Open BIitzkrieg opened 5 years ago
@BIitzkrieg looks like this issue has been solved with the newest TIE release (TIE 3.0). After running the file_reputation action in Phantom the "where file was used" does not show any additional GUID values anymore.
Could you please check out and confirm. All the best, Martin
Increment of the enterprise count is working as expected, as this is effectively a file reputation request as any other, TIE Server can’t tell what the source of the request is (OpenDXL client or a McAfee product). TIE Server will show the system name (as a link) if it is a system with a valid GUID managed by the ePO. If it's not a valid GUID for a managed system, as in this case for the OpenDXL client, the name will still be shown, but grayed-out and won't be a link.
Not sure if this is the correct place to post this, or if I should contact enterprise support. Every time a file hash is passed to the tie_client.get_file_reputation method, the "enterprise count" of a file increases. Phantom GUID values appear as source of the file. Example code:
Result of "Where file was used" in ePO after multiple runs.