Open BIitzkrieg opened 5 years ago
mohlcyber
commented
4 years ago @BIitzkrieg looks like this issue has been solved with the newest TIE release (TIE 3.0). After running the file_reputation action in Phantom the "where file was used" does not show any additional GUID values anymore.
Could you please check out and confirm. All the best, Martin
delavegamatias
commented
4 years ago Increment of the enterprise count is working as expected, as this is effectively a file reputation request as any other, TIE Server can’t tell what the source of the request is (OpenDXL client or a McAfee product). TIE Server will show the system name (as a link) if it is a system with a valid GUID managed by the ePO. If it's not a valid GUID for a managed system, as in this case for the OpenDXL client, the name will still be shown, but grayed-out and won't be a link.
Not sure if this is the correct place to post this, or if I should contact enterprise support. Every time a file hash is passed to the tie_client.get_file_reputation method, the "enterprise count" of a file increases. Phantom GUID values appear as source of the file. Example code:
Result of "Where file was used" in ePO after multiple runs.