Threat Intelligence Exchange Server database maintenance
Last Modified: 2023-02-07 07:20:03 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Threat Intelligence Exchange Server database maintenance
Technical Articles ID:
KB86092
Last Modified: 2023-02-07 07:20:03 Etc/GMT Environment
Threat Intelligence Exchange (TIE) Server 4.x, 3.x
Summary
From TIE 3.0.0 onward, database maintenance tasks are managed via an ePolicy Orchestrator (ePO) Server task TIE Server Data Management and TIE Server Database Maintenance. This article has been updated to reflect that no manual action is needed for these tasks. Backup and restore the TIE Server database Each TIE Server instance holds a full copy of the database, so any secondary TIE Servers run as a backup of the TIE Server Primary instance.
We recommend that you use a Storage Area Network (SAN) to store each TIE Server virtual appliance disk. With the SAN, you can also have periodic snapshots against unexpected failure events at the database level.
To manually backup data, run the following command on your 3.0.x TIE Server Primary instance as root:
To manually backup data, run the following command on your 4.0.x TIE Server Primary instance as root:
To later manually restore data from the backup, perform the following steps on your 3.0.x TIE Server Primary instance as root:
WARNING: The following steps delete all database data. The previous
# service tieserver pg_start # /opt/McAfee/tieserver/postgresql/bin/psql -Umfetie tie tie# update pg_database set datallowconn = true where datname like 'template%'; tie# \q # vi /data/tieserver_pg/pg_hba.conf Replace "local tie mfetie" with "local all mfetie". # service tieserver pg_stop # service tieserver pg_start # /opt/McAfee/tieserver/postgresql/bin/psql -Umfetie template0 template0# DROP DATABASE IF EXISTS tie; template0# CREATE DATABASE tie WITH OWNER mfetie ENCODING 'UTF8' TEMPLATE template0 LC_COLLATE = 'en_US.UTF-8' LC_CTYPE = 'en_US.UTF-8' CONNECTION LIMIT = 1024; template0# \q # /opt/McAfee/tieserver/postgresql/bin/psql -U mfetie tie < /data/tie-backup.sql # /opt/McAfee/tieserver/postgresql/bin/psql -Umfetie tie tie# update pg_database set datallowconn = false where datname like 'template%'; tie# \q # vi /data/tieserver_pg/pg_hba.conf Replace "local all mfetie" with "local tie mfetie". # service tieserver pg_stop # service tieserver start To later manually restore data from the backup, perform the following steps on your 4.0.x TIE Server Primary instance as root:
WARNING: The following steps delete all database data. The previous # service tieserver pg_start # /opt/Trellix/tieserver/postgresql/bin/psql -Umfetie tie tie# update pg_database set datallowconn = true where datname like 'template%'; tie# \q # vi /data/tieserver_pg/pg_hba.conf Replace "local tie mfetie" with "local all mfetie". # service tieserver pg_stop # service tieserver pg_start # /opt/Trellix/tieserver/postgresql/bin/psql -Umfetie template0 template0# DROP DATABASE IF EXISTS tie; template0# CREATE DATABASE tie WITH OWNER mfetie ENCODING 'UTF8' TEMPLATE template0 LC_COLLATE = 'en_US.UTF-8' LC_CTYPE = 'en_US.UTF-8' CONNECTION LIMIT = 1024; template0# \q # /opt/Trellix/tieserver/postgresql/bin/psql -U mfetie tie < /data/tie-backup.sql # /opt/Trellix/tieserver/postgresql/bin/psql -Umfetie tie tie# update pg_database set datallowconn = false where datname like 'template%'; tie# \q # vi /data/tieserver_pg/pg_hba.conf Replace "local all mfetie" with "local tie mfetie". # service tieserver pg_stop If you have one or more secondary TIE Servers, restart the database connection. Run the following command on each secondary server:
Access control to the TIE Server database
By default, read-only external database access is restricted between TIE Server instances. The reason is that the secondary TIE Server reads from the TIE Server primary instance. You can use the
Affected ProductsLanguages:This article is available in the following languages: |
|