Today I will show you how to install threat intelligence exchange server in hyper-v you can also install it in a VMware workstation, ESXi and etc. I am installing hyper-v with tie Data Exchange Layer DXL and active response MAR by ISO file.
Table of Contents
What is a threat intelligence exchange?
So basically if you execute any file in your system and you don’t know whether that file is good or bad that threat intelligence exchange server is responsible for giving you that brief information about that file this is the good file or bad file based on the hash it will provide you with the file reputation.
Follow the McAfee Threat Intelligence Exchange 3.0.x Installation Guide
| Products | Components |
|---|---|
| Required Platform anyone | Esxi/hyper-v/vmware workstation.etc |
| TIE Server | 3.0.x.184 or later |
| MAR Server | 2.4.4 or Later |
| DXL Server | 6.0.0.197 or later |
| Packages for TIE DXL MAR | Data Exchange Layer Broker 6.0.0 DXL Platform 6.0.0 Endpoint Security Adaptive Threat Protection 10.7.0 Endpoint Security Platform 10.7.0 Endpoint Security Threat Prevention 10.7.0 McAfee Active Response 2.4.4 McAfee Agent for Windows 5.7.7 TIE Platform 3.0.3 TIE Server 3.0.3 |
| Extensions for Mar | mar-client 2.4.4.404 mar-license 2.4.4.404 mar-packages 2.4.4.106 mar-server 2.4.4.419 mar-ui 2.4.4.404 mar-workspace 2.4.4.112 |
| Extensions for TIE | McAfee TIE Server Extension 3.0.3.184 Endpoint Security Adaptive Threat Protection 10.7.0.1197 Threat Detection Reporting 1.0.0.928 Mcafee agent 5.7.x |
| Extensions for DXL | McAfee DXL Broker Management 6.0.0.259 McAfee DXL Client for ePO 6.0.0.259 McAfee DXL Client Management 6.0.0.259 |
Create the new virtual machine in Hyper-V and mount the Tie server iso file, If you have a VMware platform you can use TIE ovf temple and directly deploy to your VMware.
If you are using the ISO file for VMware make sure you have to select the base OS RedHat Linux 5 to 6 64-bit. Set the hardware configuration according to your environment requirement.
once you deploy the ISO or ovf just power on the machine.
No need to do Anything one this process it will install automatically.
Installation finishes will show you popups system will shut down in 10 seconds.
Press [Y]
After reboot automatically unmounts the iso file from the disk.
Above process the install Tie server from ISO file,
it will start from the disk, don’t do anything it will automatically boot from days within 5 seconds. just wait.
After the boot process, it will show you one window related to the licence agreement just press the [E]
Go to the end and accept the licence agreement press [Y]
Set the root password for TIE Server (Example:mcafee@123)
Create the Operational tie Account (example below mention)
Account name: admin
Real Name: admin
Password: mcafee@123
Verify password: mcafee@123
This window shows you how many NIC cards are in your server so basically, you have to select your NIC card and press [N]
Threat intelligence exchange network configuration
Set the IP address in your type server so there the two options either you can use the DHCP or you can use the static IP as per the best practice always use the static IP,
IP Address, Gateway, DNS, Subnet Mask.
After all, is done press [Y]
Enter the hostname and fqdn details in your Thai server as below screenshot and press [Y]
If you have an NTP server basically the time server then you have to put the IP address or fqdn your time server if you don’t have then blank it and Press [Y]
ePO Server detail tie server
Now you have to put your epo server details make sure guys during the tie server installation your EPO server should be up because during the tie server installation is real-time synchronised with the epo server.
Note: Under the screenshot all default ports I am using but in your scenario, If you are using the custom port for the agent server wakeup port and the console port 8443 it is something different that has to put 8443 and 8081 as the default ports.
IP address, port number, user account, and password details and Press [Y]
Again Press the [Y] for the Certificate fingerprint.
TIE Server Mode Deployment
This is also a very important part I am deploying the threat intelligence exchange server, data exchange layer, and active response server, in one server.
in case you are going to deploy a different server that case you have to select the option yes or no.
Press [Y]
if you want to customise the data exchange layer port you can put it here otherwise you can continue with the 8883 port for the dxl. Press [Y]
TIE DXL MAR Server handshake
Now the final setup is the initialisation and synchronisation with that TIE handshake happened so it will take around 20 to 30 minutes according to your hardware configuration or in case of any error it will also show you during the tie server handshake.
Now the time server is ready for the root login meanwhile you have to also check in the epo server under the server setting and tie topology it should be set as a primary or as a secondary as your requirement for operation mode if it is your new server or first server it should be under the primary.
Configure TIE topology in EPO Server
Can we install a tie server on the Windows platform?
No threat intelligence exchange Server is not supported on the Windows platform and is a customised MLOS designed by McAfee.
Can we install the data exchange layer on the Windows platform?
yes, you can install the data exchange layer dxl on the Windows platform just check in the package of the data exchange layer platform and the broker creates the client task and applies the windows server.
Can we deploy the tie server without dxl active response?
without the DXL tie server will not work the active response is not mandatory this is optional but if dxl is required without the DXL tie server will not work.
what is the McAfee MLOS?
McAfee LINUX operating system is designed by McAfee and the base platform is Linux.
how to fix the tie handshake error?
if you don’t have any time server then you have to blank the time server area it will take the time information from your epo it will fix it hopefully.
still, you are getting errors from the threat intelligence exchange handshake you have to check on your side during the installation type service tag and dxl broker tag is applied or not if not applied automatically you have to apply it manually.
how to install the tie server in VMware or ESXI?
there are two ways to install the tie server in your VMware ESXi you can directly deploy the ovf or you can use an ISO file as well.
why I am not able to log in to tie server as a root?
the threat intelligence exchange Server is not permitted to access the root any putty directly you have to log in to another account in your Thai server then you can switch users [SU] put in the root password and you can access the root directory.