McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
This integration is focusing on the automated threat response with McAfee ATD, OpenDXL and Infoblox. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse IP and URL indicators ATD produced and will automatically update Infoblox RPZ rules.
McAfee ATD receives files from multiple sensors like Endpoints, Web Gateways, Network IPS or via Rest API. ATD will perform malware analytics and produce local threat intelligence. After an analysis every IOC will be published via the Data Exchange Layer (topic: /mcafee/event/atd/file/report).
Configuration, Video and Content can be seen under the following github repo:
https://github.com/mohlcyber/OpenDXL-ATD-Infoblox
Answers
-
Phil, Thanks!
0
Categories
- All Categories
- 5.2K Forums
- 4.7K Critical Network Services
- 470 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 275 Resources
- 275 News & Announcements
- Knowledge Base
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 8 Members Hub
- 4 Getting Started with Community
- 4 Community Support