This article describes how to configure the value set for the TIE Server to refresh its Global Threat Intelligence (GTI) reputation. The refresh process affects only existing reputations. Records that have a status of Not Available for the GTI reputation are not refreshed. The TIE Server checks for updates to GTI reputation values every hour. During this process all files and certificates that meet the following criteria are updated:

• Known Trusted reputation values older than a week (default value)
• All other reputation values older than 12 hours (default value)

Depending on the number of files and certificates matching the criteria, this hourly process can cause a CPU spike on the master TIE Server.

NOTE: As of TIE Server version 2.1.0, the naming convention for Master and Slave operations changed to Primary and Secondary. For example:

Master becomes Primary
Slave becomes Secondary

Previous versions of TIE Server retain the original Master/Slave designations.

These default values are the recommended setting to properly balance resource use and detection effectiveness. Having a higher value implies not getting reputation changes in time, a lower value implies more bandwidth use against GTI plus higher load on the TIE Server.

If you want to change these frequencies, perform the following steps: