THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

McAfee

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
New Member
PRumi
Posts: 2
Registered: ‎12-03-2013

‎04-10-2018 12:15 AM

PRumi
New Member
Posts: 1

This integration is focusing on the automated threat response with McAfee ATD, OpenDXL and Infoblox. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse IP and URL indicators ATD produced and will automatically update Infoblox RPZ rules.

 

McAfee ATD receives files from multiple sensors like Endpoints, Web Gateways, Network IPS or via Rest API. ATD will perform malware analytics and produce local threat intelligence. After an analysis every IOC will be published via the Data Exchange Layer (topic: /mcafee/event/atd/file/report).

 

Configuration, Video and Content can be seen under the following github repo:

 

https://github.com/mohlcyber/OpenDXL-ATD-Infoblox

 

 

Reply
Re: McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
Adviser
Adviser
Vadim
Posts: 172
Registered: ‎09-09-2015

‎04-10-2018 12:24 AM

Vadim
Adviser
Posts: 78

Phil, Thanks!

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: