How to use the Threat Intelligence Exchange Server "set reputation" remote command with the ePolicy Orchestrator Web API
Last Modified: 2022-08-19 20:49:22 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to use the Threat Intelligence Exchange Server "set reputation" remote command with the ePolicy Orchestrator Web API
Technical Articles ID:
KB87695
Last Modified: 2022-08-19 20:49:22 Etc/GMT Environment
Threat Intelligence Exchange (TIE) Server — all supported versions For details of TIE Server supported environments, see KB83368 - Supported platforms for Threat Intelligence Exchange Server. SummaryTIE Server provides a set reputation remote command with the ePolicy Orchestrator (ePO) Web API. It's intended to automate reputation overrides for a given set of files and certificate hashes. Bulk execution is supported and can be audited from the ePO Audit Log. Overrides always have precedence. So, we recommend that you reconcile overrides periodically against other reputations and remove reputations already covered to maintain adaptive capabilities.
The command syntax is
"sha1":"udrarummyjtffybxaflkxzjhpao=", "md5":"gixbyabniwsaanqznfufxe==", "sha256":"icidutgqksorrzjvqsepfmkyiambtbufcckwarjmqth==", "reputation":"99"}] One of the following hash type is mandatory: The following is an example payload that sets the reputation of a single certificate to Known Trusted: "reputation":"99"}]] The attributes Affected ProductsLanguages:This article is available in the following languages: |
|