OpenDXL Phantom 1.2

This solution focuses on threat intelligence sharing with McAfee OpenDXL and the orchestrations platform Phantom.

This App provides the capability to publish Threat Information from Phantom to the McAfee Data Exchange Layer messaging bus. This App supports the following actions:

  1. lookup md5 Hash with McAfee Active Response - lookup md5
  2. push md5 hash into the TIE Database with a reputation score - dxl push md5
  3. push an event over the McAfee DXL fabric - dxl push ip
  4. validate the asset configuration for DXL connectivity - test connectivity

More actions will follow.

Phantom is a community powered security automation and orchestration platform.

Icon made by Daniel Bruce from

  • Version 1.2

    Updated OpenDXL Client Libraries version included.

    Automated certificate creation process during the test connectivity process.

  • Version 1.1.0

    Version 1.1.0 includes an additional action with MAR. This allows to lookup md5 Hashes with McAfee Active Response.

  • Version 1.0.0