Installation guide
Task
For option definitions, click ? in the interface.
1
In McAfee ePO, click Menu | Policy | Policy Catalog.
2
From the Product drop-down list, click McAfee Threat Intelligence Exchange Server Management 1.0.0, then select
a policy name or an action.
You can create a policy using Default as a template, or copy an existing policy and change it as
needed.
3
On the General tab:
• GTI Reputations — Specify whether to use McAfee GTI to get file reputation. McAfee GTI is used if
the Threat Intelligence Exchange server does not have reputation information for a file, or if the
server is unavailable (offline).
• Proxy Settings for GTI Requests — If you use a web proxy for Internet access and it requires
authentication, enter the proxy information.
• Product Improvement Program — Specify whether to send file and certificate information to McAfee.
For details about what is sent to the McAfee Product Improvement Program, see the Threat
Intelligence Exchange Product Guide.
4
On the Advanced Threat Defense tab, specify whether to send file information to Advanced Threat
Defense for further evaluation. Enter the Advanced Threat Defense server name and access
credentials, available servers, and timeout settings.
For details about how Advanced Threat Defense works with Threat Intelligence Exchange, see the
Threat Intelligence Exchange Product Guide.
Configure Data Exchange Layer brokers
If you installed Data Exchange Layer brokers on more than one system, you can create a hierarchy of
brokers to provide failover protection if any brokers are unavailable.
Brokers can be organized into hubs and service zones that contain one or two brokers.
Brokers — Installed on managed systems and communicate messages between Threat Intelligence
Exchange modules. The network of brokers tracks active clients and dynamically adjusts the message
routing as needed. Brokers can be organized into hubs.
Hubs — Contain one or two brokers that are associated with a specific location. Hubs manage the way
brokers are accessed and provide failover protection in a multi-broker environment. If a hub has two
brokers, both act simultaneously. If one is unavailable, the other continues to function. You can create
as many hubs as needed. A broker, however, can be assigned to only one hub.
Service zones — A service zone is associated with a broker or hub and determines the way brokers are
accessed. For example, if you have multiple Threat Intelligence Exchange servers and brokers in
different geographical locations, you can create service zones of servers and brokers so that local
clients access brokers in their area. Clients in a service zone access brokers in that zone first. If those
brokers are not available, the clients access the brokers in other zones.
1
Installing Threat Intelligence Exchange
Configure Data Exchange Layer brokers
20
McAfee Threat Intelligence Exchange 1.0.0 Installation Guide