McAfee Threat Intelligence Exchange Software

(1)

Release Notes

McAfee Threat Intelligence Exchange 1.0.1

Software

Contents

About this release Installation instructions New features

Resolved issues Known issues

Product documentation

About this release

This document contains important information about the current release. We strongly recommend that you read the entire document.

McAfee®

Threat Intelligence Exchange (TIE) and the Data Exchange Layer (DXL) provide context-aware adaptive security for your network environment. It quickly analyzes files and content from several sources in your environment and makes informed security decisions based on a file's reputation and your specific criteria. It determines if there is a threat and stops it from spreading if it is.

Installation instructions

For information about installing Threat Intelligence Exchange and its components for the first time, see the McAfee Threat Intelligence Exchange 1.0.0 Installation Guide.

In the Installation Guide, some files are named with a 1.0 version number. The following file names are now versioned for this upgrade release: McAfee Data Exchange Layer 1.0.1 and McAfee Threat

(2)

Upgrading to 1.0.1

To upgrade from Threat Intelligence Exchange version 1.0.0 to version 1.0.1, install the updated product files into ePolicy Orchestrator.

Before upgrading to Threat Intelligence Exchange 1.0.1, create a snapshot of your virtual machine in the VMware vSphere Client. For details about creating a snapshot, see the VMware vSphere

documentation.

Use one of these methods to install the 1.0.1 product files:

• The Software Manager contains the McAfee Threat Intelligence Exchange 1.0.1 and McAfee Data Exchange Layer 1.0.1 products. Select each product to view and install the component files. • To install manually, download the Threat Intelligence Exchange 1.0.1 files and the Data Exchange

Layer 1.0.1 files from the McAfee product download website. Then check the files into the Master Repository.

Follow the steps below to deploy the 1.0.1 product files, upgrade the Threat Intelligence Exchange extensions, and verify the installation.

Upgrade the extensions

Install the Threat Intelligence Exchange and Data Exchange Layer 1.0.1 product extensions.

Task

For option definitions, click ? in the interface.

1 Select Menu | Software | Extensions.

2 Click Install Extension and install the extensions in the following order:

a DXL Broker Management

b DXL Client

c DXL Client Management

d TIE Server Management

Check in the upgrade packages

Check in the Threat Intelligence Exchange and Data Exchange Layer packages to the Master Repository in McAfee ePO.

Task

1 Select Menu | Master Repository, then click Check In Package.

2 Check in the following 1.0.1 packages: • TIE Platform

(3)

Task

1 Select Menu | Policy | Client Task Catalog.

2 Select McAfee Agent, then click New Task.

3 In the New Task window, select Product Deployment, then click OK.

4 Complete the new deployment information. For the Target platforms option, make sure that only McAfee

Linux OS is selected. Create a ask for each package. Packages must be upgraded in the following

order:

a TIE Platform

b TIE Server c DXL Broker

5 Save the task and run it against the Threat Intelligence Exchange server.

If the TIE Platform package does not deploy successfully, stop and call Technical Support and have the log file information ready. You cannot continue until the TIE Platform package is successfully installed. Log files are located here:

TIE Platform: /var/log/TIEPlatform-1.0.1-<build_number>.log TIE Server: /var/log/tieserver-1.0.1-<build_number>.log

Upgrade the Data Exchange Layer client

Upgrade the DXL client to 1.0.1 on each of your managed systems.

Task

1 Select Menu | Policy | Client Task Catalog.

2 Select McAfee Agent, then click New Task.

3 In the New Task window, select Product Deployment, then click OK.

4 Complete the new deployment information.

• From the Products and components list, select the Data Exchange Layer Client.

5 Save the task and run it on each of your managed systems.

Verify the installation

(4)

Task

1 In the System Tree, click the Threat Intelligence Exchange server name, then click the Products tab. Verify that the following components are listed with the 1.0.1 version number:

• McAfee DXL Broker • McAfee DXL Client

• McAfee Threat Intelligence Exchange Server

2 On managed endpoints, verify that the Data Exchange Layer client version 1.0.1 is installed.

New features

This release of the product includes these new features.

