Support

Support for business applications

Kaspersky Threat Data Feeds
Kaspersky Threat Data Feeds
Knowledge Base
FAQ Solution overview Contact support Product videos
 
 

How to integrate Kaspersky Threat Data Feeds with Trellix (McAfee) Threat Intelligence Exchange

Latest update: June 14, 2024 ID: 16075
 
 
 
 

Trellix (McAfee) Threat Intelligence Exchange is a reputation broker, aimed to enable adaptive threat detection and response based on local intelligence from security solutions across the organization and global external threat data.

Kaspersky App for Trellix Threat Intelligence Exchange (TIE) pushes indicators and their corresponding context from Malicious Hash Data Feed and Mobile Malicious Hash Data Feed to Trellix TIE.

Trellix TIE, in its turn, instantly shares this collective intelligence across customer’s security ecosystem (endpoints, gateways, network, and data center security solutions) enabling solutions to exchange and act on the shared intelligence. The intelligence is shared across customer’s security ecosystem using Trellix Data Exchange Layer (DXL) and allows security solutions to operate as one to enhance protection throughout the organization. Implementation and operational costs are reduced by connecting Trellix and non-Trellix security solutions to operationalize threat intelligence in real time.

Kaspersky App for Trellix TIE is a Python application. It downloads Kaspersky Data Feeds and adds the contained records to Trellix Threat Intelligence Exchange.

Kaspersky App for Trellix TIE is able to:

  1. Download and filter Kaspersky Data Feeds according to a specific set of parameters defined in its configuration file. By default, Kaspersky App for Trellix TIE downloads Malicious Hash Data Feed and Mobile Malicious Hash Data Feed.
  2. Add new records from Kaspersky Data Feeds to Trellix TIE, update existing records, and change the record reputation status of those records that are no longer in Kaspersky Data Feeds to Not set. By default, Kaspersky App for Trellix TIE includes all records from Kaspersky Data Feeds and adds information about context.

Customers must disable the following option in Trellix ePolicy Orchestrator: “Allow Trellix to collect anonymous data about certificates, file paths, and hashes. This data helps Trellix learn about threats and prioritize what’s allowed or blocked.”

To get the integration package please contact intelligence@kaspersky.com.

 
 
 
 
 
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.