threat Intelligence" tab. For "GTI Reputation", verify the check box for "Enabled" is selected. If the check box for "Enabled" is not selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Trellix Global Threat Intelligence" tab. For "GTI Reputation", select the check box for "Enabled". Click Save.

Additional Identifiers

Rule ID: SV-222000r1015916_rule

Vulnerability ID: V-222000

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.