Network Security Platform v6.0 Page 6
700-2360F00
Release Notes
Earlier, on-demand scans from the Threat Analyzer Host Forensics page was not child admin domain-specific. With this
release, you can also select the child admin domains for which you want to execute a scan.
For details, see Integration Guide.
Integration with McAfee Global Threat Intelligence
McAfee Global Threat Intelligence [GTI] is a global threat correlation engine and intelligence base of global messaging
and communication behavior. McAfee GTI has two components namely, Artemis and TrustedSource. McAfee Artemis
provides file reputation whereas McAfee TrustedSource can provide:
Web reputation
Web categorization
Message reputation
Network connection reputation
McAfee Network Security Manager integrates with McAfee GTI to support the following:
TrustedSource integration for reputation scores: Obtain the reputation and geo-location for each host involved in
an attack (both source and destination). The Manager maps the country codes received from TrustedSource to
country names, and displays in the Threat Analyzer Alerts page.
Important: In most cases, reputation shown on the Threat Analyzer Alerts page will be different from the
information shown by the right-click query option on a specific alert. This is because the TrustedSource web-site
displays web reputation and mail reputation. The reputation displayed on the Manager however, is the network
connection reputation, which is based on a combination of the IP address and protocol/port. Note that the Threat
Analyzer displays web reputation for a destination IP if the destination port is 80. Likewise, mail reputation is shown
for a source IP if the destination port is 25.
GTI Participation: When participation is enabled, you can choose to configure the Manager to periodically send the
following data to McAfee Labs: alert data detail, alert data summary, general setup, and feature usage. McAfee Labs
then uses this data for global threat analysis to provide customers with aggregated data and enhanced threat
information.
When you log onto the Manager for the first time, the GTI Participation page is displayed as part of the Manager
Installation Wizard. You can opt to participate in GTI by setting your preferences in this screen. By default, all the options
are enabled. If you decide to skip making any selection, the Manager will send a reminder after 30 days for enabling GTI
participation.
Important: You must select either Alert Data Details or Alert Data Summary as “Yes” to enable TrustedSource
integration.
Based on your selection(s), the Manager periodically sends the following data to McAfee Labs:
Alert data detail: this provides a complete integration with TrustedSource. When this option is enabled, the
Manager sends detailed data on alerts, alert summary and general information like Manager and signature set
version. The Manager supports configuring a CIDR exclusion list to prevent alert data details from being shared with
TrustedSource for specific hosts.
You must enable this option to view data in the following columns of the Threat Analyzer Alerts page:
Dest Country
Dest Reputation
Src Country
Src Reputation
Alert data summary: Selecting this option also enables integration with TrustedSource. When enabled, the
Manager sends alert summary and general information like Manager and signature set version to McAfee Labs.
You must enable this option to activate the Threat Analyzer right-click menu option on each alert to query McAfee's
http://www.trustedsource.org web-site for details of the source or destination host based on the IP address.
General setup: Selecting this option will send general information about your setup to McAfee Labs.
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals