Trellix TIE
Overview
Push OpenCTI file-hash indicators to Trellix TIE reputations over OpenDXL.
The OpenCTI Trellix TIE stream connector pushes OpenCTI file-hash indicators to Trellix Threat Intelligence Exchange (TIE) as enterprise file reputations over the OpenDXL fabric. On each indicator create/update carrying a STIX file-hash pattern, it sets the TIE reputation (configurable trust level) for the MD5/SHA-1/SHA-256 hashes via the OpenDXL TIE client, so Trellix endpoint security can act on the intelligence. This is the standard McAfee/Trellix integration mechanism (Trellix EDR has no outbound IOC REST API). It requires an ePO-provisioned OpenDXL configuration (broker list + client certificate) and covers file/cert hashes only.