Installation Guide McAfee Threat Intelligence Exchange 1.0.0 For use with ePolicy Orchestrator 5.1.
COPYRIGHT Copyright © 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc.
Contents 1 Preface 5 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 5 6 Installing Threat Intelligence Exchange 7 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4 McAfee Threat Intelligence Exchange 1.0.
Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience.
Preface Find product documentation Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 6 1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. McAfee Threat Intelligence Exchange 1.0.
1 Installing Threat Intelligence Exchange ® ® ® McAfee Threat Intelligence Exchange has several components. It has a module for McAfee VirusScan Enterprise, a server, and brokers that communicate with the Data Exchange Layer. Install each Threat Intelligence Exchange component in the order presented here.
1 Installing Threat Intelligence Exchange Install the Data Exchange Layer client • • • McAfee ePO 5.1.1 with the following managed product extensions and packages checked in: • VirusScan Enterprise 8.8 Patch 4 and Hotfix 929019 • McAfee Agent 5.0 • McAfee Agent 5.0 extension ® VMware vSphere 5.1.0 with ESXi 5.1 and later The following products on your managed systems: • VirusScan Enterprise 8.8 Patch 4 and Hotfix 929019 • McAfee Agent 5.
Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 1 Task For option definitions, click ? in the interface. • Use one of these methods: • In the Software Manager, click McAfee Data Exchange Layer 1.0, then download or check in the components. • To install manually, download the McAfee Data Exchange Layer 1.0 files from the McAfee product download website. Then check in the Data Exchange Layer package to McAfee ePO.
1 10 Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 5 Read and accept the license agreement. Press Enter several times to view each of the pages. 6 Create a root password for the Threat Intelligence Exchange appliance. The password must be at least nine characters. McAfee Threat Intelligence Exchange 1.0.
Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 7 1 Enter the operational account name, real name, and password, using the Tab key to move to each next field. When finished, press Y to continue. This account has fewer permissions than the root account. The account name is typically something like jsmith and is used to log on to the server. The real name is your full name, for example, John Smith.
1 12 Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 8 One option appears on the Network Selection page; enter N to continue. 9 Select a configuration type, then enter Y to continue. • DHCP — Enter D. • Manual IP address — Enter M, then enter the remaining information. McAfee Threat Intelligence Exchange 1.0.
Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 1 10 Enter the fully qualified host name and domain name of the computer where you are installing the Threat Intelligence Exchange server appliance. Enter Y to continue. 11 Enter up to three Network Time Protocol servers to synchronize the time of the Threat Intelligence Exchange server. Use the default servers listed, or enter the address for up to three servers. Enter Y to continue.
1 Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 12 Enter the IP address or fully qualified domain name, port, and account information for your McAfee ePO server. The user account must have administrator rights. Enter Y to continue. 13 To receive wake-up requests from McAfee ePO, verify the port used by the McAfee Agent on the Threat Intelligence Exchange server. Enter Y to continue.
Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 1 Run this installation multiple times to set up the brokers and servers where you want them. You can install brokers on some systems, a server on a different system, or a broker and server on the same system. You must install at least one broker.
1 Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise • Slave server processes Data Exchange Layer requests exactly like a Master server, using a database that's replicated from the Master database. The Slave server must have access to the Master server. • Reporter is a Slave server that does not process reputation requests.
1 Installing Threat Intelligence Exchange Install Threat Intelligence Exchange server and module for VirusScan Enterprise 17 Do nothing on this page and close it. 18 Verify that the Threat Intelligence Exchange server is provisioned: open the System Tree in McAfee ePO and look in the domain where you installed the server appliance. If provisioned correctly, the server is listed as a managed system.
1 Installing Threat Intelligence Exchange Deploy the Data Exchange Layer client 5 e For the Database name, enter tie. f In the User name and password fields, enter the read-only postgress user name and password that you specified on the PosgresSQL page during the server installation. Click Test Connection. McAfee ePO communicates with the server and retrieves data for the reports and dashboards.
1 Installing Threat Intelligence Exchange Configure the server extension Task For option definitions, click ? in the interface. 1 In the System Tree, click the Threat Intelligence Exchange server name, then click the Products tab. Verify that the following components are listed: • McAfee DXL Broker • McAfee DXL Client • McAfee Threat Intelligence Exchange Server 2 In the System Tree, verify that the TIESERVER tag was applied to the system.
1 Installing Threat Intelligence Exchange Configure Data Exchange Layer brokers Task For option definitions, click ? in the interface. 1 In McAfee ePO, click Menu | Policy | Policy Catalog. 2 From the Product drop-down list, click McAfee Threat Intelligence Exchange Server Management 1.0.0, then select a policy name or an action. You can create a policy using Default as a template, or copy an existing policy and change it as needed.
Installing Threat Intelligence Exchange Configure Data Exchange Layer brokers 1 Task For option definitions, click ? in the interface. 1 Click Menu | Configuration | Server Settings | DXL Topology. 2 On the DXL Topology page, select Edit to create hubs, service zones, and assign brokers. Brokers not assigned to a hub are listed below the hubs. 3 Select an item from the Actions menu to create or delete a hub, or to detach a broker from its current hub. McAfee Threat Intelligence Exchange 1.0.
1 Installing Threat Intelligence Exchange Configure Data Exchange Layer brokers 22 McAfee Threat Intelligence Exchange 1.0.
2 Troubleshooting Find solutions for common issues that might occur during installation. You can also access scripts for reconfiguring the Threat Intelligence Exchange server, Data Exchange Layer brokers, and the McAfee Agent.
2 Troubleshooting Access the log files 7 After the tags are successfully applied, click System Tree, select the Threat Intelligence Exchange server, then click Wake Up Agents. 8 On the Wake Up McAfee Agent page, select Force complete policy and task update, then click OK. Verify that this task completed in the server task log. 9 Click Menu | Configuration | Server Settings, then click DXL ePO Client. a Verify that the Connection State is Connected. If it isn't, repeat steps 5–8.
Troubleshooting Reconfiguring using scripts Script name 2 Description change-hostname Changes the host name of the current server appliance. It restarts the McAfee Agent, the Threat Intelligence Exchange server, and the Data Exchange Layer broker. A reboot is not needed but is recommended. change-services Enables or disables the Threat Intelligence Exchange server and Data Exchange Layer broker.
2 Troubleshooting Reconfiguring using scripts 26 McAfee Threat Intelligence Exchange 1.0.
Index A H about this guide 5 Advanced Threat Defense settings 19 hubs creating 20 organizing brokers 20 B broker configuration 20 C configuration Data Exchange Layer brokers 20 scripts, reconfiguring the server 24 server policy settings 19 VirusTotal, file reputation information 19 conventions and icons used in this guide 5 D Data Exchange Layer configuring brokers 20 deploying 18 hubs 20 installation requirements 7 installing 8 reconfiguring using scripts 24 supported operating systems 7 topology 20
Index R reconfiguration using scripts 24 registered server, creating 17 reports, creating a registered server 17 requirements for installation 7 S scripts for reconfiguring 24 server appliance, installing 9 server policy settings 19 service zones, organizing brokers 20 ServicePortal, finding product documentation 6 settings, configuring the server policy 19 supported operating systems 7 T technical support, finding product information 6 Threat Intelligence Exchange installing 7 troubleshooting the instal
0-00
