Trellix TIE/DXL STIG Version Comparison

There are 21 differences between versions v2 r2 (April 23, 2021) (the "left" version) and v3 r1 (July 24, 2024) (the "right" version).

Check TIDX-BK-000001 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

The McAfee Trellix Data Exchange Layer (DXL) Broker Management Broker Keepalive Interval must be set to a minimum of 1 one minute.

Check Content

This check must needs to be completed for the active McAfee Trellix TIE Server Management policy that manages the site McAfee Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee Trellix DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee Trellix TIE. Verify the "Broker Keepalive Interval" is set to 1 or more. If the "Broker Keepalive interval" is not set to 1 or more, this is a finding.

Discussion

The McAfee Trellix DXL Broker Keepalive interval determines how often a ping occurs between brokers. The default is 1 one minute. If the Threat Intelligence Exchange (TIE) is the only Broker, a keepalive interval of 1 one is sufficient.

Fix

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee Trellix DXL Broker Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee Trellix TIE. Set the Broker keepalive to 1 or more.