Changes to Trellix GTI URLs for Threat Intelligence Exchange
Last Modified: 2023-09-01 13:43:43 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Changes to Trellix GTI URLs for Threat Intelligence Exchange
Technical Articles ID:
KB96275
Last Modified: 2023-09-01 13:43:43 Etc/GMT Environment
Threat Intelligence Exchange (TIE) 3.x
Summary
This article outlines the steps for the existing TIE to migrate from the McAfee GTI domain to the Trellix GTI domain in the TIE Server. Currently, TIE Server 3.0.x and below consume GTI McAfee fully qualified domain names (FQDNs) to communicate with GTI Cloud. Moving forward, the GTI McAfee FQDN must be migrated to the GTI Trellix FQDN. To avoid a disruption in service, ensure your GTI addresses have been updated to the Trellix domain addresses by Q1 2024. The existing TIE 3.x will require manual updates for this new URL. These changes can be completed using a text editor. Solution
Perform the following changes for a TIE Server responsible for reputation lookups and GTI updates (Primary, Secondary, Reputation Cache):
Example line after the change:
gti.rest.client.host=tieserver.rest.gti.trellix.com gti.rest.file.conn.url=https://tieserver.rest.gti.trellix.com/reputation/file-sha256/v1.0 gti.rest.file.client.host=tieserver.rest.gti.trellix.com
NOTE: These changes are already included in the TIE 4.x release. Affected ProductsLanguages:This article is available in the following languages: |
|