Hello everyone,
I have created a script to change automatically a bunch of hashes to whatever reputation I want. Looks like reputations are properly set in TIE Server and also the reputation is working fine. What I mean by that is that I have tested a HASH changed to KNOWN MALCIOUS over DXL and Antivirus automatically deleted that file. Also I have tested another options, like get_file_reputations and I didn't find any error.
So when I was checking orion.log I saw this ERROR per hash:
ERROR [core-CommandInvoker-thread-33] command.RemediationHistoryChangeReputationCommand - Cannot execute command
com.mcafee.tie.server.ext.exception.TieDxlCommunicationException: Error during request handling. Error code: 0
at com.mcafee.tie.server.ext.service.impl.TieServerDxlCommunicatorImpl.sendTieRequest(TieServerDxlCommunicatorImpl.java:83)
at com.mcafee.tie.server.ext.service.impl.TieServerBaseCommunicatorImpl.doTieRequest(TieServerBaseCommunicatorImpl.java:156)
at com.mcafee.tie.server.ext.service.impl.TieServerBaseCommunicatorImpl.doTieRequest(TieServerBaseCommunicatorImpl.java:129)
at com.mcafee.tie.server.ext.service.impl.TieServerBaseCommunicatorImpl.getFileInfo(TieServerBaseCommunicatorImpl.java:273)
at com.mcafee.tie.server.ext.service.management.TieManagementServiceImpl.getFileInfo(TieManagementServiceImpl.java:72)
at com.intel.edr.service.impl.ReputationServiceImpl.getFileInfoBySha1s(ReputationServiceImpl.java:158)
at com.intel.edr.service.impl.ReputationServiceImpl.getFileInfosBy(ReputationServiceImpl.java:235)
at com.intel.edr.command.RemediationHistoryChangeReputationCommand.runTask(RemediationHistoryChangeReputationCommand.java:90)
at com.intel.edr.command.RemediationHistoryChangeReputationCommand.invoke(RemediationHistoryChangeReputationCommand.java:76)
at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1274)
at com.mcafee.orion.core.cmd.CommandInvoker$AsyncCommandRunner.call(CommandInvoker.java:1150)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
It looks like I have those errors only when the script is changing the reputation and I don't know why since reputations are properly set after the script.
I have tested a bunch of different configurations with the brokers, but the error is still there.
I can provide the code if there is any need to do so.
Can someone explain me why orion.log is genereting those ERRORS?
Thank you for your time