MCAFEE: TIE Threat Exchange 2.0 first look

We were heavy waiting for the TIE 2.X update because we think you should not use 1.3 in Enterprise with a lot of new files daily. You simply could not manage it good with the Reports, Dashboard they had in 1.3.

We have heard the same from Mcafee internals. And for a product at that price range nobody seemed to understand how this was pushed out. We just talk about the Query and Filters and the Interface not

the product itself that has worked. Well let's be fair with the Ransomware Peak and enterprise struggling for solution AND also INTEL/MCAFE/INVESTOR Sales the reason is clear somehow also. Company's wanted a solution quick and NOW!

TIE Server:

Version on TIE Server after upgrade

EPP products and the new TIE release

Short report from our first integration of TIE 2.0

Update went good and is described in the PDF

• Check that you have Framework 5.0.3 on the clients
• Check that you have DXL 2.0
• Make a VMWARE Snapshot of all before you begin (Make a EPO-Snapshot also), Make a SQL DUMP!
• Don't forget to DEFRAG the PostgreSQL DB as mentioned in the documentation (Logon with ROOT SSH and then run the command in fully in one string) *2
• There are Colors and GREEN/RED Button as we wanted now ;-) [Intel Security Ideas Forum: TIE: Want to see in EPO at once if a Executable will RUN flag in GREEN or RED ] Thank you guys!
• You can SORT and see in the TIE Page on first page the LOCAL Reputation and if it will run or not
• You can better sort and have more fields to select

*2 Defrag of POSTGRESQL

One bug found and NO i am not going to OPEN a ticket and upload MER for you lazy Tier 1. Call us if you want the info ;-) And yes send FREE TOTALPROTECTION for us for the BUGS we report you….

 BUG: In the DASHBOARD if you select "Composite Reputation" as add. Field you get this error. Maybe CACHE related but then please advise in UPGRADE Documentation.

 ERROR: Error Message: com.mcafee.orion.core.template.db.exception.ExecuteTransactionException: ERROR: missing FROM-clause entry for table "file_rep_enterprise" Position: 198Error Message: com.mcafee.orion.core.template.db.exception.ExecuteTransactionException: ERROR: missing FROM-clause entry for table "file_rep_enterprise" Position: 198

Not sure if this is any way related to an old problem we had based on older SQL version:

 Butsch.ch | Mcafee EPO: Error after TIE integration on EPO 5.3 in VSE Report

Sample from TIE 2.0

This post was cross posted on MCAFEE Forum:

https://community.mcafee.com/message/421674#421674

Check TIE in general if you don't know what it does:

http://www.butsch.ch/post/Ransomware-Schweiz-Mcafee-TIE-Threat-Intelligence-Exchange-im-Einsatz.aspx