Obtaining all file reputations and hashes

  • Hi all


    My company is currently working with TIE/DXL and have a requirement to obtain all the file hashes and their reputations from TIE. Is there a way to do this through OpenDXL? Basically, for all the files that have been recorded into TIE with their reputation, we want to obtain a list of. For example, one could query TIE to receive a data dump rather, of all the file reputations and hashes. We would then run this app to obtain these periodically. Is there a way this can happen?


    Hope someone can help!

  • Hi-


    Unfortunately, that particular use case is not currently supported via the DXL interface that is exposed by TIE.


    However, you might (I am not a TIE expert) be able to take advantage of TIE’s ability to have a “reporting” DB node, which is a read-only replica of the primary DB. At that point, you could potentially access the DB directly and extract the information you are looking for.


    Hope this helps,

    Chris

  • Hi Vhardy,

    Unfortunately the OpenDXL team doesn't have the information on hand regarding TIE product features (at least the ones unrelated to DXL) .


    We'll see if we can locate documentation regarding TIE's reporting node functionality and let you know as soon as possible. One thing that may help you get started would be the following TIE 2.3.0 Installation Guide: Configure the TIE server extension. Note that the information regarding a "Reporting Secondary" server requires a second deployment of a TIE server.


    There may be additional helpful information in the TIE 2.3.0 Product Guide.


    ---


    - Update -


    This is outside of our wheelhouse, it seems.


    We recommend that you speak with your point of contact in McAfee Support to directly request information on this issue. They should be able to help you more detailed information regarding TIE reporting nodes.