What to collect for Threat Intelligent Exchange Server issues
Last Modified: 2022-03-17 11:50:03 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
What to collect for Threat Intelligent Exchange Server issues
Technical Articles ID:
KB92055
Last Modified: 2022-03-17 11:50:03 Etc/GMT Environment
Threat Intelligence Exchange (TIE) Server 3.x, 2.3.x Data Exchange Layer (DXL) 5.x, 4.x SummaryBefore you log a case with Technical Support for the TIE issue, collect the following data:
NOTE:
First enable debug logging on the Sensor device. Modify the client’s policy on the ePO server:
The MER logs from both the client and server are needed if the logging doesn't fully explain the issue. Many times, the data included in the MER is needed. This data includes the following:
3. Screenshots The following screenshots are helpful:
When file data is not being forwarded to the TIE Server, it's recommended that ATP debug logging and issue reproduction are performed. First enable debug logging on the client. Modify the client’s policy on your ePO server:
NOTE: We recommend that the description provided in the raised Service Request is clear and concise for all products. It would help Technical Support resolve the issue at the earliest. Affected ProductsLanguages:This article is available in the following languages: |
|