Loading...

Knowledge Center

How to change the GTI reputation refresh frequency for the Threat Intelligence Exchange Server
Technical Articles ID:   KB84089
Last Modified:  10/23/2018
Rated:

Environment

McAfee Threat Intelligence Exchange Server (TIE) 2.x, 1.x

Summary

This article describes how to configure the value set for the TIE Server to refresh its Global Threat Intelligence (GTI) reputation. The refresh process affects only existing reputations. Records that have a status of Not Available for the GTI reputation will not be refreshed.
 
The TIE Server checks for updates to GTI reputation values every hour. During this process all files and certificates that meet the following criteria will be updated:
  • Known Trusted reputation values older than a week (default value)
  • All other reputation values older than 12 hours (default value)
Depending on the number of files and certificates matching the criteria, this hourly process can cause a CPU spike on the master TIE Server.

NOTE: As of TIE Server version 2.1.0, the naming convention for Master and Slave operations changed to Primary and Secondary. For example:
Master becomes Primary
Slave becomes Secondary
Previous versions of TIE Server retain the original Master/Slave designations.

These default values are the recommended setting to properly balance resource usage and detection effectiveness. Having a higher value implies not getting reputation changes in time, a lower value implies more bandwidth usage against GTI plus higher load on the TIE Server.

If you want to change these frequencies, perform the following steps:
  1. Use SSH to connect to the TIE Server as root.
  2. Type the following command and press ENTER:

    vi /opt/McAfee/tieserver/conf/tie.properties
     
  3. To override the non-trusted reputation frequency, find the following entry and change the 720 value (specified in minutes, default is 12 hours * 60 minutes/hour = 720 minutes) to the desired refresh frequency:

    # Default refresh frequency (if not explicitly overridden), default is 12 hours
    repRefresh.defaultFrequency=720
     
  4. To override the Known Trusted reputation frequency, find the following entry and change the 168 value (specified in hours, default is 7 days * 24 hours/day = 168 hours) to the desired refresh frequency:

    repRefresh.frequencies=1:99:100:168:h;2:99:100:168:h
     
  5. Save the changes.
  6. Use the following command to restart the TIE service:

    service tieserver restart

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.