TIE 3.0.0 introduces a feature to integrate third-party reputation providers, known as External Reputation. This article provides information about the endpoint side prerequisites that are needed to use the External Reputation feature end-to-end.
The TIE Server side of integrating an External Reputation provider is defined in the “Enhancing TIE with External Reputation provider with OpenDXL” section of TIE 3.0.0
Product Guide.
After the integration is performed, TIE Server reputation responses include the third-party information, but you must perform a few configurations on the Endpoint Security side.
Endpoint side prerequisites to integrate External Provider end-to-end:
- TIE and ATP Rule Content Update 1006 or later (Release Notes):
- Go to ePO Server Settings, Adaptive Threat Protection, Edit, Enable Rule 253.
- Identify the malicious or safe files based on the third-party reputation provider scores.
- Endpoint Security Platform minimum versions:
