OpenDXL ATD MAR Elasticsearch 1.0.0

This solution focuses on automated real-time threat hunting with McAfee ATD, OpenDXL, Active Response and Elasticsearch.

McAfee Advanced Threat Defense produces local threat intelligence that is published via DXL. An OpenDXL wrapper subscribes and parses indicators that ATD produces and executes automated Active Response searches across multiple DXL fabrics. The results are imported into a big data analytic platform.


McAfee Advanced Threat Defense (ATD) is a malware analytics solution combining signatures and behavioral analysis techniques to rapidly identify malicious content and provides the local threat intelligence for this solution. ATD exports IOC data in STIX format in several ways including DXL.


McAfee Active Response (MAR) is an incident response solution that leverage the DXL messaging fabric to support the threat hunting process and provide real time visibility.


Elasticsearch is a search engine that provides a distributed, multitenant-capable full-text search engine. Kibana is an open source data visualization plugin for Elasticsearch that provides visualization capabilities on top of the content indexed on Elasticsearch.