How to Install Threat intelligence exchange Server

4.6/5 - (23 votes)

Today I will show you how to install threat intelligence exchange server in hyper-v you can also install it in VMware workstation, ESXi and etc. I am installing in hyper-v with tie Data Exchange Layer DXL and active response MAR by ISO file.

Threat Intelligence Exchange flow network
Threat Intelligence Exchange network ports

What is Threat intelligence exchange?

So basically if you execute any file in your system and you don’t know whether that file is good or bad that threat intelligence exchange server is responsible for giving you that brief information about that file this is the good file or bad file based on the hash it will provide you with the file reputation.

Follow the McAfee Threat Intelligence Exchange 3.0.x Installation Guide

ProductsComponents
Required Platform anyoneEsxi/hyper-v/vmware workstation.etc
TIE Server3.0.x.184 or later
MAR Server2.4.4 or Later
DXL Server6.0.0.197 or later
Packages for TIE DXL MARData Exchange Layer Broker 6.0.0
DXL Platform 6.0.0
Endpoint Security Adaptive Threat Protection 10.7.0
Endpoint Security Platform 10.7.0
Endpoint Security Threat Prevention 10.7.0
McAfee Active Response 2.4.4
McAfee Agent for Windows 5.7.7
TIE Platform 3.0.3
TIE Server 3.0.3
Extensions for Marmar-client 2.4.4.404
mar-license 2.4.4.404
mar-packages 2.4.4.106
mar-server 2.4.4.419
mar-ui 2.4.4.404
mar-workspace 2.4.4.112
Extensions for TIEMcAfee TIE Server Extension 3.0.3.184
Endpoint Security Adaptive Threat Protection
10.7.0.1197
Threat Detection Reporting 1.0.0.928
Mcafee agent 5.7.x
Extensions for DXLMcAfee DXL Broker Management 6.0.0.259
McAfee DXL Client for ePO 6.0.0.259
McAfee DXL Client Management 6.0.0.259
TIE DXL MAR Server

Create the new virtual machine in Hyper-V and mount the Tie server iso file, If you have a VMware platform you can use TIE ovf temple and directly deploy to your VMware.

If you are using the ISO file for VMware make sure you have to select base OS RedHat Linux 5 to 6 64-bit. Set the hardware configuration according to your environment requirement.

threat intelligence exchange installation

once you deploy the ISO or ovf just power on the machine.

threat intelligence exchange installation vmware

No need to do Anything one this process it will install automatically.

threat intelligence exchange deploy in vmware edited


Installation finishes will show you popups system will shut down in 10 seconds.
Press [Y]
After reboot automatically unmounts the iso file from the disk.

mcafee threat intelligence exchange installation guide edited

Above process the install Tie server from ISO file,

it will start from the disk, don’t do anything it will automatically boot from days within 5 seconds. just wait.

Trellix threat intelligence exchange installation by elearninginfoit edited

After the boot process, it will show you that one window related to the licence agreement just press the [E]

new Trellix threat intelligence exchange installation

Go to the end and accept the licence agreement press [Y]

Trellix threat intelligence exchange installation1

Set the root password for TIE Server (Example:mcafee@123)

Trellix threat intelligence exchange installation2

Create the Operational tie Account (example below mention)

Account name: admin
Real Name: admin
Password: mcafee@123
Verify password: mcafee@123

Trellix threat intelligence exchange installation3

This window is showing you how many NIC cards in your server so basically you have to select your NIC card and press [N]

Trellix threat intelligence exchange installation step by step guide
Trellix threat intelligence exchange installation step-by-step guide

Threat intelligence exchange network configuration

Set the IP address in your type server so there the two options either you can use the DHCP or you can use the static IP as per the best practice always use the static IP,

IP Address, Gateway, DNS, Subnet Mask.

After all, is done press [Y]

new tie server installation
Set The IP Configuration in TIE SERVER

Enter the hostname and fqdn details in your Thai server as below screenshot and press [Y]

set hostname and FQDN in TIE Server
hostname and fqdn for TIE Server installation.

If you have an NTP server basically the time server then you have to put the IP address or fqdn your time server if you don’t have then blank it and Press [Y]

Trellix threat intelligence exchange installation deployements
NTP Server Configuration for TIE Server.

ePO Server detail tie server

Now you have to put your epo server details make sure guys during the tie server installation your EPO server should up because during the tie server installation is real-time synchronised with the epo server.

Note: Under the screenshot all default ports I am using but in your scenario, If you are using the custom port for the agent server wakeup port and the console port 8443 it is something different that has to put 8443 and 8081 as the default ports.
IP address, port number, user account, and password details and Press [Y]

Again Press the [Y] for Certificate fingerprint.

ePO server details enter in the tie server for configuration.
ePO server details enter in the tie server for configuration.

TIE Server Mode Deployment

This is also a very important part I am deploying the threat intelligence exchange server, data exchange layer, and active response server, in one server.

in case you are going to deploy a different server that case you have to select the option yes or no.

Press [Y]

TIE DXL MAR SERVER installation in one server
TIE DXL MAR SERVER Installation in one server

if you want to customise the data exchange layer port you can put it here otherwise you can continue with the 8883 port for the dxl. Press [Y]

DXL port Configuration during the Tie Server installation
DXL port Configuration during the Tie Server installation

TIE DXL MAR Server handshake

Now the final setup is the initialisation and synchronisation with that TIE handshake happened so it will take around 20 to 30 minutes according to your hardware configuration or in case of any error it will also show you during the tie server handshake.

tie server installation
TIE Server handshake
tie server root login
tie server root login

Now the time server is ready for the root login meanwhile you have to also check in the epo server under the server setting and tie topology it should be set as a primary or as a secondary as your requirement for operation mode if it is your new server or first server it should be under the primary.

Configure TIE topology in EPO Server

TIE server topology setup in the epo server
TIE server topology setup in the epo server.
  1. Can we install a tie server on the Windows platform?

    No threat intelligence exchange Server is not supported on the Windows platform and is a customised MLOS designed by McAfee.

  2. Can we install the data exchange layer on the Windows platform?

    yes, you can install the data exchange layer dxl on the Windows platform just check in the package of the data exchange layer platform and the broker creates the client task and applies the windows server.

  3. Can we deploy the tie server without dxl active response?

     without the DXL tie server will not work the active response is not mandatory this is optional but if dxl is required without the DXL tie server will not work.

  4. what is the McAfee MLOS?

    McAfee LINUX operating system is designed by McAfee and the base platform is Linux.

  5.  how to fix the tie handshake error?

     if you don’t have any time server then you have to blank the time server area it will take the time information from your epo it will fix hopefully.

     still, you are getting errors from threat intelligence exchange handshake you have to check on your side during the installation type service tag and dxl broker tag is applied or not if not apply automatically you have to apply it manually.

  6. how to install the tie server in VMware or ESXI?

    there are two ways to install the tie server in your VMware ESXi you can directly deploy the ovf or you can use an ISO file as well.

  7. why I am not able to login tie server as a root?

    the threat intelligence exchange Server is not permitted to directly access the root any putty you have to log in to another account in your Thai server then you can switch users [SU] put the root password and you can access the root directory.


Leave a Reply