Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

McAfee

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
New Member
Posts: 2
Registered: ‎12-03-2013
New Member
Posts: 1

This integration is focusing on the automated threat response with McAfee ATD, OpenDXL and Infoblox. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse IP and URL indicators ATD produced and will automatically update Infoblox RPZ rules.

 

McAfee ATD receives files from multiple sensors like Endpoints, Web Gateways, Network IPS or via Rest API. ATD will perform malware analytics and produce local threat intelligence. After an analysis every IOC will be published via the Data Exchange Layer (topic: /mcafee/event/atd/file/report).

 

Configuration, Video and Content can be seen under the following github repo:

 

https://github.com/mohlcyber/OpenDXL-ATD-Infoblox

 

 

Re: McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

Phil, Thanks!

Showing results for 
Search instead for 
Did you mean: