How to change reputation scores in Threat Intelligence Exchange
Last Modified: 2023-05-22 05:51:10 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to change reputation scores in Threat Intelligence Exchange
Technical Articles ID:
KB82922
Last Modified: 2023-05-22 05:51:10 Etc/GMT EnvironmentThreat Intelligence Exchange (TIE) Server - all supported versions
For supported environments, see KB83368 - Supported platforms for Threat Intelligence Exchange Server. Summary
If you think that the reputation for a file or certificate needs to be changed, report it to Trellix Labs. To report an issue, see KB68030 - Submit samples to Trellix Advanced Research Center for suspected malware detection failure. You also have the options below to allow, block, and reset the reputation for files and certificates with TIE in your environment:
Solution 1Allow a false detection triggered by a TIE rule
If you have a detection by any of the TIE rules, you can change the reputation of the File or Certificate. Change the reputation by modifying the File or Certificate reputation of a file. Doing so prevents the environment even before the detection is added in the daily definitions. To allow a file, follow these steps:
If you need to allow a certificate, follow these steps:
Solution 2To block a file, follow these steps:
If you need to block a certificate, follow these steps:
Solution 3Reset the local TIE reputation
If you manually change any of the file, or certificate reputation values, you can reset them to their current values. Follow the steps below, if you need to reset the reputation for a file:
If you need to reset the reputation for a certificate, follow these steps:
Affected ProductsLanguages:This article is available in the following languages: |
|