This article describes how to configure the value set for the TIE Server to refresh its Global Threat Intelligence (GTI) reputation. The refresh process affects only existing reputations. Records that have a status of
Not Available for the GTI reputation are not refreshed.
The TIE Server checks for updates to GTI reputation values every hour. During this process all files and certificates that meet the following criteria are updated:
- Known Trusted reputation values older than a week (default value)
- All other reputation values older than 12 hours (default value)
Depending on the number of files and certificates matching the criteria, this hourly process can cause a CPU spike on the master TIE Server.
NOTE: As of TIE Server version 2.1.0, the naming convention for Master and Slave operations changed to Primary and Secondary. For example:
Master becomes Primary
Slave becomes Secondary
Previous versions of TIE Server retain the original Master/Slave designations.
These default values are the recommended setting to properly balance resource use and detection effectiveness. Having a higher value implies not getting reputation changes in time, a lower value implies more bandwidth use against GTI plus higher load on the TIE Server.
If you want to change these frequencies, perform the following steps:
- Use SSH to connect to the TIE Server as root.
- Type the following command and press Enter:
vi /opt/McAfee/tieserver/conf/tie.properties
- To override the non-trusted reputation frequency, find the following entry and change the 720 value to the wanted refresh frequency. (This value is specified in minutes; the default is 12 hours * 60 minutes/hour = 720 minutes.)
# Default refresh frequency (if not explicitly overridden), default is 12 hours
repRefresh.defaultFrequency=720
- To override the Known Trusted reputation frequency, find the following entry and change the 168 value to the wanted refresh frequency. (This value is specified in hours; the default is 7 days * 24 hours/day = 168 hours.)
repRefresh.frequencies=1:99:100:168:h;2:99:100:168:h
- Save the changes.
- Use the following command to restart the TIE service:
service tieserver restart