Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange (TIE) combines multiple threat information sources, and instantly shares this data out to all your connected security solutions, including third-party solutions.

This document provides information about the McAfee TIE connector, which facilitates automated interactions with McAfee TIE using FortiSOAR™ playbooks. Add the McAfee TIE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as setting the 'Enterprise' reputation of a specified file and retrieving the reputation for the specified hash from McAfee TIE.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-mcafee-tie

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Set File Reputation Sets the 'Enterprise' reputation of a file that you have specified. set_file_reputation
Investigation
Get File Reputation Retrieves the reputation of a hash that you have specified from McAfee TIE. get_file_reputation
Investigation
Get File References Retrieves the set of systems which have been referenced (generally those that have been executed) for a file that you have specified from McAfee TIE. get_file_references
Investigation

 

Included playbooks

The Sample - McAfee TIE - 1.0.0 playbook collection comes bundled with the McAfee TIE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the McAfee TIE connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange (TIE) combines multiple threat information sources, and instantly shares this data out to all your connected security solutions, including third-party solutions.

This document provides information about the McAfee TIE connector, which facilitates automated interactions with McAfee TIE using FortiSOAR™ playbooks. Add the McAfee TIE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as setting the 'Enterprise' reputation of a specified file and retrieving the reputation for the specified hash from McAfee TIE.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-mcafee-tie

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Set File Reputation Sets the 'Enterprise' reputation of a file that you have specified. set_file_reputation
Investigation
Get File Reputation Retrieves the reputation of a hash that you have specified from McAfee TIE. get_file_reputation
Investigation
Get File References Retrieves the set of systems which have been referenced (generally those that have been executed) for a file that you have specified from McAfee TIE. get_file_references
Investigation

 

Included playbooks

The Sample - McAfee TIE - 1.0.0 playbook collection comes bundled with the McAfee TIE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the McAfee TIE connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.