Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

McAfee

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Infoblox & McAfee DXL Integration Templates & Demo Video
[ Edited ]
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello,

 

Security ecosystem tools lack easy access to network data and don’t have visibility into threats detected by DNS security solutions. Being able to detect and respond in real time to network events and threats seen by the DNS protection platform greatly accelerates incident response. However, the lack of easy access to network data inhibits taking the right action based on context. Infoblox integration with McAfee DXL enables ecosystem solutions to take action on network and security events detected by Infoblox and contain threats faster.

 

Infoblox publishes security and networking event topics, along with context over DXL using outbound RESTful application programming interfaces (APIs). This enables DXL topic subscribers to integrate DDI network changes and identified DNS threats within their solutions and trigger response to these events as needed.

 

SIA DXL Task Manager which runs on top of McAfee ePO can subscribe to the Infoblox notifications and convert them into ePO threat events, apply policies and enable remediation actions.

 

Infoblox’s Outbound API integration framework is a new automated way to update both IPAM data (networks, hosts, leases) and DNS threat data into additional ecosystem solutions.

 

Infoblox DDI provides device discovery and single source of truth for devices and networks. It knows when there are changes in the network, such as new devices joining the network, virtual workloads being spun up, or malicious activities detected by the DNS security solution.

 

 

In the attached documents you will find the templates for McAfee integration in PDF and txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production.

 

The templates require an extensible attribute described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attribute

Description

ePO_GUID

The ePO GUID of the object if it is known. The template generates a

random GUID if the EA is not defined or contains an empty value.

DXL_LastEventSentAt

 

Internal attribute.

Provides the last time that an object’s information was sent to McAfee DXL.

 

DXL_Sync

“True or False”

Defines if an object should be sent to McAfee DXL.

 

Re: Infoblox & McAfee DXL Integration Templates & Demo Video
New Member
Posts: 2
Registered: ‎09-07-2018
New Member
Posts: 2

Hi,

 

Thank you very much for those templates.

In the documentation, you are mentionning the ePO extension "SIA DXL Task Manager".

I'm actually struggling on finding this extension.

 

Can you please share where we can get (or purchase) this extension from.

 

Thanks 

Re: Infoblox & McAfee DXL Integration Templates & Demo Video
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello Eric,

 

You will need to talk with your McAfee representative or their support team. Unfortunately, businesses constantly change how their products are licensed and sold and how extensions are handed out so I'm not able to answer your question myself as I'm not a McAfee expert or sales rep. If you got your ePO through a partner or third party then I suggest you start with them, usually they are happy to help and do the leg work for you to keep your continued business.

 

Hopefully this puts you in the right direction and If you have any more questions let me know and I'll do my best to answer them!

 

hope this helps,

Kevin Zettel

Re: Infoblox & McAfee DXL Integration Templates & Demo Video
[ Edited ]
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

It was a separate product, which was hard to find. They builded it in into DXL 5.0.

In the DXL 5.0 Release Notes they mentioned it as:

Advances in automation
Remote commands that are exposed in McAfee ePO or Security Innovation Alliance Partner products can be
called directly over DXL. Invoking remote commands over DXL is useful with automation tasks, whether they are
user-driven (orchestrated), or performed without user involvement (automated). For example, DXL can generate
a McAfee ePO Threat Event, or a DXL event on any topic via an Automatic Response Action.

 

Vadim

Showing results for 
Search instead for 
Did you mean: