Infoblox & McAfee DXL Integration Templates & Demo Video
[ Edited ]
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello,

 

Security ecosystem tools lack easy access to network data and don’t have visibility into threats detected by DNS security solutions. Being able to detect and respond in real time to network events and threats seen by the DNS protection platform greatly accelerates incident response. However, the lack of easy access to network data inhibits taking the right action based on context. Infoblox integration with McAfee DXL enables ecosystem solutions to take action on network and security events detected by Infoblox and contain threats faster.

 

Infoblox publishes security and networking event topics, along with context over DXL using outbound RESTful application programming interfaces (APIs). This enables DXL topic subscribers to integrate DDI network changes and identified DNS threats within their solutions and trigger response to these events as needed.

 

SIA DXL Task Manager which runs on top of McAfee ePO can subscribe to the Infoblox notifications and convert them into ePO threat events, apply policies and enable remediation actions.

 

Infoblox’s Outbound API integration framework is a new automated way to update both IPAM data (networks, hosts, leases) and DNS threat data into additional ecosystem solutions.

 

Infoblox DDI provides device discovery and single source of truth for devices and networks. It knows when there are changes in the network, such as new devices joining the network, virtual workloads being spun up, or malicious activities detected by the DNS security solution.

 

 

In the attached documents you will find the templates for McAfee integration in PDF and txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production.

 

The templates require an extensible attribute described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attribute

Description

ePO_GUID

The ePO GUID of the object if it is known. The template generates a

random GUID if the EA is not defined or contains an empty value.

DXL_LastEventSentAt

 

Internal attribute.

Provides the last time that an object’s information was sent to McAfee DXL.

 

DXL_Sync

“True or False”

Defines if an object should be sent to McAfee DXL.