Additional characters can be used in the Postgres read-only password

When installing the Threat Intelligence Exchange server appliance and creating the Postgres read-only account password, you can now use additional characters. The password can contain any printable characters found on a standard keyboard (ASCII characters 33 -126).

Add reputation information from Advanced Threat Defense to the Threat

Intelligence Exchange database

There is a new option on the Threat Intelligence Exchange Server Management Policy page: Accept ATD

reputations for files not yet seen by TIE. When McAfee® Advanced Threat Defense detects a file's reputation and sends that information to the Threat Intelligence Exchange server, the information is added to the Threat Intelligence Exchange database. This enables threat information seen by ATD and not yet seen by Threat Intelligence Exchange to be added to the database.

Resolved issues

These issues are resolved in this release of the product.

Threat Intelligence Exchange resolved issues

Issue — The quotation characters do not display correctly on the TIE Reputations page for a file or

certificate's Enterprise Reputation. (1015725)

Resolution — This issue is fixed.

Issue — The Threat Intelligence Exchange database performance can be slow if several reputation

requests are made for the same file simultaneously. (1015674)

(5)

Resolution — The Postgress account password can now contain all printable characters found on a

standard keyboard (ASCII characters 33 -126). See the New Features topic for details.

Issue — The maximum number of files or certificates are not being displayed on the TIE Reputations

page. (1016059)

Issue — When a firewall blocks access to the configured Global Threat Intelligence (GTI) URL, the

initialization takes a long time and delays the response from the server, which cause TIE clients to time out into offline mode. (1010773)

Issue — Add reputation information from Advanced Threat Defense to the Threat Intelligence

Exchange database. (1010688)

Resolution — This issue is fixed. See the New Features topic for details.

Issue — When accessing file information in VirusTotal, the current date information does not display.

(1016441)

Data Exchange Layer resolved issues

Issue — Changes made to the Published System Name in the Server Settings | DXL Topology page are not saved

when the user clicks Save. (1012958)

Resolution — Clicking Save now saves all changes made to the DXL Topology page.

Issue — An upgrade is needed to the OpenSSL version used with Threat Intelligence Exchange 1.0.

(1014885)

Resolution — The latest version of OpenSSL v1.0.1j is included with this release of Threat

Intelligence Exchange.

Issue — If you deployed the Data Exchange Layer client on a system using CentOS 6.6 (32 bits), the

yum database is corrupt. (1021442)

Resolution — This issue is fixed. Issue — Changes to the McAfee®

Agent GUID do not trigger a new request for a certificate in the Data Exchange Layer. (1025569)

Resolution — This issue is fixed. Changes to the McAfee®

Agent GUID trigger a new request for a Data Exchange Layer certificate.

Known issues

(6)

Upgrading to Data Exchange Layer 1.0.1

If the Threat Intelligence Exchange server version is 1.0.0, and you upgrade the Data Exchange Layer (DXL) extension to version 1.0.1, Java DXL 1.0 clients are unable to receive DXL client policies. If you upgrade the DXL extension to version 1.0.1, you must upgrade the Threat Intelligence Exchange server to version 1.0.1 to get DXL client policies.

Product documentation

Every McAfee product has a comprehensive set of documentation.

Threat Intelligence Exchange Installation Guide — Includes information about requirements, and steps

for installing the Threat Intelligence Exchange server, the module for VirusScan Enterprise, and the Data Exchange Layer client.

Threat Intelligence Exchange Product Guide — Includes information about using the Threat

Intelligence Exchange server, the module for VirusScan Enterprise and the Data Exchange Layer client.

Help — All pages in the Threat Intelligence Exchange product user interface have context-sensitive

Help that describes each field on the page.