How to test Global Threat Intelligence connectivity with Threat Intelligence Exchange
Last Modified: 2023-09-28 08:01:29 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to test Global Threat Intelligence connectivity with Threat Intelligence Exchange
Technical Articles ID:
KB87782
Last Modified: 2023-09-28 08:01:29 Etc/GMT Environment
Threat Intelligence Exchange (TIE) Server - all supported versions For supported environments, see KB83368 - Supported platforms for Threat Intelligence Exchange Server. Summary
This article describes how to test whether the TIE Server has Global Threat Intelligence ( Solution 1
When basic proxy authentication is needed: Test the connection to GTI with the following commands: NOTE: In the TIE Server 4.0 and later versions, the URL used for reputation lookups has changed. Use the following command: Examples:
Enter your password when prompted.
NOTE: With TIE Server 2.2.0, the TIE Server policy settings for a proxy do not include the domain in the username if your proxy doesn't support NTLM v1 authentication.
With TIE Server 2.2.0, if NTLM v1 proxy authentication is needed, use the following: Solution 2
When no proxy authentication is needed, omit the user: Test the connection to GTI with the following commands: NOTE: In the TIE Server 4.0 and later versions, the URL used for reputation lookups has changed. Use the following command:
Example: IMPORTANT: The URL If the test is successful, a message with a connection using port 443 is displayed with no errors. The following are examples of the expected response if the proxy connectivity is successful and depending on the URL used: Example 1
Example 2
If the issuer parameter doesn't match, the proxy or another networking device might be trying to replace the certificate and inspect content at the secured communication. Either disable this option or enable a proxy exclusion to allow the TIE Server to establish a secured connection to the GTI device. Also, look at what type of proxy authentication is needed for your environment.
Solution 3
When a proxy isn't used in the environment, use the commands below to test that the TIE server can reach the GTI servers: curl -kv https://tieserver.rest.gti.trellix.com:443 The response from the GTI servers and certificates must be the same as described above when using a proxy. Affected ProductsLanguages:This article is available in the following languages: |
|