- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
This integration is focusing on the automated threat response with McAfee ATD, OpenDXL and Infoblox. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse IP and URL indicators ATD produced and will automatically update Infoblox RPZ rules.
McAfee ATD receives files from multiple sensors like Endpoints, Web Gateways, Network IPS or via Rest API. ATD will perform malware analytics and produce local threat intelligence. After an analysis every IOC will be published via the Data Exchange Layer (topic: /mcafee/event/atd/file/report).
Configuration, Video and Content can be seen under the following github repo:
https://github.com/mohlcyber/OpenDXL-ATD-Infoblox
Re: McAfee ATD updating Infoblox RPZ with DXL Wrapper - DNS Security Integration
Phil, Thanks!